policyshield 0.5.0__tar.gz

policyshield-0.5.0/.gitignore

@@ -0,0 +1,50 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+*.egg-info/
+*.egg
+dist/
+build/
+
+# Virtual environments
+.venv/
+venv/
+ENV/
+
+# Testing
+.pytest_cache/
+htmlcov/
+.coverage
+.coverage.*
+
+# Linting
+.ruff_cache/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Traces (local only)
+traces/
+*.jsonl
+
+# Local development files (not for repo)
+CLAUDE.md
+TECHNICAL_SPEC.md
+INTEGRATION_SPEC.md
+*.docx
+/nanobot/
+prompts/
+demo.py
+demo_traces/
+.gemini/
+.antigravityignore

policyshield-0.5.0/CHANGELOG.md

@@ -0,0 +1,96 @@
+# Changelog
+
+## [0.5.0] - 2025-02-12
+
+### Added
+- **CLI `policyshield init`**: Scaffold new projects with presets (`minimal`, `security`, `compliance`), nanobot support, auto-generated test cases
+- **CLI nanobot wrapper**: Extracted `cli_wrapper.py` with `patch_agent_loop_class()` and `run_nanobot_cli()`
+- **PyPI packaging**: Updated metadata, Beta status, 7 optional dependency groups (`langchain`, `crewai`, `otel`, `nanobot`, `docs`, `dev`, `all`)
+- **GitHub Actions CI**: Enhanced with format check, coverage XML artifact, build job with twine check
+- **Release workflow**: Automated PyPI publishing on version tags
+- **Reusable GitHub Action**: `.github/actions/lint-rules/` for validating and linting rules in CI
+- **MkDocs documentation site**: Material theme, 14 pages covering getting started, guides, integrations, API reference
+- **GitHub Pages deploy**: Automatic docs deployment workflow
+- **FastAPI example**: Complete agent service with `/evaluate` and `/rules` endpoints
+- **Docker quickstart**: Dockerfile and docker-compose.yml with validate/lint/test services
+- **Contributing guide**: Updated with format checks, project structure, commit conventions
+- **GitHub templates**: PR template, bug report and feature request issue templates
+- **Code of Conduct**: Contributor Covenant v2.1
+- 109 new tests (prompts 19–28), bringing total to 570
+
+## [0.4.0] - 2025-02-12
+
+### Added
+- Session ID propagation from `AgentLoop` to `ShieldEngine` for per-session rate limiting
+- Post-call PII scan: tool results are scanned and tainted PII types are recorded
+- `get_definitions()` override: unconditionally blocked tools are hidden from LLM context
+- Context enrichment: active policy constraints are injected into the LLM system prompt
+- Subagent shield propagation via `SubagentManager.shield_config`
+- `approval_backend` parameter in `install_shield()` for CLI/Telegram/Webhook approval flows
+- Comprehensive nanobot integration guide (`docs/nanobot_integration.md`)
+- Working examples: `nanobot_shield_example.py`, `nanobot_shield_agentloop.py`, `nanobot_rules.yaml`
+- Integration tests with real nanobot `Tool` objects (`test_nanobot_real_tools.py`)
+- 26 new tests, bringing total to 461
+
+## [0.3.1] - 2025-02-11
+
+### Fixed
+- Session increment no longer fires on BLOCK/APPROVE verdicts (both sync and async engines)
+- `_parse_rule` now preserves `approval_strategy` field from YAML rules
+- `AsyncShieldEngine.reload_rules` protected with `threading.Lock` to prevent race conditions
+- ReDoS protection: regex patterns in rules capped at 500 characters
+- `redact_dict` now recursively redacts PII in nested dicts and lists
+- `TraceRecorder.record()` / `flush()` protected with `threading.Lock` for thread safety
+- LangChain `_arun` uses `asyncio.to_thread` instead of blocking sync call
+- IP address regex validates octet range (0–255), rejects `999.999.999.999`
+- Passport regex narrowed from 6–9 to 7–9 digits to reduce false positives
+
+### Added
+- Nanobot integration: `ShieldedToolRegistry` extends nanobot's `ToolRegistry` with async support
+- `install_shield()` helper to wrap existing nanobot registries
+- `AgentLoop.shield_config` parameter for optional PolicyShield enablement
+- 23 audit regression tests (`test_audit_fixes.py`), bringing total to 437
+
+## [0.3.0] - 2025-02-11
+
+### Added
+- AsyncShieldEngine with full async/await support
+- CrewAI BaseTool adapter (CrewAIShieldTool, shield_all_crewai_tools)
+- OpenTelemetry exporter (OTLP spans + metrics)
+- Webhook approval backend with HMAC-SHA256 signing
+- YAML-based rule testing framework (`policyshield test`)
+- Policy diff tool (`policyshield diff`)
+- Trace export: CSV and HTML report (`policyshield trace export`)
+- Input sanitizer with prompt injection protection
+- Unified config file (policyshield.yaml) with JSON Schema
+- 14 new E2E test scenarios for v0.3 features
+
+## [0.2.0] - 2025-02-11
+
+### Added
+- Rule linter with 6 static checks (`policyshield lint`)
+- Hot reload of YAML rules (file watcher)
+- RU PII patterns: INN, SNILS, passport, phone (with checksum validation)
+- Custom PII patterns from YAML
+- Sliding window rate limiter with YAML config
+- Human-in-the-loop APPROVE verdict
+- Approval backends: InMemory, CLI, Telegram
+- Batch approve with caching strategies (once, per_session, per_rule, per_tool)
+- Trace stats aggregation (`policyshield trace stats`)
+- LangChain BaseTool adapter (`PolicyShieldTool`, `shield_all_tools`)
+- 12 new E2E test scenarios for v0.2 features
+- CHANGELOG
+
+## [0.1.0] - 2025-02-11
+
+### Added
+- Core models (Verdict, RuleConfig, ShieldResult, etc.)
+- YAML rule parser with includes and env vars
+- PII detector (EMAIL, PHONE, CREDIT_CARD, SSN, IBAN, IP, PASSPORT, DOB)
+- Rule matcher with regex, glob, and exact match
+- ShieldEngine orchestrator
+- Session manager with tool call tracking
+- Trace recorder (JSONL)
+- CLI: validate, trace show, trace violations
+- Nanobot integration
+- 10 E2E test scenarios

