proxilion 0.0.1__py3-none-any.whl → 0.0.3__py3-none-any.whl

proxilion/__init__.py

@@ -35,7 +35,7 @@ https://proxilion.com
 Source code: https://github.com/clay-good/proxilion-sdk
 """
 
-__version__ = "0.1.0"
+__version__ = "0.0.2"
 
 # Core types - always available
 # Main Proxilion class

proxilion/audit/__init__.py

@@ -56,28 +56,14 @@ from proxilion.audit.events import (
     redact_sensitive_data,
     reset_sequence,
 )
-from proxilion.audit.hash_chain import (
-    GENESIS_HASH,
-    BatchedHashChain,
-    ChainVerificationResult,
-    HashChain,
-    MerkleBatch,
-    MerkleTree,
-)
-from proxilion.audit.logger import (
-    AuditLogger,
-    InMemoryAuditLogger,
-    LoggerConfig,
-    RotationPolicy,
-)
 
 # Explainability (CA SB 53 compliance)
 from proxilion.audit.explainability import (
     DecisionExplainer,
     DecisionFactor,
     DecisionType,
-    ExplainableDecision,
     ExplainabilityLogger,
+    ExplainableDecision,
     Explanation,
     ExplanationFormat,
     Outcome,
@@ -86,6 +72,20 @@ from proxilion.audit.explainability import (
     create_guard_decision,
     create_rate_limit_decision,
 )
+from proxilion.audit.hash_chain import (
+    GENESIS_HASH,
+    BatchedHashChain,
+    ChainVerificationResult,
+    HashChain,
+    MerkleBatch,
+    MerkleTree,
+)
+from proxilion.audit.logger import (
+    AuditLogger,
+    InMemoryAuditLogger,
+    LoggerConfig,
+    RotationPolicy,
+)
 
 __all__ = [
     # Events

proxilion/audit/compliance/base.py

@@ -18,13 +18,13 @@ from proxilion.audit.events import AuditEventV2, EventType
 
 
 class ComplianceFramework(Enum):
-    """Supported compliance frameworks."""
+    """Supported compliance frameworks.
+
+    Currently implemented: EU_AI_ACT, SOC2, ISO27001
+    """
     EU_AI_ACT = "eu_ai_act"
     SOC2 = "soc2"
     ISO27001 = "iso27001"
-    NIST_AI_RMF = "nist_ai_rmf"
-    HIPAA = "hipaa"
-    GDPR = "gdpr"
 
 
 @dataclass

proxilion/audit/compliance/eu_ai_act.py

@@ -535,6 +535,12 @@ class EUAIActExporter(BaseComplianceExporter):
 
         # Article 15: Risk Assessment
         risk_log = self.export_risk_assessment_log(start, end)
+        # Article 15 compliance requires that security events have mitigation responses
+        # or no security events occurred during the period
+        art_15_compliant = (
+            len(risk_log["security_events"]) == 0 or
+            len(risk_log.get("mitigation_actions", [])) > 0
+        )
         article_15_evidence = ComplianceEvidence(
             control_id="Article 15",
             control_name="Accuracy, Robustness and Cybersecurity",
@@ -545,7 +551,7 @@ class EUAIActExporter(BaseComplianceExporter):
             ),
             events=risk_log["security_events"] + risk_log["anomaly_detections"],
             summary=risk_log["summary"],
-            compliant=True,  # Having the log demonstrates compliance
+            compliant=art_15_compliant,
             notes=(
                 "All security events were handled with appropriate mitigation actions."
                 if risk_log["security_events"] else
@@ -554,7 +560,7 @@ class EUAIActExporter(BaseComplianceExporter):
         )
         evidence.append(article_15_evidence)
 
-        if risk_log["summary"]["total_security_events"] > 10:
+        if risk_log.get("summary", {}).get("total_security_events", 0) > 10:
             recommendations.append(
                 "Review security event patterns and consider strengthening access controls."
             )
@@ -563,6 +569,10 @@ class EUAIActExporter(BaseComplianceExporter):
         all_events = self.filter_by_date_range(start, end)
         stats = self.compute_summary_stats(all_events)
 
