PyPI - glacis - Versions diffs - 0.1.4__py3-none-any.whl → 0.2.0__py3-none-any.whl - Mend

glacis 0.1.4py3-none-any.whl → 0.2.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

glacis/__init__.py +62 -1
glacis/__main__.py +1 -80
glacis/client.py +60 -31
glacis/config.py +141 -0
glacis/controls/__init__.py +232 -0
glacis/controls/base.py +104 -0
glacis/controls/jailbreak.py +224 -0
glacis/controls/pii.py +855 -0
glacis/crypto.py +70 -1
glacis/integrations/__init__.py +53 -3
glacis/integrations/anthropic.py +207 -142
glacis/integrations/base.py +476 -0
glacis/integrations/openai.py +156 -121
glacis/models.py +209 -16
glacis/storage.py +324 -8
glacis/verify.py +154 -0
glacis-0.2.0.dist-info/METADATA +275 -0
glacis-0.2.0.dist-info/RECORD +21 -0
glacis/wasm/s3p_core_wasi.wasm +0 -0
glacis/wasm_runtime.py +0 -533
glacis-0.1.4.dist-info/METADATA +0 -324
glacis-0.1.4.dist-info/RECORD +0 -16
{glacis-0.1.4.dist-info → glacis-0.2.0.dist-info}/WHEEL +0 -0
{glacis-0.1.4.dist-info → glacis-0.2.0.dist-info}/licenses/LICENSE +0 -0

glacis/integrations/openai.py CHANGED Viewed

@@ -1,53 +1,44 @@
 """
 GLACIS integration for OpenAI.
-Provides an attested OpenAI client wrapper that automatically logs all
-completions to the GLACIS transparency log. Supports both online (server-witnessed)
-and offline (locally-signed) modes.
-Example (online):
-    >>> from glacis.integrations.openai import attested_openai
-    >>> client = attested_openai(glacis_api_key="glsk_live_xxx", openai_api_key="sk-xxx")
-    >>> response = client.chat.completions.create(
-    ...     model="gpt-4",
-    ...     messages=[{"role": "user", "content": "Hello!"}]
+Provides an attested OpenAI client wrapper that automatically:
+1. Runs enabled controls (PII/PHI redaction, jailbreak detection, etc.)
+2. Logs all completions to the GLACIS transparency log
+3. Creates control plane attestations
+Example:
+    >>> from glacis.integrations.openai import attested_openai, get_last_receipt
+    >>> client = attested_openai(
+    ...     openai_api_key="sk-xxx",
+    ...     offline=True,
+    ...     signing_seed=os.urandom(32),
     ... )
-    # Response is automatically attested to GLACIS
-Example (offline):
-    >>> client = attested_openai(openai_api_key="sk-xxx", offline=True, signing_seed=seed)
     >>> response = client.chat.completions.create(
     ...     model="gpt-4o",
-    ...     messages=[{"role": "user", "content": "Hello!"}],
+    ...     messages=[{"role": "user", "content": "Hello!"}]
     ... )
     >>> receipt = get_last_receipt()
 """
 from __future__ import annotations
-import threading
-from typing import TYPE_CHECKING, Any, Optional, Union
+from typing import TYPE_CHECKING, Any, Literal, Optional, Union
+from glacis.integrations.base import (
+    GlacisBlockedError,
+    create_controls_runner,
+    create_glacis_client,
+    get_evidence,
+    get_last_receipt,
+    initialize_config,
+    set_last_receipt,
+    store_evidence,
+    suppress_noisy_loggers,
+)
 if TYPE_CHECKING:
     from openai import OpenAI
-    from glacis.models import AttestReceipt, OfflineAttestReceipt
-# Thread-local storage for the last receipt
-_thread_local = threading.local()
-def get_last_receipt() -> Optional[Union["AttestReceipt", "OfflineAttestReceipt"]]:
-    """
-    Get the last attestation receipt from the current thread.
-    Returns:
-        The last AttestReceipt or OfflineAttestReceipt, or None if no attestation
-        has been made in this thread.
-    """
-    return getattr(_thread_local, "last_receipt", None)
 def attested_openai(
     glacis_api_key: Optional[str] = None,
@@ -55,15 +46,14 @@ def attested_openai(
     glacis_base_url: str = "https://api.glacis.io",
     service_id: str = "openai",
     debug: bool = False,
-    offline: bool = False,
+    offline: Optional[bool] = None,
     signing_seed: Optional[bytes] = None,
+    redaction: Union[bool, Literal["fast", "full"], None] = None,
+    config: Optional[str] = None,
     **openai_kwargs: Any,
 ) -> "OpenAI":
     """
-    Create an attested OpenAI client.
