glacis 0.1.4__tar.gz → 0.2.0__tar.gz

{glacis-0.1.4 → glacis-0.2.0}/.gitignore

@@ -83,3 +83,5 @@ dmypy.json
 *.pem
 .env.local
 .env.*.local
+examples/.env
+tests/*.py

glacis-0.2.0/PKG-INFO

@@ -0,0 +1,275 @@
+Metadata-Version: 2.4
+Name: glacis
+Version: 0.2.0
+Summary: GLACIS SDK for Python - AI Compliance Attestation
+Project-URL: Homepage, https://glacis.io
+Project-URL: Documentation, https://docs.glacis.io/sdk/python
+Project-URL: Repository, https://github.com/Glacis-io/glacis-python
+Project-URL: Issues, https://github.com/Glacis-io/glacis-python/issues
+Author-email: GLACIS <sdk@glacis.io>
+License-Expression: Apache-2.0
+License-File: LICENSE
+Keywords: ai,attestation,compliance,logging,transparency
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.9
+Requires-Dist: httpx>=0.25.0
+Requires-Dist: pydantic>=2.0.0
+Requires-Dist: pynacl>=1.5.0
+Provides-Extra: all
+Requires-Dist: anthropic>=0.18.0; extra == 'all'
+Requires-Dist: mypy>=1.0.0; extra == 'all'
+Requires-Dist: openai>=1.0.0; extra == 'all'
+Requires-Dist: presidio-analyzer>=2.2.0; extra == 'all'
+Requires-Dist: presidio-anonymizer>=2.2.0; extra == 'all'
+Requires-Dist: pytest-asyncio>=0.21.0; extra == 'all'
+Requires-Dist: pytest-httpx>=0.22.0; extra == 'all'
+Requires-Dist: pytest>=7.0.0; extra == 'all'
+Requires-Dist: pyyaml>=6.0.0; extra == 'all'
+Requires-Dist: ruff>=0.1.0; extra == 'all'
+Requires-Dist: spacy>=3.5.0; extra == 'all'
+Requires-Dist: torch>=2.0.0; extra == 'all'
+Requires-Dist: transformers>=4.35.0; extra == 'all'
+Provides-Extra: anthropic
+Requires-Dist: anthropic>=0.18.0; extra == 'anthropic'
+Provides-Extra: controls
+Requires-Dist: presidio-analyzer>=2.2.0; extra == 'controls'
+Requires-Dist: presidio-anonymizer>=2.2.0; extra == 'controls'
+Requires-Dist: pyyaml>=6.0.0; extra == 'controls'
+Requires-Dist: spacy>=3.5.0; extra == 'controls'
+Requires-Dist: torch>=2.0.0; extra == 'controls'
+Requires-Dist: transformers>=4.35.0; extra == 'controls'
+Provides-Extra: dev
+Requires-Dist: mypy>=1.0.0; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.21.0; extra == 'dev'
+Requires-Dist: pytest-httpx>=0.22.0; extra == 'dev'
+Requires-Dist: pytest>=7.0.0; extra == 'dev'
+Requires-Dist: ruff>=0.1.0; extra == 'dev'
+Provides-Extra: jailbreak
+Requires-Dist: pyyaml>=6.0.0; extra == 'jailbreak'
+Requires-Dist: torch>=2.0.0; extra == 'jailbreak'
+Requires-Dist: transformers>=4.35.0; extra == 'jailbreak'
+Provides-Extra: openai
+Requires-Dist: openai>=1.0.0; extra == 'openai'
+Provides-Extra: redaction
+Requires-Dist: presidio-analyzer>=2.2.0; extra == 'redaction'
+Requires-Dist: presidio-anonymizer>=2.2.0; extra == 'redaction'
+Requires-Dist: pyyaml>=6.0.0; extra == 'redaction'
+Requires-Dist: spacy>=3.5.0; extra == 'redaction'
+Description-Content-Type: text/markdown
+
+<p align="center">
+  <img src="assets/glacis-logo.png" alt="Glacis" width="200">
+</p>
+
+# Glacis Python SDK
+
+**Tamper-proof audit logs for AI systems - without exposing sensitive data.**
+
+## The Problem
+
+You need to prove what your AI did for compliance, audits, or legal discovery. But sending prompts and responses to a logging service exposes sensitive data (PII, PHI, trade secrets).
+
+## The Solution
+
+Glacis creates cryptographic proofs of AI operations. Your data stays local - only a SHA-256 hash is sent for witnessing.
+
+```
+Your Infrastructure              Glacis Log
+┌─────────────────────┐         ┌─────────────────────┐
+│ "Pt. Frodo Baggins  │         │ 7a3f8b2c...         │
+│  has diabetes"      │  ──→    │ (64-char hash)      │
+│                     │         │ + timestamp         │
+│ (data stays here)   │         │ + Merkle proof      │
+└─────────────────────┘         └─────────────────────┘
+```
+
+Later, you can prove the hash matches your local records without revealing the data itself.
+
+## Installation
+
+```bash
+pip install glacis[openai]      # For OpenAI
+pip install glacis[anthropic]   # For Anthropic
+pip install glacis[controls]    # Add PII redaction + jailbreak detection
