iris-security-sdk 0.1.0__tar.gz

iris_security_sdk-0.1.0/PKG-INFO

@@ -0,0 +1,65 @@
+Metadata-Version: 2.4
+Name: iris-security-sdk
+Version: 0.1.0
+Summary: IRIS — AI Agent Governance SDK. Govern AI agents locally.
+License: Apache-2.0
+Project-URL: Homepage, https://github.com/gimartinb/iris-sdk
+Project-URL: Repository, https://github.com/gimartinb/iris-sdk
+Keywords: ai-governance,ai-agents,colorado-ai-act,cedar-policy,llm,compliance
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: iris-security-core>=0.1.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: pydantic>=2.0
+Requires-Dist: click>=8.1
+Requires-Dist: rich>=13.0
+Provides-Extra: anthropic
+Requires-Dist: anthropic>=0.25; extra == "anthropic"
+Provides-Extra: openai
+Requires-Dist: openai>=1.30; extra == "openai"
+Provides-Extra: langchain
+Requires-Dist: langchain>=0.2; extra == "langchain"
+Requires-Dist: langchain-core>=0.2; extra == "langchain"
+Provides-Extra: crewai
+Requires-Dist: crewai>=0.30; extra == "crewai"
+Provides-Extra: all
+Requires-Dist: iris-security-sdk[anthropic,crewai,langchain,openai]; extra == "all"
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.23; extra == "dev"
+Requires-Dist: pytest-cov>=5.0; extra == "dev"
+Requires-Dist: ruff>=0.4; extra == "dev"
+Requires-Dist: mypy>=1.10; extra == "dev"
+
+# iris-security-sdk
+
+IRIS — AI Agent Governance SDK. Govern AI agents locally.
+
+Discover, register, and govern AI agents with Cedar policy evaluation,
+compliance bundles, and local-first governance.
+
+Part of the [IRIS SDK](https://github.com/gimartinb/iris-sdk).
+
+## Install
+
+```bash
+pip install iris-security-sdk
+```
+
+## Optional integrations
+
+```bash
+pip install iris-security-sdk[anthropic]
+pip install iris-security-sdk[openai]
+pip install iris-security-sdk[langchain]
+pip install iris-security-sdk[crewai]
+pip install iris-security-sdk[all]
+```

iris_security_sdk-0.1.0/README.md

@@ -0,0 +1,24 @@
+# iris-security-sdk
+
+IRIS — AI Agent Governance SDK. Govern AI agents locally.
+
+Discover, register, and govern AI agents with Cedar policy evaluation,
+compliance bundles, and local-first governance.
+
+Part of the [IRIS SDK](https://github.com/gimartinb/iris-sdk).
+
+## Install
+
+```bash
+pip install iris-security-sdk
+```
+
+## Optional integrations
+
+```bash
+pip install iris-security-sdk[anthropic]
+pip install iris-security-sdk[openai]
+pip install iris-security-sdk[langchain]
+pip install iris-security-sdk[crewai]
+pip install iris-security-sdk[all]
+```