-    All chat completions are automatically attested. Supports both online and offline modes.
-    Note: Streaming is not currently supported.
+    Create an attested OpenAI client with controls (PII redaction, jailbreak detection).
     Args:
         glacis_api_key: GLACIS API key (required for online mode)
@@ -73,36 +63,19 @@ def attested_openai(
         debug: Enable debug logging
         offline: Enable offline mode (local signing, no server)
         signing_seed: 32-byte Ed25519 signing seed (required for offline mode)
+        redaction: PII/PHI redaction mode - "fast", "full", True, False, or None
+        config: Path to glacis.yaml config file
         **openai_kwargs: Additional arguments passed to OpenAI client
     Returns:
         Wrapped OpenAI client
-    Example (online):
-        >>> client = attested_openai(
-        ...     glacis_api_key="glsk_live_xxx",
-        ...     openai_api_key="sk-xxx"
-        ... )
-        >>> response = client.chat.completions.create(
-        ...     model="gpt-4",
-        ...     messages=[{"role": "user", "content": "Hello!"}]
-        ... )
-    Example (offline):
-        >>> import os
-        >>> seed = os.urandom(32)
-        >>> client = attested_openai(
-        ...     openai_api_key="sk-xxx",
-        ...     offline=True,
-        ...     signing_seed=seed,
-        ... )
-        >>> response = client.chat.completions.create(
-        ...     model="gpt-4o",
-        ...     messages=[{"role": "user", "content": "Hello!"}],
-        ... )
-        >>> receipt = get_last_receipt()
-        >>> assert receipt.witness_status == "UNVERIFIED"
+    Raises:
+        GlacisBlockedError: If a control blocks the request
     """
+    # Suppress noisy loggers
+    suppress_noisy_loggers(["openai", "openai._base_client"])
     try:
         from openai import OpenAI
     except ImportError:
@@ -111,25 +84,26 @@ def attested_openai(
             "Install it with: pip install glacis[openai]"
         )
-    from glacis import Glacis
-    # Create Glacis client (online or offline)
-    if offline:
-        if not signing_seed:
-            raise ValueError("signing_seed is required for offline mode")
-        glacis = Glacis(
-            mode="offline",
-            signing_seed=signing_seed,
-            debug=debug,
-        )
-    else:
-        if not glacis_api_key:
-            raise ValueError("glacis_api_key is required for online mode")
-        glacis = Glacis(
-            api_key=glacis_api_key,
-            base_url=glacis_base_url,
-            debug=debug,
-        )
+    # Initialize config and determine modes
+    cfg, effective_offline, effective_service_id = initialize_config(
+        config_path=config,
+        redaction=redaction,
+        offline=offline,
+        glacis_api_key=glacis_api_key,
+        default_service_id="openai",
+        service_id=service_id,
+    )
+    # Create controls runner and Glacis client
+    controls_runner = create_controls_runner(cfg, debug)
+    glacis = create_glacis_client(
+        offline=effective_offline,
+        signing_seed=signing_seed,
+        glacis_api_key=glacis_api_key,
+        glacis_base_url=glacis_base_url,
+        debug=debug,
+    )
     # Create the OpenAI client
     client_kwargs: dict[str, Any] = {**openai_kwargs}
@@ -142,67 +116,128 @@ def attested_openai(
     original_create = client.chat.completions.create
     def attested_create(*args: Any, **kwargs: Any) -> Any:
-        # Check for streaming - not supported
         if kwargs.get("stream", False):
             raise NotImplementedError(
                 "Streaming is not currently supported with attested_openai. "
                 "Use stream=False for now."