+pip install glacis[all]         # Everything
+```
+
+## Quick Start
+
+### Option 1: Drop-in Wrapper (Recommended)
+
+Replace your OpenAI/Anthropic client with a wrapped version. Every API call is automatically attested.
+
+```python
+import os
+from glacis.integrations.openai import attested_openai, get_last_receipt
+
+# Create wrapped client (offline mode - no Glacis account needed)
+client = attested_openai(
+    openai_api_key="sk-...",
+    offline=True,
+    signing_seed=os.urandom(32),
+)
+
+# Use exactly like the normal OpenAI client
+response = client.chat.completions.create(
+    model="gpt-4",
+    messages=[{"role": "user", "content": "Hello!"}]
+)
+
+# Get the attestation receipt
+receipt = get_last_receipt()
+print(f"Attestation ID: {receipt.attestation_id}")
+```
+
+Works the same for Anthropic:
+
+```python
+from glacis.integrations.anthropic import attested_anthropic, get_last_receipt
+
+client = attested_anthropic(
+    anthropic_api_key="sk-ant-...",
+    offline=True,
+    signing_seed=os.urandom(32),
+)
+```
+
+### Option 2: Direct API
+
+For custom attestations (non-OpenAI/Anthropic, or manual control):
+
+```python
+import os
+from glacis import Glacis
+
+glacis = Glacis(mode="offline", signing_seed=os.urandom(32))
+
+receipt = glacis.attest(
+    service_id="my-ai-app",
+    operation_type="inference",
+    input={"prompt": "Summarize this..."},
+    output={"response": "The document..."},
+)
+```
+
+## Adding PII Redaction
+
+Automatically detect and redact sensitive data before it's hashed:
+
+```python
+client = attested_openai(
+    openai_api_key="sk-...",
+    offline=True,
+    signing_seed=os.urandom(32),
+    redaction="fast",  # Regex-based, or "full" for ML models
+)
+
+response = client.chat.completions.create(
+    model="gpt-4",
+    messages=[{"role": "user", "content": "My SSN is 123-45-6789"}]
+)
+
+# The attestation hash is computed on: "My SSN is [US_SSN]"
+# Original text still sent to OpenAI, but redacted version is attested
+```
+
+## Configuration File
+
+For persistent settings, create `glacis.yaml`:
+
+```yaml
+attestation:
+  offline: true
+  service_id: my-ai-service
+
+controls:
+  pii_phi:
+    enabled: true
+    mode: fast          # "fast" (regex) or "full" (Presidio NER)
+
+  jailbreak:
+    enabled: true
+    threshold: 0.5      # Block prompt injection attempts
+    action: block       # "warn" or "block"
+```
+
+Then:
+
+```python
+client = attested_openai(
+    openai_api_key="sk-...",
+    config_path="glacis.yaml",
+)
+```
+
+## Retrieving Evidence
+
+Full payloads are stored locally for audits:
+
+```python
+from glacis.integrations.openai import get_last_receipt, get_evidence
+
+receipt = get_last_receipt()
+evidence = get_evidence(receipt.attestation_id)
+
+print(evidence["input"])                  # Original input
+print(evidence["output"])                 # Original output
+print(evidence["control_plane_results"])  # PII/jailbreak results
+```
+
+Evidence is stored in `~/.glacis/receipts.db` (SQLite).
+
+## Online vs Offline Mode
+
+| Feature | Offline | Online |
+|---------|---------|--------|
+| Requires Glacis account | No | Yes |
+| Signing | Local Ed25519 | Glacis witness |
+| Third-party verifiable | No | Yes (Merkle proofs) |
+| Use case | Development, air-gapped | Production, audits |
+
+To use online mode:
+
+```python
+client = attested_openai(
+    openai_api_key="sk-...",
+    glacis_api_key="glsk_live_...",  # Get at glacis.io
+)
+```
+
+## What Gets Sent to Glacis?
+
+| Data | Sent? |
+|------|-------|
+| Your prompts | No (hash only) |
+| Model responses | No (hash only) |
+| API keys | No |
+| service_id, operation_type | Yes |
+| Timestamps | Yes |
+
+## CLI
+
+Verify a receipt:
+
+```bash
+python -m glacis verify receipt.json
+```
+
+## Security
+
+- **Hashing**: SHA-256 with RFC 8785 canonical JSON (cross-runtime compatible)
+- **Signing**: Ed25519 via PyNaCl (libsodium)
+- **Online mode**: Merkle tree inclusion proofs (RFC 6962)
+
+## License
+
+Apache 2.0