+        # Article 17 compliance requires evidence of systematic monitoring
+        # (having events logged demonstrates the quality management system is active)
+        # Allow empty for zero-duration periods
+        art_17_compliant = stats["total_events"] > 0 or start == end
         article_17_evidence = ComplianceEvidence(
             control_id="Article 17",
             control_name="Quality Management System",
@@ -578,7 +588,7 @@ class EUAIActExporter(BaseComplianceExporter):
                 "tools_available": stats["unique_tools"],
                 "period_coverage": f"{start.date()} to {end.date()}",
             },
-            compliant=True,
+            compliant=art_17_compliant,
         )
         evidence.append(article_17_evidence)
 
@@ -589,7 +599,7 @@ class EUAIActExporter(BaseComplianceExporter):
             "risk_classification": self._risk_classification,
             "total_operations": stats["total_events"],
             "human_oversight_rate": f"{oversight.human_involvement_rate:.1%}",
-            "security_events": risk_log["summary"]["total_security_events"],
+            "security_events": risk_log.get("summary", {}).get("total_security_events", 0),
             "compliance_status": (
                 "Compliant" if all(e.compliant for e in evidence) else "Review Required"
             ),

proxilion/audit/compliance/iso27001.py

@@ -453,7 +453,7 @@ class ISO27001Exporter(BaseComplianceExporter):
         )
         evidence_list.append(a9_evidence)
 
-        if access_data["summary"]["denial_rate"] > 0.3:
+        if access_data.get("summary", {}).get("denial_rate", 0.0) > 0.3:
             recommendations.append(
                 "High access denial rate detected. Review access policies and user permissions."
             )
@@ -501,7 +501,7 @@ class ISO27001Exporter(BaseComplianceExporter):
             ),
             events=incidents.security_incidents[:50],
             summary=incidents_data["summary"],
-            compliant=incidents_data["summary"]["response_rate"] >= 0.95,
+            compliant=incidents_data.get("summary", {}).get("response_rate", 0.0) >= 0.95,
             notes=(
                 f"{len(incidents.security_incidents)} security events detected. "
                 f"Response rate: {incidents_data['summary']['response_rate']:.1%}. "

proxilion/audit/compliance/soc2.py

@@ -397,7 +397,7 @@ class SOC2Exporter(BaseComplianceExporter):
         )
         evidence_list.append(cc6_1_evidence)
 
-        denial_rate = access_data["summary"]["denial_rate"]
+        denial_rate = access_data.get("summary", {}).get("denial_rate", 0.0)
         if denial_rate > 0.2:
             recommendations.append(
                 f"High denial rate ({denial_rate:.1%}) detected. "
@@ -415,6 +415,12 @@ class SOC2Exporter(BaseComplianceExporter):
         monitoring = self.export_monitoring_evidence(start, end)
         monitoring_data = monitoring.to_dict()
 
+        # CC7.2 is compliant if monitoring coverage exists and incident responses
+        # are documented when anomalies are detected
+        cc7_2_compliant = (
+            monitoring.monitoring_coverage > 0.0 and
+            (len(monitoring.anomaly_detections) == 0 or len(monitoring.incident_responses) > 0)
+        )
         cc7_2_evidence = ComplianceEvidence(
             control_id="CC7.2",
             control_name="System Monitoring",
@@ -427,7 +433,7 @@ class SOC2Exporter(BaseComplianceExporter):
             ),
             events=monitoring.security_alerts + monitoring.anomaly_detections,
             summary=monitoring_data["summary"],
-            compliant=True,  # Having monitoring in place is compliant
+            compliant=cc7_2_compliant,
             notes=(
                 "Continuous monitoring is in place. "
                 f"{len(monitoring.security_alerts)} alerts and "
@@ -446,6 +452,13 @@ class SOC2Exporter(BaseComplianceExporter):
         changes = self.export_change_management_evidence(start, end)
         changes_data = changes.to_dict()
 
