percolation-inversion-compiler 0.4.1__tar.gz

percolation_inversion_compiler-0.4.1/.gitattributes

@@ -0,0 +1,9 @@
+* text=auto eol=lf
+
+*.png binary
+*.jpg binary
+*.jpeg binary
+*.gif binary
+*.ico binary
+*.pdf binary
+*.zip binary

percolation_inversion_compiler-0.4.1/.github/CODEOWNERS

@@ -0,0 +1 @@
+* @kadubon

percolation_inversion_compiler-0.4.1/.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5

percolation_inversion_compiler-0.4.1/.github/workflows/ci.yml

@@ -0,0 +1,131 @@
+name: CI
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Python ${{ matrix.python-version }}
+    runs-on: ubuntu-latest
+    env:
+      UV_PYTHON: ${{ matrix.python-version }}
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.11", "3.12", "3.13", "3.14"]
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        with:
+          persist-credentials: false
+
+      - name: Set up Python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        with:
+          enable-cache: true
+
+      - name: Install dependencies
+        run: uv sync --all-extras --dev --python ${{ matrix.python-version }}
+
+      - name: Ruff lint
+        run: uv run ruff check .
+
+      - name: Ruff format check
+        run: uv run ruff format --check .
+
+      - name: Type check
+        run: uv run mypy src scripts
+
+      - name: Test
+        run: uv run pytest --cov=percolation_inversion_compiler --cov-report=term-missing --cov-fail-under=90
+
+      - name: Build package
+        run: uv build
+
+      - name: Check package metadata
+        run: uv run python -m twine check dist/*.whl dist/*.tar.gz
+
+      - name: Check distribution artifacts
+        run: uv run python scripts/check_distribution_artifacts.py
+
+      - name: CLI smoke tests
+        run: |
+          uv run pic --version
+          uv run pic agent explain
+          uv run pic agent guide --profile development
+          uv run pic agent readiness --profile production
+          uv run pic agent intake --text "Candidate packet: preserve residuals." --profile development
+          uv run pic agent communication-guide --profile development --no-allow-live-connectors
+          uv run pic explain status
+          uv run pic schema --type Judgment
+          uv run pic schema --type TheoryAuditReport
+          uv run pic schema --all --output-dir "$RUNNER_TEMP/schema-smoke"
+          uv run pic provenance create --schema-dir "$RUNNER_TEMP/schema-smoke" --output "$RUNNER_TEMP/provenance.json"
+          uv run pic provenance verify --manifest "$RUNNER_TEMP/provenance.json"
+          uv run pic snapshot list
+          uv run pic snapshot show --artifact trc
+          uv run pic snapshot show --artifact sqot
+          uv run pic snapshot verify --artifact trc
+          uv run pic snapshot verify --artifact sqot
+          uv run pic snapshot routes
+          uv run pic routes bindings
+          uv run pic routes explain --route adapters.domain.verify_trc_telemetry_calibration
+          uv run pic explain external def:null-channel-routing --from-snapshot
+          uv run pic doctor --fail-on never
+          uv run pic doctor --profile production --required-route adapters.domain.verify_trc_telemetry_calibration --fail-on never
+          uv run pic doctor --profile production --fail-on never
+          uv run pic doctor --profile production --provenance "$RUNNER_TEMP/provenance.json" --fail-on fail
+          ! uv run pic provenance verify --manifest "$RUNNER_TEMP/provenance.json" --require-attestation
+          uv run pic validate --registry examples/minimal_registry.json
+          uv run pic evidence verify --envelope examples/evidence_envelope.json --profile production
+          uv run pic evidence discharge --envelope examples/evidence_envelope.json --obligations examples/external_obligations.json --profile production
+          uv run pic check --source tests/fixtures/minimal_claims.tex --strict-projection --derive-status
+          uv run pic parse audit --source tests/fixtures/minimal_claims.tex --strict-grammar
+          uv run pic audit theory --source tests/fixtures/minimal_claims.tex --fail-on projection
+          uv run pic audit theory --source tests/fixtures/minimal_claims.tex --strict-grammar --fail-on projection
+          uv run pic compile --records examples/frontier_records.json --archive-cap 8
+          uv run pic sqot schedule --packets examples/sqot_queue.json --profile production