glacis-0.2.0/README.md

@@ -0,0 +1,207 @@
+<p align="center">
+  <img src="assets/glacis-logo.png" alt="Glacis" width="200">
+</p>
+
+# Glacis Python SDK
+
+**Tamper-proof audit logs for AI systems - without exposing sensitive data.**
+
+## The Problem
+
+You need to prove what your AI did for compliance, audits, or legal discovery. But sending prompts and responses to a logging service exposes sensitive data (PII, PHI, trade secrets).
+
+## The Solution
+
+Glacis creates cryptographic proofs of AI operations. Your data stays local - only a SHA-256 hash is sent for witnessing.
+
+```
+Your Infrastructure              Glacis Log
+┌─────────────────────┐         ┌─────────────────────┐
+│ "Pt. Frodo Baggins  │         │ 7a3f8b2c...         │
+│  has diabetes"      │  ──→    │ (64-char hash)      │
+│                     │         │ + timestamp         │
+│ (data stays here)   │         │ + Merkle proof      │
+└─────────────────────┘         └─────────────────────┘
+```
+
+Later, you can prove the hash matches your local records without revealing the data itself.
+
+## Installation
+
+```bash
+pip install glacis[openai]      # For OpenAI
+pip install glacis[anthropic]   # For Anthropic
+pip install glacis[controls]    # Add PII redaction + jailbreak detection
+pip install glacis[all]         # Everything
+```
+
+## Quick Start
+
+### Option 1: Drop-in Wrapper (Recommended)
+
+Replace your OpenAI/Anthropic client with a wrapped version. Every API call is automatically attested.
+
+```python
+import os
+from glacis.integrations.openai import attested_openai, get_last_receipt
+
+# Create wrapped client (offline mode - no Glacis account needed)
+client = attested_openai(
+    openai_api_key="sk-...",
+    offline=True,
+    signing_seed=os.urandom(32),
+)
+
+# Use exactly like the normal OpenAI client
+response = client.chat.completions.create(
+    model="gpt-4",
+    messages=[{"role": "user", "content": "Hello!"}]
+)
+
+# Get the attestation receipt
+receipt = get_last_receipt()
+print(f"Attestation ID: {receipt.attestation_id}")
+```
+
+Works the same for Anthropic:
+
+```python
+from glacis.integrations.anthropic import attested_anthropic, get_last_receipt
+
+client = attested_anthropic(
+    anthropic_api_key="sk-ant-...",
+    offline=True,
+    signing_seed=os.urandom(32),
+)
+```
+
+### Option 2: Direct API
+
+For custom attestations (non-OpenAI/Anthropic, or manual control):
+
+```python
+import os
+from glacis import Glacis
+
+glacis = Glacis(mode="offline", signing_seed=os.urandom(32))
+
+receipt = glacis.attest(
+    service_id="my-ai-app",
+    operation_type="inference",
+    input={"prompt": "Summarize this..."},
+    output={"response": "The document..."},
+)
+```
+
+## Adding PII Redaction
+
+Automatically detect and redact sensitive data before it's hashed:
+
+```python
+client = attested_openai(
+    openai_api_key="sk-...",
+    offline=True,
+    signing_seed=os.urandom(32),
+    redaction="fast",  # Regex-based, or "full" for ML models
+)
+
+response = client.chat.completions.create(
+    model="gpt-4",
+    messages=[{"role": "user", "content": "My SSN is 123-45-6789"}]
+)
+
+# The attestation hash is computed on: "My SSN is [US_SSN]"
+# Original text still sent to OpenAI, but redacted version is attested
+```
+
+## Configuration File
+
+For persistent settings, create `glacis.yaml`:
+
+```yaml
+attestation:
+  offline: true
+  service_id: my-ai-service
+
+controls:
+  pii_phi:
+    enabled: true
+    mode: fast          # "fast" (regex) or "full" (Presidio NER)
+
+  jailbreak:
+    enabled: true
+    threshold: 0.5      # Block prompt injection attempts
+    action: block       # "warn" or "block"
+```
+
+Then:
+
+```python
+client = attested_openai(
+    openai_api_key="sk-...",
+    config_path="glacis.yaml",
+)
+```
+
+## Retrieving Evidence
+
+Full payloads are stored locally for audits:
+
+```python
+from glacis.integrations.openai import get_last_receipt, get_evidence
+
+receipt = get_last_receipt()
+evidence = get_evidence(receipt.attestation_id)
+
+print(evidence["input"])                  # Original input
+print(evidence["output"])                 # Original output
+print(evidence["control_plane_results"])  # PII/jailbreak results
+```
+
+Evidence is stored in `~/.glacis/receipts.db` (SQLite).
+
+## Online vs Offline Mode
+
+| Feature | Offline | Online |
+|---------|---------|--------|
+| Requires Glacis account | No | Yes |
+| Signing | Local Ed25519 | Glacis witness |
+| Third-party verifiable | No | Yes (Merkle proofs) |
+| Use case | Development, air-gapped | Production, audits |
+
+To use online mode:
+
+```python
+client = attested_openai(
+    openai_api_key="sk-...",
+    glacis_api_key="glsk_live_...",  # Get at glacis.io
+)
+```
+
+## What Gets Sent to Glacis?
+
+| Data | Sent? |
+|------|-------|
+| Your prompts | No (hash only) |
+| Model responses | No (hash only) |
+| API keys | No |
+| service_id, operation_type | Yes |
+| Timestamps | Yes |
+
+## CLI
+
+Verify a receipt:
+
+```bash
+python -m glacis verify receipt.json
+```
+
+## Security
+
+- **Hashing**: SHA-256 with RFC 8785 canonical JSON (cross-runtime compatible)
+- **Signing**: Ed25519 via PyNaCl (libsodium)
+- **Online mode**: Merkle tree inclusion proofs (RFC 6962)
+
+## License
+
+Apache 2.0