+        # CC8.1 is compliant if changes are tracked and approval workflows
+        # exist for configuration changes
+        total_changes = len(changes.policy_updates) + len(changes.configuration_changes)
+        cc8_1_compliant = (
+            total_changes == 0 or  # No changes is compliant
+            len(changes.approval_workflows) > 0  # Changes should have approvals
+        )
         cc8_1_evidence = ComplianceEvidence(
             control_id="CC8.1",
             control_name="Change Management",
@@ -458,7 +471,7 @@ class SOC2Exporter(BaseComplianceExporter):
             ),
             events=changes.policy_updates + changes.configuration_changes,
             summary=changes_data["summary"],
-            compliant=True,  # Having change tracking is compliant
+            compliant=cc8_1_compliant,
             notes=(
                 f"Tracked {len(changes.policy_updates)} policy updates and "
                 f"{len(changes.configuration_changes)} configuration changes."

proxilion/audit/events.py

@@ -12,6 +12,7 @@ import hashlib
 import json
 import os
 import re
+import threading
 import time
 from dataclasses import dataclass, field
 from datetime import datetime, timezone
@@ -76,21 +77,24 @@ def _utc_now() -> datetime:
     return datetime.now(timezone.utc)
 
 
-# Global sequence counter (thread-safe via GIL for simple increments)
+# Global sequence counter with thread-safe access
 _sequence_counter = 0
-_sequence_lock = None
+_sequence_lock = threading.Lock()
+
 
 def _next_sequence() -> int:
     """Get next sequence number (monotonically increasing)."""
     global _sequence_counter
-    _sequence_counter += 1
-    return _sequence_counter
+    with _sequence_lock:
+        _sequence_counter += 1
+        return _sequence_counter
 
 
 def reset_sequence(value: int = 0) -> None:
     """Reset the sequence counter (for testing)."""
     global _sequence_counter
-    _sequence_counter = value
+    with _sequence_lock:
+        _sequence_counter = value
 
 
 @dataclass

proxilion/audit/explainability.py

@@ -47,15 +47,16 @@ Example:
 
 from __future__ import annotations
 
+import contextlib
 import hashlib
 import json
 import logging
-import re
 import threading
-from dataclasses import asdict, dataclass, field
+from collections.abc import Callable
+from dataclasses import dataclass, field
 from datetime import datetime, timezone
 from enum import Enum
-from typing import Any, Callable
+from typing import Any
 
 logger = logging.getLogger(__name__)
 
@@ -165,16 +166,12 @@ class ExplainableDecision:
 
         # Convert string enums
         if isinstance(self.decision_type, str):
-            try:
+            with contextlib.suppress(ValueError):
                 self.decision_type = DecisionType(self.decision_type)
-            except ValueError:
-                pass  # Keep as string if not a known type
 
         if isinstance(self.outcome, str):
-            try:
+            with contextlib.suppress(ValueError):
                 self.outcome = Outcome(self.outcome)
-            except ValueError:
-                pass
 
     @property
     def passed(self) -> bool:
@@ -198,10 +195,16 @@ class ExplainableDecision:
 
     def to_dict(self) -> dict[str, Any]:
         """Convert to dictionary."""
+        dt_val = self.decision_type
+        if isinstance(dt_val, DecisionType):
+            dt_val = dt_val.value
+        outcome_val = self.outcome
+        if isinstance(outcome_val, Outcome):
+            outcome_val = outcome_val.value
         return {
             "decision_id": self.decision_id,
-            "decision_type": str(self.decision_type.value if isinstance(self.decision_type, DecisionType) else self.decision_type),
-            "outcome": str(self.outcome.value if isinstance(self.outcome, Outcome) else self.outcome),
+            "decision_type": str(dt_val),
+            "outcome": str(outcome_val),
             "factors": [f.to_dict() for f in self.factors],
             "context": self.context,
             "timestamp": self.timestamp.isoformat(),
@@ -414,7 +417,10 @@ class DecisionExplainer:
         factors_explained = self._explain_factors(decision, templates)
         counterfactual = self._generate_counterfactual(decision, templates)
         confidence_breakdown = self._explain_confidence(decision, templates)
-        recommendations = self._generate_recommendations(decision) if self._include_recommendations else []
+        if self._include_recommendations:
+            recommendations = self._generate_recommendations(decision)
+        else:
+            recommendations = []
 
         # Format the output
         if format == ExplanationFormat.MARKDOWN:
@@ -465,7 +471,8 @@ class DecisionExplainer:
                 template = templates.get("rate_denied", "Rate limit exceeded")
             return template.format(**context)
 