+          uv run pic ecology policy explain --profile controlled_web
+          uv run pic ecology ingest-general --source examples/agent_network/feed.xml --kind rss
+          uv run pic ecology bridge-runtime --report examples/agent_network/general_intake_report.example.json
+          uv run pic ecology build-edges --packets examples/ecology_packets.json --output "$RUNNER_TEMP/ecology-registry.json"
+          uv run pic ecology psi --registry "$RUNNER_TEMP/ecology-registry.json" --threshold examples/ecology_threshold.json --output "$RUNNER_TEMP/ecology-psi.json"
+          uv run pic ecology plan --registry "$RUNNER_TEMP/ecology-registry.json" --psi "$RUNNER_TEMP/ecology-psi.json" --profile production
+          uv run pic ecology paths --registry "$RUNNER_TEMP/ecology-registry.json" --basin examples/ecpt_basin_contract.json
+          uv run pic ecology verify-edge --registry examples/ecology_packets.json --certificate examples/edge_relation_certificate.json
+          uv run pic ecology loop --state examples/ecology_loop_state.json --agent-output "SQOT reserve packet for ECPT active phase-control"
+          uv run pic runtime step --state examples/runtime_state.json --input examples/runtime_step_input.json --profile production --output "$RUNNER_TEMP/runtime-step.json"
+          uv run pic runtime step --state examples/runtime_state.json --input examples/runtime_step_input_with_evidence.json --profile production --output "$RUNNER_TEMP/runtime-step-evidence.json"
+          uv run pic runtime resolve-evidence --input examples/runtime_step_input_with_evidence.json --profile production --output "$RUNNER_TEMP/runtime-evidence.json"
+          uv run pic runtime execute-task --state examples/runtime_state.json --task examples/runtime_agent_task.json --policy examples/runtime_executor_policy.json --profile production --output "$RUNNER_TEMP/runtime-execute-task.json"
+          uv run pic runtime execute-routes --requests examples/runtime_route_requests.json --evidence-store "$RUNNER_TEMP/evidence-store" --profile development --output "$RUNNER_TEMP/runtime-execute-routes.json"
+          uv run pic runtime store init --store "$RUNNER_TEMP/runtime.sqlite"
+          uv run pic runtime store append --store "$RUNNER_TEMP/runtime.sqlite" --state examples/runtime_state.json
+          uv run pic runtime store load --store "$RUNNER_TEMP/runtime.sqlite" --state-id runtime-demo
+          uv run pic runtime store export --store "$RUNNER_TEMP/runtime.sqlite" --output "$RUNNER_TEMP/runtime-store.json"
+          uv run pic runtime run-agent-loop --state examples/runtime_state.json --inputs examples/runtime_loop_inputs.jsonl --store "$RUNNER_TEMP/runtime-loop.sqlite" --policy examples/runtime_executor_policy.json --profile production --output "$RUNNER_TEMP/runtime-agent-loop.json"
+          uv run pic runtime apply-results --state examples/runtime_state.json --report "$RUNNER_TEMP/runtime-step-evidence.json" --results examples/runtime_action_results.json --output "$RUNNER_TEMP/runtime-next-state.json"
+          uv run pic runtime compare --baseline examples/runtime_baseline_run.json --candidate examples/runtime_candidate_run.json --threshold examples/runtime_threshold.json --output "$RUNNER_TEMP/runtime-comparison.json"
+          uv run pic runtime certify-acceleration --baseline examples/runtime_baseline_run.json --candidate examples/runtime_candidate_run.json --output "$RUNNER_TEMP/runtime-acceleration-certificate.json"
+          uv run pic runtime loop --state examples/runtime_state.json --inputs examples/runtime_loop_inputs.jsonl --max-steps 2 --profile production --output "$RUNNER_TEMP/runtime-loop.json"
+          uv run pic runtime health --state examples/runtime_state.json --profile production --output "$RUNNER_TEMP/runtime-health.json"
+          uv run pic runtime export-openapi --output "$RUNNER_TEMP/runtime-openapi.json"
+          uv run pic alt admit --packet examples/alt/admission_packet.json
+          uv run pic alt foundry-dashboard --state examples/alt/foundry_state.json
+          uv run pic demo datacenter
+          uv run pic sbom create --format pic --output "$RUNNER_TEMP/pic.sbom.json"
+          uv run pic sbom create --format cyclonedx --output "$RUNNER_TEMP/cyclonedx.sbom.json"
+
+      - name: Validate citation metadata
+        run: uv run python scripts/validate_citation.py