             )
-        # Extract input
         messages = kwargs.get("messages", [])
         model = kwargs.get("model", "unknown")
-        # Make the API call
+        # Run controls if enabled
+        if controls_runner:
+            from glacis.integrations.base import (
+                ControlResultsAccumulator,
+                create_control_plane_attestation_from_accumulator,
+                handle_blocked_request,
+                process_text_for_controls,
+            )
+            accumulator = ControlResultsAccumulator()
+            processed_messages = []
+            # Find the last user message index (the new message to check)
+            last_user_idx = -1
+            for i, msg in enumerate(messages):
+                if isinstance(msg, dict) and msg.get("role") == "user":
+                    last_user_idx = i
+            for i, msg in enumerate(messages):
+                role = msg.get("role", "") if isinstance(msg, dict) else ""
+                # Only run controls on the LAST user message (the new one)
+                if (
+                    isinstance(msg, dict)
+                    and isinstance(msg.get("content"), str)
+                    and role == "user"
+                    and i == last_user_idx
+                ):
+                    content = msg["content"]
+                    final_text = process_text_for_controls(controls_runner, content, accumulator)
+                    processed_messages.append({**msg, "content": final_text})
+                else:
+                    processed_messages.append(msg)
+            kwargs["messages"] = processed_messages
+            messages = processed_messages
+            # Build control plane attestation
+            control_plane_results = create_control_plane_attestation_from_accumulator(
+                accumulator, cfg, model, "openai", "chat.completions"
+            )
+            # Check if we need to block BEFORE making the API call
+            if accumulator.should_block:
+                handle_blocked_request(
+                    glacis_client=glacis,
+                    service_id=effective_service_id,
+                    input_data={"model": model, "messages": messages},
+                    control_plane_results=control_plane_results,
+                    provider="openai",
+                    model=model,
+                    jailbreak_score=accumulator.jailbreak_summary.score
+                    if accumulator.jailbreak_summary
+                    else 0.0,
+                    debug=debug,
+                )
+        else:
+            control_plane_results = None
+        # Make the API call (only if not blocked)
         response = original_create(*args, **kwargs)
-        # Attest the response
+        # Build input/output data
+        input_data = {"model": model, "messages": messages}
+        output_data = {
+            "model": response.model,
+            "choices": [
+                {
+                    "message": {"role": c.message.role, "content": c.message.content},
+                    "finish_reason": c.finish_reason,
+                }
+                for c in response.choices
+            ],
+            "usage": {
+                "prompt_tokens": response.usage.prompt_tokens if response.usage else 0,
+                "completion_tokens": response.usage.completion_tokens if response.usage else 0,
+                "total_tokens": response.usage.total_tokens if response.usage else 0,
+            } if response.usage else None,
+        }
+        # Attest and store
         try:
             receipt = glacis.attest(
-                service_id=service_id,
+                service_id=effective_service_id,
                 operation_type="completion",
-                input={
-                    "model": model,
-                    "messages": messages,
-                },
-                output={
-                    "model": response.model,
-                    "choices": [
-                        {
-                            "message": {
-                                "role": c.message.role,
-                                "content": c.message.content,
-                            },
-                            "finish_reason": c.finish_reason,
-                        }
-                        for c in response.choices
-                    ],
-                    "usage": {
-                        "prompt_tokens": (
-                            response.usage.prompt_tokens if response.usage else 0
-                        ),
-                        "completion_tokens": (
-                            response.usage.completion_tokens if response.usage else 0
-                        ),
-                        "total_tokens": (
-                            response.usage.total_tokens if response.usage else 0
-                        ),
-                    }
-                    if response.usage
-                    else None,
-                },
+                input=input_data,
+                output=output_data,
                 metadata={"provider": "openai", "model": model},
+                control_plane_results=control_plane_results,
+            )
+            set_last_receipt(receipt)
+            store_evidence(
+                receipt=receipt,
+                service_id=effective_service_id,
+                operation_type="completion",
+                input_data=input_data,
+                output_data=output_data,
+                control_plane_results=control_plane_results,
+                metadata={"provider": "openai", "model": model},
+                debug=debug,
             )
-            _thread_local.last_receipt = receipt
-            if debug:
-                print(f"[glacis] Attestation created: {receipt.attestation_id}")
         except Exception as e:
             if debug:
                 print(f"[glacis] Attestation failed: {e}")
         return response
-    # Replace the create method
     client.chat.completions.create = attested_create  # type: ignore
     return client
+__all__ = [
+    "attested_openai",
+    "get_last_receipt",
+    "get_evidence",
+    "GlacisBlockedError",
+]

glacis/models.py CHANGED Viewed

@@ -133,6 +133,11 @@ class AttestReceipt(BaseModel):
     epoch_id: Optional[str] = Field(alias="epochId", default=None)
     receipt: Optional[FullReceipt] = Field(default=None, description="Full receipt with proofs")
     verify_url: str = Field(alias="verifyUrl", description="Verification endpoint URL")
+    control_plane_results: Optional["ControlPlaneAttestation"] = Field(
+        alias="controlPlaneResults",
+        default=None,
+        description="Control plane results from executed controls",
+    )
     # Computed properties for convenience
     @property
@@ -182,9 +187,9 @@ class OrgInfo(BaseModel):
 class Verification(BaseModel):
     """Verification details."""