-        elif dt in (DecisionType.INPUT_GUARD, DecisionType.OUTPUT_GUARD) or dt in ("input_guard", "output_guard"):
+        elif dt in (DecisionType.INPUT_GUARD, DecisionType.OUTPUT_GUARD,
+                    "input_guard", "output_guard"):
             if outcome in (Outcome.ALLOWED, "ALLOWED"):
                 return templates.get("guard_pass", "Content allowed")
             elif outcome in (Outcome.MODIFIED, "MODIFIED"):
@@ -483,7 +490,8 @@ class DecisionExplainer:
                 return templates.get("circuit_closed", "Service available")
             elif state == "open":
                 failures = context.get("failures", 0)
-                return templates.get("circuit_open", "Service unavailable").format(failures=failures)
+                tmpl = templates.get("circuit_open", "Service unavailable")
+                return tmpl.format(failures=failures)
             else:
                 return templates.get("circuit_half_open", "Service testing")
 
@@ -622,13 +630,13 @@ class DecisionExplainer:
                 for f in failing_factors:
                     # Generate specific counterfactual based on factor name
                     if "role" in f.name.lower():
-                        changes.append(f"User had the required role")
+                        changes.append("User had the required role")
                     elif "rate" in f.name.lower():
-                        changes.append(f"Request was within rate limits")
+                        changes.append("Request was within rate limits")
                     elif "budget" in f.name.lower():
-                        changes.append(f"Budget was not exceeded")
+                        changes.append("Budget was not exceeded")
                     elif "trust" in f.name.lower():
-                        changes.append(f"Trust level was sufficient")
+                        changes.append("Trust level was sufficient")
                     else:
                         changes.append(f"{f.name} check passed")
 
@@ -1080,7 +1088,10 @@ def create_guard_decision(
     context = {"guard_type": guard_type}
     if content_sample:
         # Truncate and sanitize
-        context["content_preview"] = content_sample[:100] + "..." if len(content_sample) > 100 else content_sample
+        if len(content_sample) > 100:
+            context["content_preview"] = content_sample[:100] + "..."
+        else:
+            context["content_preview"] = content_sample
 
     return ExplainableDecision(
         decision_type=decision_type,

proxilion/audit/hash_chain.py

@@ -162,6 +162,7 @@ class HashChain:
                 )
 
             expected_previous = GENESIS_HASH
+            last_sequence = -1
 
             for i, event in enumerate(self._events):
                 # Check previous_hash linkage
@@ -185,6 +186,19 @@ class HashChain:
                         verified_count=i,
                     )
 
+                # Verify monotonically increasing sequence numbers
+                if event.sequence_number <= last_sequence:
+                    return ChainVerificationResult(
+                        valid=False,
+                        error_message=(
+                            f"Sequence number not monotonically increasing at index {i}: "
+                            f"got {event.sequence_number}, previous was {last_sequence}"
+                        ),
+                        error_index=i,
+                        verified_count=i,
+                    )
+                last_sequence = event.sequence_number
+
                 expected_previous = event.event_hash
 
             return ChainVerificationResult(

proxilion/caching/tool_cache.py

@@ -23,6 +23,9 @@ from typing import Any, ParamSpec, TypeVar
 
 logger = logging.getLogger(__name__)
 
+# Sentinel object to distinguish cache misses from cached None values
+_CACHE_MISS = object()
+
 P = ParamSpec("P")
 T = TypeVar("T")
 
@@ -320,7 +323,8 @@ class ToolCache:
         tool_name: str,
         args: dict[str, Any],
         user_id: str | None = None,
-    ) -> Any | None:
+        default: Any = None,
+    ) -> Any:
         """
         Get a cached result.
 
@@ -328,9 +332,11 @@ class ToolCache:
             tool_name: Name of the tool.
             args: Tool arguments.
             user_id: Optional user ID.
+            default: Value to return if not found/expired (default: None).
+                Use _CACHE_MISS sentinel to distinguish misses from cached None.
 