iris_security_sdk-0.1.0/iris/__init__.py

@@ -0,0 +1,290 @@
+"""
+IRIS Python SDK — AI Agent Governance, fully local.
+
+The primary entry point for Python developers building AI agents.
+Zero cloud infrastructure required. Cedar evaluation runs in-process.
+
+Quickstart:
+    from iris import IrisAgent, iris_guard
+
+    agent = IrisAgent(
+        name="my-agent",
+        owner="platform-team",
+        compliance=["colorado-ai-act"]
+    )
+
+    @iris_guard(agent)
+    def call_payments_api(user_id: str) -> dict:
+        # IRIS intercepts this call and evaluates it against policy
+        ...
+"""
+
+from __future__ import annotations
+from typing import Optional, List, Callable, Any
+from functools import wraps
+from pathlib import Path
+import os
+import sys
+
+# ── Re-export the full public API ──────────────────────────────────────────────
+from iris_core.models.passport import (
+    AgentPassport,
+    DataClassification,
+    Environment,
+    ComplianceTag,
+    ToolPermission,
+)
+from iris_core.models.policy import PolicyResult, Violation, Severity
+from iris_core.engine.cedar import CedarEngine, EvaluationContext
+from iris_core.engine.compiler import PolicyCompiler, CompilationResult
+from iris_core.compliance.registry import ComplianceRegistry
+from iris_core.evidence.vault import EvidenceVault
+
+__version__ = "0.1.0"
+__all__ = [
+    # Main classes
+    "IrisAgent",
+    "iris_guard",
+    "iris_scan",
+    # Models
+    "AgentPassport",
+    "DataClassification",
+    "Environment",
+    "ComplianceTag",
+    "ToolPermission",
+    "EvaluationContext",
+    "PolicyResult",
+    "Violation",
+    "Severity",
+    # Engines
+    "CedarEngine",
+    "PolicyCompiler",
+    "CompilationResult",
+    "ComplianceRegistry",
+    "EvidenceVault",
+]
+
+
+class IrisAgent:
+    """
+    The primary IRIS SDK entry point for Python developers.
+
+    Think of IrisAgent as the agent's passport officer. You declare who
+    the agent is and what it is allowed to do. IRIS handles the rest:
+    policy compilation, runtime evaluation, and compliance reporting.
+
+    Example:
+        agent = IrisAgent(
+            name="support-agent",
+            owner="platform-team@company.com",
+            team="platform",
+            data_classification=DataClassification.PII,
+            compliance=["colorado-ai-act", "soc2"],
+            is_high_risk_ai=True,        # triggers Colorado AI Act checks
+        )
+
+        # Generate policy from natural language intent
+        result = agent.compile_policy(
+            intent="This agent can read support tickets and respond to customers. "
+                   "It must never access payment data or write to any external system."
+        )
+
+        # Use as a decorator on any function that calls an AI tool
+        @agent.guard(tool="zendesk-api", action="read")
+        def fetch_ticket(ticket_id: str) -> dict:
+            ...
+    """
+
+    def __init__(
+        self,
+        name: str,
+        owner: str,
+        team: str = "",
+        data_classification: DataClassification = DataClassification.INTERNAL,
+        compliance: Optional[List[str]] = None,
+        environments: Optional[List[str]] = None,
+        is_high_risk_ai: bool = False,
+        policy_dir: Optional[Path] = None,
+        telemetry: bool = False,          # opt-in only, never default True
+        environment: Optional[str] = None,
+    ):
+        compliance_tags = [ComplianceTag(c) for c in (compliance or [])]
+        envs = [Environment(e) for e in (environments or ["dev", "test", "staging", "production"])]
+        current_env = Environment(environment or os.environ.get("IRIS_ENV", "dev"))
+
+        self.passport = AgentPassport(
+            name=name,
+            owner=owner,
+            team=team,
+            data_classification=data_classification,
+            compliance_tags=compliance_tags,
+            environments=envs,
+            is_high_risk_ai=is_high_risk_ai,
+        )
+
+        self._current_env = current_env
+        self._policy_dir = policy_dir or Path.cwd() / "governance" / "agents" / name
+        self._engine = CedarEngine(policy_dir=self._policy_dir)
+        self._compiler = PolicyCompiler()
+        self._vault = EvidenceVault(agent_id=self.passport.agent_id)
+        self._telemetry = telemetry
+
+        # Load policy if it exists on disk
+        policy_file = self._policy_dir / "policy.cedar"
+        if policy_file.exists():
+            self._engine.load_policy_file(self.passport.agent_id, policy_file)
+
+    def compile_policy(
+        self,
+        intent: str,
+        write_to_disk: bool = True,
+    ) -> CompilationResult:
+        """
+        Compile natural language intent to Cedar policy.
+
+        The developer writes what they want. IRIS writes the Cedar.
+
+        Args:
+            intent: Plain English description of agent permissions.
+            write_to_disk: If True, writes policy.cedar and policy-intent.md
+                           to the governance GitOps directory.
+        """
+        result = self._compiler.compile(intent, self.passport)
+
+        if write_to_disk and result.success:
+            self._policy_dir.mkdir(parents=True, exist_ok=True)
+            (self._policy_dir / "policy.cedar").write_text(result.cedar_policy)