policyshield-0.5.0/CODE_OF_CONDUCT.md

@@ -0,0 +1,28 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We pledge to make participation in our community a harassment-free experience for everyone.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+
+Examples of unacceptable behavior:
+
+* Trolling, insulting/derogatory comments, and personal attacks
+* Public or private harassment
+* Publishing others' private information without explicit permission
+
+## Enforcement
+
+Instances of abusive behavior may be reported to the project maintainers. All complaints will be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/), version 2.1.

policyshield-0.5.0/CONTRIBUTING.md

@@ -0,0 +1,88 @@
+# Contributing to PolicyShield
+
+Thanks for your interest in PolicyShield! Here's how to get started.
+
+## Setup
+
+```bash
+git clone https://github.com/mishabar410/PolicyShield.git
+cd PolicyShield
+python -m venv .venv && source .venv/bin/activate
+pip install -e ".[dev,langchain]"
+```
+
+## Development Workflow
+
+1. **Create a branch** from `main`
+2. **Write code + tests** — every feature must include tests
+3. **Lint**: `ruff check policyshield/ tests/`
+4. **Format**: `ruff format policyshield/ tests/`
+5. **Test**: `pytest tests/ -v --cov=policyshield --cov-fail-under=85`
+6. **Open a PR** against `main`
+
+## Code Style
+
+- Python 3.10+ with type hints
+- Formatted with `ruff`
+- All public APIs must have docstrings
+- Maximum line length: 120 characters
+
+## Testing
+
+```bash
+# Run all tests
+pytest tests/ -v
+
+# With coverage
+pytest tests/ --cov=policyshield --cov-report=term-missing
+
+# Target coverage: ≥85%
+```
+
+## Project Structure
+
+```
+policyshield/
+├── core/          # Data models, YAML parser
+├── shield/        # ShieldEngine, PII detector, matcher
+├── approval/      # Approval backends (CLI, Telegram, Webhook)
+├── integrations/  # LangChain, CrewAI, Nanobot adapters
+├── trace/         # JSONL recorder, OpenTelemetry exporter
+├── lint/          # Rule linter
+├── cli/           # CLI commands (validate, lint, test, init, nanobot)
+└── config/        # Config file loader, JSON schema
+```
+
+## Adding a new rule check
+
+1. Add the check method to `policyshield/lint/linter.py`
+2. Add tests in `tests/test_linter.py`
+3. Document the check in `docs/api/linter.md`
+
+## Adding an integration
+
+1. Create a new module in `policyshield/integrations/`
+2. Add optional dependency group in `pyproject.toml`
+3. Add integration docs in `docs/integrations/`
+4. Write tests in `tests/`
+
+## Commit Messages
+
+Use [Conventional Commits](https://www.conventionalcommits.org/):
+
+```
+feat: add new feature
+fix: fix a bug
+docs: update documentation
+test: add tests
+chore: maintenance tasks
+```
+
+## Reporting Issues
+
+- Use GitHub Issues
+- Include: Python version, PolicyShield version, minimal reproduction
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the MIT License.

policyshield-0.5.0/Dockerfile

@@ -0,0 +1,12 @@
+FROM python:3.12-slim
+
+WORKDIR /app
+
+COPY pyproject.toml README.md LICENSE ./
+COPY policyshield/ policyshield/
+
+RUN pip install --no-cache-dir .
+
+# Default: run the CLI help
+ENTRYPOINT ["policyshield"]
+CMD ["--help"]

policyshield-0.5.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 PolicyShield Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.