{glacis-0.1.4 → glacis-0.2.0}/glacis/__init__.py

@@ -37,6 +37,13 @@ Streaming Example:
     ... })
     >>> await session.attest_chunk(input=audio_chunk, output=transcript)
     >>> receipt = await session.end(metadata={"duration": "00:05:23"})
+
+Controls Example:
+    >>> from glacis.controls import ControlsRunner, PIIControl, JailbreakControl
+    >>> from glacis.config import load_config
+    >>> cfg = load_config()  # Loads glacis.yaml
+    >>> runner = ControlsRunner(cfg.controls)
+    >>> results = runner.run("Patient SSN: 123-45-6789")
 """
 
 from glacis.client import AsyncGlacis, Glacis, GlacisMode
@@ -44,26 +51,56 @@ from glacis.crypto import canonical_json, hash_payload
 from glacis.models import (
     AttestInput,
     AttestReceipt,
+    ControlExecution,
+    ControlPlaneAttestation,
+    ControlStatus,
+    ControlType,
+    Determination,
+    GlacisApiError,
     GlacisConfig,
+    JailbreakSummary,
     LogEntry,
     LogQueryParams,
     LogQueryResult,
     MerkleInclusionProof,
+    ModelInfo,
     OfflineAttestReceipt,
     OfflineVerifyResult,
+    PiiPhiSummary,
+    PolicyContext,
+    PolicyScope,
+    SafetyScores,
+    SamplingDecision,
+    SamplingMetadata,
     SignedTreeHead,
     VerifyResult,
 )
 from glacis.storage import ReceiptStorage
 from glacis.streaming import SessionContext, SessionReceipt, StreamingSession
 
-__version__ = "0.2.0"
+# Controls module (optional dependencies for individual controls)
+try:
+    from glacis.controls import (  # noqa: F401
+        BaseControl,
+        ControlResult,
+        ControlsRunner,
+        JailbreakControl,
+        PIIControl,
+    )
+
+    _CONTROLS_AVAILABLE = True
+except ImportError:
+    _CONTROLS_AVAILABLE = False
+
+__version__ = "0.3.0"
 
 __all__ = [
     # Main classes
     "Glacis",
     "AsyncGlacis",
     "GlacisMode",
+    # Exceptions
+    "GlacisApiError",
     # Streaming
     "StreamingSession",
     "SessionContext",
@@ -82,7 +119,31 @@ __all__ = [
     "LogEntry",
     "MerkleInclusionProof",
     "SignedTreeHead",
+    # Control Plane
+    "ControlPlaneAttestation",
+    "PolicyContext",
+    "PolicyScope",
+    "ModelInfo",
+    "Determination",
+    "ControlExecution",
+    "ControlType",
+    "ControlStatus",
+    "SafetyScores",
+    "PiiPhiSummary",
+    "JailbreakSummary",
+    "SamplingMetadata",
+    "SamplingDecision",
     # Crypto utilities
     "canonical_json",
     "hash_payload",
 ]
+
+# Add controls exports if available
+if _CONTROLS_AVAILABLE:
+    __all__.extend([
+        "BaseControl",
+        "ControlResult",
+        "ControlsRunner",
+        "PIIControl",
+        "JailbreakControl",
+    ])

glacis-0.2.0/glacis/__main__.py

@@ -0,0 +1,11 @@
+"""
+Glacis CLI
+
+Usage:
+    python -m glacis verify <receipt.json>
+"""
+
+from glacis.verify import main
+
+if __name__ == "__main__":
+    main()