percolation_inversion_compiler-0.4.1/.github/workflows/pypi-publish.yml

@@ -0,0 +1,58 @@
+name: PyPI Publish
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  publish:
+    name: Build and publish to PyPI
+    runs-on: ubuntu-latest
+    environment: pypi
+    env:
+      UV_PYTHON: "3.11"
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        with:
+          persist-credentials: false
+
+      - name: Set up Python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        with:
+          python-version: "3.11"
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        with:
+          enable-cache: false
+
+      - name: Install build dependencies
+        run: uv sync --all-extras --dev --python 3.11
+
+      - name: Verify release tag matches package version
+        env:
+          RELEASE_TAG: ${{ github.event.release.tag_name }}
+        run: |
+          RELEASE_TAG="${RELEASE_TAG:-${GITHUB_REF_NAME}}"
+          VERSION="$(uv run python -c 'import percolation_inversion_compiler as p; print(p.__version__)')"
+          test "${RELEASE_TAG}" = "v${VERSION}"
+
+      - name: Build distributions
+        run: uv build
+
+      - name: Check distribution metadata
+        run: uv run --with twine python -m twine check dist/*.whl dist/*.tar.gz
+
+      - name: Check distribution artifacts
+        run: uv run python scripts/check_distribution_artifacts.py
+
+      - name: Publish distributions to PyPI
+        run: uv publish --trusted-publishing always dist/*