+            (self._policy_dir / "policy-intent.md").write_text(result.intent_markdown)
+            (self._policy_dir / "passport.yaml").write_text(self.passport.to_yaml())
+            self._engine.load_policy(self.passport.agent_id, result.cedar_policy)
+            print(f"[IRIS] Policy compiled and written to {self._policy_dir}")
+
+        return result
+
+    def guard(
+        self,
+        tool: str,
+        action: str = "call",
+        data_region: Optional[str] = None,
+        destination_region: Optional[str] = None,
+        data_classification: Optional[str] = None,
+    ) -> Callable:
+        """
+        Decorator that intercepts function calls and evaluates them against policy.
+
+        This is the sidecar in decorator form. Use it on any function that
+        calls an external tool, API, or data source.
+
+        Example:
+            @agent.guard(tool="payments-api", action="read")
+            def get_payment_status(order_id: str) -> dict:
+                return payments_client.get(order_id)
+        """
+        def decorator(func: Callable) -> Callable:
+            @wraps(func)
+            def wrapper(*args, **kwargs) -> Any:
+                ctx = EvaluationContext(
+                    agent_id=self.passport.agent_id,
+                    action=action,
+                    resource=tool,
+                    resource_type="tool",
+                    environment=self._current_env,
+                    data_region=data_region,
+                    destination_region=destination_region,
+                    data_classification=data_classification,
+                )
+                result = self._engine.evaluate(self.passport, ctx)
+                self._vault.record(ctx, result)
+
+                if result.decision == "DENY":
+                    raise IrisViolationError(result)
+                elif result.decision == "PERMIT_WITH_WARNINGS":
+                    for v in result.violations:
+                        print(f"[IRIS WARNING] {v.message}", file=sys.stderr)
+
+                return func(*args, **kwargs)
+            return wrapper
+        return decorator
+
+    def evaluate(self, context: EvaluationContext) -> PolicyResult:
+        """Direct policy evaluation without the decorator pattern."""
+        result = self._engine.evaluate(self.passport, context)
+        self._vault.record(context, result)
+        return result
+
+    def check_compliance(
+        self,
+        framework: Optional[str] = None,
+    ) -> List[Violation]:
+        """
+        Run a compliance check against the agent's passport and policy.
+        Equivalent to 'iris compliance check' from the CLI.
+        """
+        registry = ComplianceRegistry()
+        return registry.check_passport(
+            self.passport,
+            framework or [t.value for t in self.passport.compliance_tags],
+        )
+
+    @property
+    def is_ready_for_production(self) -> bool:
+        """Quick check: is this agent compliant enough for production?"""
+        violations = self.check_compliance()
+        critical = [v for v in violations if v.severity == Severity.CRITICAL]
+        return len(critical) == 0
+
+
+class IrisViolationError(Exception):
+    """
+    Raised when an agent action is blocked by IRIS policy.
+
+    The structured error is returned to the calling agent with a plain-English
+    explanation of what was blocked and how to remediate.
+    """
+
+    def __init__(self, result: PolicyResult):
+        self.result = result
+        primary = result.violations[0] if result.violations else None
+        message = (
+            f"\n[IRIS POLICY VIOLATION]\n"
+            f"Decision: {result.decision}\n"
+            f"Agent: {result.agent_id}\n"
+            f"Action: {result.action} on {result.resource}\n"
+            f"Environment: {result.environment}\n"
+        )
+        if primary:
+            message += (
+                f"\nViolation: {primary.message}\n"
+                f"Rule: {primary.rule_id}\n"
+                f"Compliance: {', '.join(primary.compliance_refs)}\n"
+                f"Remediation: {primary.remediation}\n"
+            )
+        super().__init__(message)
+
+
+def iris_scan(
+    directory: Optional[Path] = None,
+    framework: Optional[str] = None,
+) -> List[Violation]:
+    """
+    Scan a directory for agent passports and check compliance.
+    Equivalent to 'iris scan' from the CLI.
+
+    This is the traction metric for investors: every developer who runs
+    iris_scan() or 'iris scan' is a weekly active user.
+    """
+    scan_dir = directory or Path.cwd() / "governance"
+    registry = ComplianceRegistry()
+    violations = []
+
+    for passport_file in scan_dir.rglob("passport.yaml"):
+        try:
+            passport = AgentPassport.from_yaml(passport_file.read_text())
+            agent_violations = registry.check_passport(passport, framework)
+            violations.extend(agent_violations)
+            status = "PASS" if not agent_violations else f"FAIL ({len(agent_violations)} violations)"
+            print(f"[IRIS SCAN] {passport.name}: {status}")
+        except Exception as e:
+            print(f"[IRIS SCAN] Could not parse {passport_file}: {e}", file=sys.stderr)
+
+    return violations