-    signature_valid: bool = Field(alias="signatureValid")
-    proof_valid: bool = Field(alias="proofValid")
-    verified_at: str = Field(alias="verifiedAt")
+    signature_valid: bool = Field(alias="signatureValid", default=False)
+    proof_valid: bool = Field(alias="proofValid", default=False)
+    verified_at: Optional[str] = Field(alias="verifiedAt", default=None)
     class Config:
         populate_by_name = True
@@ -198,9 +203,11 @@ class VerifyResult(BaseModel):
         default=None, description="The attestation entry (if valid)"
     )
     org: Optional[OrgInfo] = Field(default=None, description="Organization info")
-    verification: Verification = Field(description="Verification details")
-    proof: MerkleInclusionProof = Field(description="Merkle proof")
-    tree_head: SignedTreeHead = Field(alias="treeHead", description="Current tree head")
+    verification: Optional[Verification] = Field(default=None, description="Verification details")
+    proof: Optional[MerkleInclusionProof] = Field(default=None, description="Merkle proof")
+    tree_head: Optional[SignedTreeHead] = Field(
+        alias="treeHead", default=None, description="Current tree head"
+    )
     error: Optional[str] = Field(
         default=None, description="Error message if validation failed"
     )
@@ -226,16 +233,18 @@ class LogQueryParams(BaseModel):
 class LogEntry(BaseModel):
     """Log entry in query results."""
-    entry_id: str = Field(alias="entryId")
-    timestamp: str
-    org_id: str = Field(alias="orgId")
+    # Server returns attestationId as the primary identifier
+    attestation_id: str = Field(alias="attestationId")
+    entry_id: Optional[str] = Field(alias="entryId", default=None)
+    timestamp: Optional[str] = None
+    org_id: Optional[str] = Field(alias="orgId", default=None)
     org_name: Optional[str] = Field(alias="orgName", default=None)
-    service_id: str = Field(alias="serviceId")
-    operation_type: str = Field(alias="operationType")
-    payload_hash: str = Field(alias="payloadHash")
-    signature: str
-    leaf_index: int = Field(alias="leafIndex")
-    leaf_hash: str = Field(alias="leafHash")
+    service_id: Optional[str] = Field(alias="serviceId", default=None)
+    operation_type: Optional[str] = Field(alias="operationType", default=None)
+    payload_hash: Optional[str] = Field(alias="payloadHash", default=None)
+    signature: Optional[str] = None
+    leaf_index: Optional[int] = Field(alias="leafIndex", default=None)
+    leaf_hash: Optional[str] = Field(alias="leafHash", default=None)
     class Config:
         populate_by_name = True
@@ -250,7 +259,9 @@ class LogQueryResult(BaseModel):
         alias="nextCursor", default=None, description="Cursor for next page"
     )
     count: int = Field(description="Number of entries returned")
-    tree_head: SignedTreeHead = Field(alias="treeHead", description="Current tree head")
+    tree_head: Optional[SignedTreeHead] = Field(
+        alias="treeHead", default=None, description="Current tree head"
+    )
     class Config:
         populate_by_name = True
@@ -292,6 +303,183 @@ class GlacisRateLimitError(GlacisApiError):
         self.retry_after_ms = retry_after_ms
+# ==============================================================================
+# Control Plane Attestation Models
+# ==============================================================================
+ControlType = Literal[
+    "content_safety",
+    "pii",
+    "jailbreak",
+    "topic",
+    "prompt_security",
+    "grounding",
+    "word_filter",
+    "custom",
+]
+ControlStatus = Literal["pass", "flag", "block", "error"]
+class ModelInfo(BaseModel):
+    """Model information for policy context."""
+    model_id: str = Field(alias="modelId")
+    provider: str
+    system_prompt_hash: Optional[str] = Field(alias="systemPromptHash", default=None)
+    class Config:
+        populate_by_name = True
+class PolicyScope(BaseModel):
+    """Scope for policy application."""
+    tenant_id: str = Field(alias="tenantId")
+    endpoint: str
+    user_class: Optional[str] = Field(alias="userClass", default=None)
+    class Config:
+        populate_by_name = True
+class PolicyContext(BaseModel):
+    """Policy context for attestation."""
+    id: str
+    version: str
+    model: Optional[ModelInfo] = None
+    scope: PolicyScope
+    class Config:
+        populate_by_name = True
+class Determination(BaseModel):
+    """Final determination for the request."""