percolation_inversion_compiler-0.4.1/.github/workflows/release.yml

@@ -0,0 +1,103 @@
+name: Release Artifacts
+
+on:
+  push:
+    tags: ["v*"]
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  id-token: write
+  attestations: write
+
+jobs:
+  attest-release-artifacts:
+    runs-on: ubuntu-latest
+    env:
+      UV_PYTHON: "3.11"
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        with:
+          persist-credentials: false
+
+      - name: Set up Python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        with:
+          python-version: "3.11"
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        with:
+          enable-cache: false
+
+      - name: Install dependencies
+        run: uv sync --all-extras --dev --python 3.11
+
+      - name: Prepare release assets
+        run: |
+          VERSION="${GITHUB_REF_NAME#v}"
+          echo "VERSION=${VERSION}" >> "$GITHUB_ENV"
+          uv build
+          uv run python -m twine check dist/*.whl dist/*.tar.gz
+          uv run python scripts/check_distribution_artifacts.py --version "${VERSION}"
+          uv run pic schema --all --output-dir "dist/schemas-${GITHUB_REF_NAME}"
+          (cd dist && zip -qr "percolation-inversion-compiler-${VERSION}.schemas.zip" "schemas-${GITHUB_REF_NAME}")
+          uv run pic sbom create --format pic --output "dist/percolation-inversion-compiler-${VERSION}.sbom.json"
+          uv run pic sbom create --format cyclonedx --output "dist/percolation-inversion-compiler-${VERSION}.cyclonedx.json"
+          uv run pic provenance create \
+            --schema-dir "dist/schemas-${GITHUB_REF_NAME}" \
+            --sbom-ref "dist/percolation-inversion-compiler-${VERSION}.sbom.json" \
+            --artifact-ref "dist/percolation_inversion_compiler-${VERSION}-py3-none-any.whl" \
+            --artifact-ref "dist/percolation_inversion_compiler-${VERSION}.tar.gz" \
+            --artifact-ref "dist/percolation-inversion-compiler-${VERSION}.schemas.zip" \
+            --artifact-ref "dist/percolation-inversion-compiler-${VERSION}.cyclonedx.json" \
+            --output "dist/percolation-inversion-compiler-${VERSION}.provenance.json"
+          uv run pic provenance verify --manifest "dist/percolation-inversion-compiler-${VERSION}.provenance.json"
+
+      - name: Attest wheel
+        uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4
+        with:
+          subject-path: dist/percolation_inversion_compiler-${{ env.VERSION }}-py3-none-any.whl
+
+      - name: Attest source distribution
+        uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4
+        with:
+          subject-path: dist/percolation_inversion_compiler-${{ env.VERSION }}.tar.gz
+
+      - name: Attest schema bundle
+        uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4
+        with:
+          subject-path: dist/percolation-inversion-compiler-${{ env.VERSION }}.schemas.zip
+
+      - name: Attest provenance manifest
+        uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4
+        with:
+          subject-path: dist/percolation-inversion-compiler-${{ env.VERSION }}.provenance.json
+
+      - name: Attest PIC SBOM
+        uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4
+        with:
+          subject-path: dist/percolation-inversion-compiler-${{ env.VERSION }}.sbom.json
+
+      - name: Attest CycloneDX SBOM
+        uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4
+        with:
+          subject-path: dist/percolation-inversion-compiler-${{ env.VERSION }}.cyclonedx.json
+
+      - name: Upload attested assets to existing GitHub Release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          if gh release view "${GITHUB_REF_NAME}" >/dev/null 2>&1; then
+            gh release upload "${GITHUB_REF_NAME}" \
+              "dist/percolation_inversion_compiler-${VERSION}-py3-none-any.whl" \
+              "dist/percolation_inversion_compiler-${VERSION}.tar.gz" \
+              "dist/percolation-inversion-compiler-${VERSION}.schemas.zip" \
+              "dist/percolation-inversion-compiler-${VERSION}.provenance.json" \
+              "dist/percolation-inversion-compiler-${VERSION}.sbom.json" \
+              "dist/percolation-inversion-compiler-${VERSION}.cyclonedx.json" \
+              --clobber
+          else
+            echo "GitHub Release ${GITHUB_REF_NAME} does not exist yet; skipping upload."
+          fi