iris_security_sdk-0.1.0/iris_security_sdk.egg-info/PKG-INFO

@@ -0,0 +1,65 @@
+Metadata-Version: 2.4
+Name: iris-security-sdk
+Version: 0.1.0
+Summary: IRIS — AI Agent Governance SDK. Govern AI agents locally.
+License: Apache-2.0
+Project-URL: Homepage, https://github.com/gimartinb/iris-sdk
+Project-URL: Repository, https://github.com/gimartinb/iris-sdk
+Keywords: ai-governance,ai-agents,colorado-ai-act,cedar-policy,llm,compliance
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: iris-security-core>=0.1.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: pydantic>=2.0
+Requires-Dist: click>=8.1
+Requires-Dist: rich>=13.0
+Provides-Extra: anthropic
+Requires-Dist: anthropic>=0.25; extra == "anthropic"
+Provides-Extra: openai
+Requires-Dist: openai>=1.30; extra == "openai"
+Provides-Extra: langchain
+Requires-Dist: langchain>=0.2; extra == "langchain"
+Requires-Dist: langchain-core>=0.2; extra == "langchain"
+Provides-Extra: crewai
+Requires-Dist: crewai>=0.30; extra == "crewai"
+Provides-Extra: all
+Requires-Dist: iris-security-sdk[anthropic,crewai,langchain,openai]; extra == "all"
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.23; extra == "dev"
+Requires-Dist: pytest-cov>=5.0; extra == "dev"
+Requires-Dist: ruff>=0.4; extra == "dev"
+Requires-Dist: mypy>=1.10; extra == "dev"
+
+# iris-security-sdk
+
+IRIS — AI Agent Governance SDK. Govern AI agents locally.
+
+Discover, register, and govern AI agents with Cedar policy evaluation,
+compliance bundles, and local-first governance.
+
+Part of the [IRIS SDK](https://github.com/gimartinb/iris-sdk).
+
+## Install
+
+```bash
+pip install iris-security-sdk
+```
+
+## Optional integrations
+
+```bash
+pip install iris-security-sdk[anthropic]
+pip install iris-security-sdk[openai]
+pip install iris-security-sdk[langchain]
+pip install iris-security-sdk[crewai]
+pip install iris-security-sdk[all]
+```

iris_security_sdk-0.1.0/iris_security_sdk.egg-info/SOURCES.txt

@@ -0,0 +1,8 @@
+README.md
+pyproject.toml
+iris/__init__.py
+iris_security_sdk.egg-info/PKG-INFO
+iris_security_sdk.egg-info/SOURCES.txt
+iris_security_sdk.egg-info/dependency_links.txt
+iris_security_sdk.egg-info/requires.txt
+iris_security_sdk.egg-info/top_level.txt

iris_security_sdk-0.1.0/iris_security_sdk.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

iris_security_sdk-0.1.0/iris_security_sdk.egg-info/requires.txt

@@ -0,0 +1,28 @@
+iris-security-core>=0.1.0
+pyyaml>=6.0
+pydantic>=2.0
+click>=8.1
+rich>=13.0
+
+[all]
+iris-security-sdk[anthropic,crewai,langchain,openai]
+
+[anthropic]
+anthropic>=0.25
+
+[crewai]
+crewai>=0.30
+
+[dev]
+pytest>=8.0
+pytest-asyncio>=0.23
+pytest-cov>=5.0
+ruff>=0.4
+mypy>=1.10
+
+[langchain]
+langchain>=0.2
+langchain-core>=0.2
+
+[openai]
+openai>=1.30

iris_security_sdk-0.1.0/iris_security_sdk.egg-info/top_level.txt

@@ -0,0 +1,2 @@
+dist
+iris

iris_security_sdk-0.1.0/pyproject.toml

@@ -0,0 +1,69 @@
+[build-system]
+requires = ["setuptools>=68", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "iris-security-sdk"
+version = "0.1.0"
+description = "IRIS — AI Agent Governance SDK. Govern AI agents locally."
+readme = "README.md"
+license = { text = "Apache-2.0" }
+requires-python = ">=3.10"
+keywords = [
+  "ai-governance",
+  "ai-agents",
+  "colorado-ai-act",
+  "cedar-policy",
+  "llm",
+  "compliance",
+]
+classifiers = [
+  "Development Status :: 3 - Alpha",
+  "Intended Audience :: Developers",
+  "Topic :: Security",
+  "Topic :: Software Development :: Libraries :: Python Modules",
+  "License :: OSI Approved :: Apache Software License",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+]
+dependencies = [
+  "iris-security-core>=0.1.0",
+  "pyyaml>=6.0",
+  "pydantic>=2.0",
+  "click>=8.1",
+  "rich>=13.0",
+]
+
+[project.optional-dependencies]
+anthropic = ["anthropic>=0.25"]
+openai = ["openai>=1.30"]
+langchain = ["langchain>=0.2", "langchain-core>=0.2"]
+crewai = ["crewai>=0.30"]
+all = ["iris-security-sdk[anthropic,openai,langchain,crewai]"]
+dev = [
+  "pytest>=8.0",
+  "pytest-asyncio>=0.23",
+  "pytest-cov>=5.0",
+  "ruff>=0.4",
+  "mypy>=1.10",
+]
+
+[project.urls]
+Homepage = "https://github.com/gimartinb/iris-sdk"
+Repository = "https://github.com/gimartinb/iris-sdk"
+
+[tool.setuptools.packages.find]
+where = ["."]
+
+[tool.ruff]
+line-length = 100
+target-version = "py310"
+
+[tool.mypy]
+python_version = "3.10"
+strict = true
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+asyncio_mode = "auto"

iris_security_sdk-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+