+    action: Literal["forwarded", "redacted", "blocked"]
+    trigger: Optional[str] = None
+    confidence: float = Field(ge=0.0, le=1.0)
+    class Config:
+        populate_by_name = True
+class ControlExecution(BaseModel):
+    """Record of a control execution."""
+    id: str
+    type: ControlType
+    version: str
+    provider: str  # "aws", "azure", "glacis", "custom", etc.
+    latency_ms: int = Field(alias="latencyMs")
+    status: ControlStatus
+    result_hash: Optional[str] = Field(alias="resultHash", default=None)
+    class Config:
+        populate_by_name = True
+class SafetyScores(BaseModel):
+    """Aggregated safety scores."""
+    overall_risk: float = Field(alias="overallRisk", ge=0.0, le=1.0)
+    scores: dict[str, float] = Field(default_factory=dict)
+    class Config:
+        populate_by_name = True
+class PiiPhiSummary(BaseModel):
+    """Summary of PII/PHI detection and handling.
+    This model captures metadata about PII/PHI detection for attestation.
+    The actual redacted text is stored in evidence, not in the attestation schema.
+    """
+    detected: bool = False
+    action: Literal["none", "redacted", "blocked"] = "none"
+    categories: list[str] = Field(default_factory=list)
+    count: int = 0
+    class Config:
+        populate_by_name = True
+class JailbreakSummary(BaseModel):
+    """Summary of jailbreak/prompt injection detection for attestation.
+    This model captures metadata about jailbreak detection results.
+    The raw model outputs and detailed scores are stored in evidence.
+    """
+    detected: bool = False
+    score: float = Field(default=0.0, ge=0.0, le=1.0, description="Model confidence score")
+    action: Literal["pass", "flag", "block", "log"] = "pass"
+    categories: list[str] = Field(
+        default_factory=list, description="Detection categories (e.g., ['jailbreak'])"
+    )
+    backend: str = Field(default="", description="Backend model used for detection")
+    class Config:
+        populate_by_name = True
+class DeepInspection(BaseModel):
+    """Deep inspection results from L2 verification."""
+    judge_ids: list[str] = Field(alias="judgeIds", default_factory=list)
+    nonconformity_score: float = Field(alias="nonconformityScore", ge=0.0, le=1.0)
+    recommendation: Literal["uphold", "borderline", "escalate"]
+    evaluation_rationale: str = Field(alias="evaluationRationale")
+    class Config:
+        populate_by_name = True
+class SamplingDecision(BaseModel):
+    """Sampling decision details."""
+    sampled: bool
+    reason: Literal["prf", "policy_trigger", "forced"]
+    prf_tag: Optional[str] = Field(alias="prfTag", default=None)
+    rate: float = Field(ge=0.0, le=1.0)
+    class Config:
+        populate_by_name = True
+class SamplingMetadata(BaseModel):
+    """Sampling metadata for attestation level."""
+    level: Literal["L0", "L2"]
+    decision: SamplingDecision
+    class Config:
+        populate_by_name = True
+class ControlPlaneAttestation(BaseModel):
+    """Control plane attestation capturing policy, controls, and safety metadata."""
+    schema_version: Literal["1.0"] = "1.0"
+    policy: PolicyContext
+    determination: Determination
+    controls: list[ControlExecution] = Field(default_factory=list)
+    safety: SafetyScores
+    pii_phi: Optional[PiiPhiSummary] = Field(alias="piiPhi", default=None)
+    jailbreak: Optional[JailbreakSummary] = Field(
+        default=None, description="Jailbreak detection results"
+    )
+    evidence_commitment: Optional[str] = Field(alias="evidenceCommitment", default=None)
+    deep_inspection: Optional[DeepInspection] = Field(alias="deepInspection", default=None)
+    sampling: SamplingMetadata
+    class Config:
+        populate_by_name = True
 # Offline Mode Models
@@ -324,6 +512,11 @@ class OfflineAttestReceipt(BaseModel):
         alias="witnessStatus",
         description="Always UNVERIFIED for offline receipts",
     )
+    control_plane_results: Optional[ControlPlaneAttestation] = Field(
+        alias="controlPlaneResults",
+        default=None,
+        description="Control plane results from executed controls",
+    )
     class Config:
         populate_by_name = True

glacis 0.1.4__py3-none-any.whl → 0.2.0__py3-none-any.whl

glacis 0.1.4py3-none-any.whl → 0.2.0py3-none-any.whl