percolation_inversion_compiler-0.4.1/.github/workflows/security.yml

@@ -0,0 +1,112 @@
+name: Security
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: "37 3 * * 1"
+
+permissions:
+  contents: read
+
+jobs:
+  python-security:
+    runs-on: ubuntu-latest
+    env:
+      UV_PYTHON: "3.11"
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        with:
+          persist-credentials: false
+
+      - name: Set up Python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        with:
+          python-version: "3.11"
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+        with:
+          enable-cache: true
+
+      - name: Install dependencies
+        run: uv sync --all-extras --dev --python 3.11
+
+      - name: pip-audit
+        run: uv run pip-audit
+
+      - name: Bandit
+        run: uv run bandit -r src -c pyproject.toml
+
+      - name: Publishable-file safety scan
+        run: uv run python scripts/check_publish_safety.py
+
+      - name: Provenance and SBOM smoke
+        run: |
+          uv run pic schema --all --output-dir "$RUNNER_TEMP/schema-smoke"
+          uv run pic provenance create --schema-dir "$RUNNER_TEMP/schema-smoke" --output "$RUNNER_TEMP/provenance.json"
+          uv run pic provenance verify --manifest "$RUNNER_TEMP/provenance.json"
+          ! uv run pic provenance verify --manifest "$RUNNER_TEMP/provenance.json" --require-attestation
+          uv run pic sbom create --format pic --output "$RUNNER_TEMP/pic.sbom.json"
+          uv run pic sbom create --format cyclonedx --output "$RUNNER_TEMP/cyclonedx.sbom.json"
+          uv run pic parse audit --source tests/fixtures/minimal_claims.tex --strict-grammar
+          uv run pic snapshot verify --artifact sqot
+          uv run pic sqot schedule --packets examples/sqot_queue.json --profile production
+          uv run pic ecology build-edges --packets examples/ecology_packets.json --output "$RUNNER_TEMP/ecology-registry.json"
+
+  dependency-review:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        with:
+          persist-credentials: false
+      - name: Dependency review
+        uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
+
+  codeql:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        with:
+          persist-credentials: false
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
+        with:
+          languages: python
+      - name: Analyze
+        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
+
+  secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - name: Gitleaks
+        uses: gitleaks/gitleaks-action@e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e # v3.0.0
+
+  workflow-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        with:
+          persist-credentials: false
+      - name: Set up uv
+        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+      - name: Zizmor
+        run: uvx zizmor .github/workflows

percolation_inversion_compiler-0.4.1/.gitignore

@@ -0,0 +1,136 @@
+# Python environments and caches
+.venv/
+.venv*/
+venv/
+venv*/
+env/
+env*/
+ENV/
+.envrc
+.python-version
+__pycache__/
+*.py[cod]
+*.pyo
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+.hypothesis/
+.coverage
+.coverage.*
+coverage.xml
+htmlcov/
+.ipynb_checkpoints/
+
+# Build and packaging artifacts
+build/
+dist/
+*.egg-info/
+*.egg
+*.manifest
+*.spec
+site/
+.tox/
+.nox/
+pip-wheel-metadata/
+wheelhouse/
+*.whl
+*.tar
+*.tar.gz
+*.tgz
+*.zip
+*.7z
+*.rar
+*.xz
+*.bz2
+
+# Local research artifacts and generated TeX/PDF mirrors
+*.aux
+*.bbl
+*.blg
+*.fls
+*.fdb_latexmk
+*.log
+*.out
+*.synctex.gz
+*.xdv
+*.pdf
+*.tex
+!docs/**/*.tex
+!tests/fixtures/**/*.tex
+
+# Model/data artifacts that must not be published without explicit review
+*.ckpt
+*.onnx
+*.pt
+*.pth
+*.safetensors
+*.bin
+*.joblib
+*.pkl
+*.pickle
+*.npy
+*.npz
+*.parquet
+*.feather
+*.arrow
+*.sqlite-wal
+*.sqlite-shm
+
+# Local data, secrets, and credentials
+.env
+.env.*
+!.env.example
+.aws/
+.azure/
+.gcloud/
+.gnupg/
+.ssh/
+*.pem
+*.key
+id_rsa*
+id_ed25519*
+*.asc
+*.p12
+*.pfx
+*.crt
+*.cer
+*.kdbx
+secrets/
+private/
+local/
+downloads/
+download/
+tmp/
+temp/
+cache/
+data/raw/
+data/private/
+data/downloads/
+vendor/
+vendors/
+third_party/
+node_modules/
+*.sqlite
+*.sqlite3
+*.db
+*.db-*
+
+# OS and editor files
+.DS_Store
+Thumbs.db
+desktop.ini
+.idea/
+.vscode/
+*.code-workspace
+*.swp
+*.swo
+*.bak
+*.orig
+
+# Tool output
+.release/
+pip-audit-report.json
+bandit-report.json
+scorecard-results.sarif
+zizmor.sarif
+coverage.json