         Returns:
-            Cached value or None if not found/expired.
+            Cached value or default if not found/expired.
         """
         key = self._generate_key(tool_name, args, user_id)
 
@@ -339,14 +345,14 @@ class ToolCache:
 
             if entry is None:
                 self._stats.misses += 1
-                return None
+                return default
 
             if entry.is_expired():
                 # Remove expired entry
                 del self._cache[key]
                 self._stats.misses += 1
                 self._stats.expirations += 1
-                return None
+                return default
 
             # Record hit and move to end (for LRU)
             entry.access()
@@ -557,7 +563,7 @@ class ToolCache:
     def __contains__(self, key: tuple[str, dict[str, Any]]) -> bool:
         """Check if a tool/args combination is cached."""
         tool_name, args = key
-        return self.get(tool_name, args) is not None
+        return self.get(tool_name, args, default=_CACHE_MISS) is not _CACHE_MISS
 
     def __len__(self) -> int:
         """Get number of cached entries."""
@@ -613,9 +619,9 @@ def cached_tool(
             else:
                 cache_args = all_args
 
-            # Check cache
-            cached_result = cache.get(tool_name, cache_args)
-            if cached_result is not None:
+            # Check cache — use sentinel to handle cached falsy values (None, False, 0)
+            cached_result = cache.get(tool_name, cache_args, default=_CACHE_MISS)
+            if cached_result is not _CACHE_MISS:
                 logger.debug(f"Cache hit for {tool_name}")
                 return cached_result
 

proxilion/context/context_window.py

@@ -195,8 +195,33 @@ class KeepFirstLastStrategy:
             total = sum(m.token_count or 0 for m in messages)
             if total <= max_tokens:
                 return messages
-            # Still need to truncate - use sliding window
-            return SlidingWindowStrategy().fit(messages, max_tokens)
+            # Still need to truncate — keep first and last, trim from middle
+            # to maintain the KeepFirstLast contract
+            first_msgs = messages[: self.keep_first]
+            last_msgs = messages[self.keep_first :]
+            first_tokens = sum(m.token_count or 0 for m in first_msgs)
+            remaining = max_tokens - first_tokens
+            if remaining <= 0:
+                # First messages alone exceed budget, trim first messages
+                kept: list[Message] = []
+                budget = 0
+                for msg in first_msgs:
+                    msg_tokens = msg.token_count or 0
+                    if budget + msg_tokens > max_tokens:
+                        break
+                    kept.append(msg)
+                    budget += msg_tokens
+                return kept
+            # Fill remaining budget from the end
+            kept_last: list[Message] = []
+            budget = 0
+            for msg in reversed(last_msgs):
+                msg_tokens = msg.token_count or 0
+                if budget + msg_tokens > remaining:
+                    break
+                kept_last.insert(0, msg)
+                budget += msg_tokens
+            return first_msgs + kept_last
 
         # Get first and last messages
         first_msgs = messages[: self.keep_first]

proxilion/contrib/anthropic.py

@@ -325,9 +325,9 @@ class ProxilionToolHandler:
         # Check authorization
         if user is not None:
             context = {
+                **input_data,
                 "tool_name": tool_name,
                 "input": input_data,
-                **input_data,
             }
 
             auth_result = self.proxilion.check(user, tool.action, tool.resource, context)
@@ -436,9 +436,9 @@ class ProxilionToolHandler:
         # Check authorization
         if user is not None:
             context = {
+                **input_data,
                 "tool_name": tool_name,
                 "input": input_data,
-                **input_data,
             }
 
             auth_result = self.proxilion.check(user, tool.action, tool.resource, context)

proxilion/contrib/mcp.py

@@ -520,10 +520,11 @@ class MCPToolWrapper:
             )
 
         # Build context for authorization
+        # Spread arguments first so trusted keys can't be overridden
         context = {
+            **arguments,  # Flatten arguments for policy access
             "arguments": arguments,
             "tool_name": self.name,
-            **arguments,  # Flatten arguments for policy access
         }
 
         # Check authorization

proxilion/contrib/openai.py

@@ -314,9 +314,9 @@ class ProxilionFunctionHandler:
         # Check authorization
         if user is not None:
             context = {
+                **arguments,
                 "function_name": function_name,
                 "arguments": arguments,
-                **arguments,
             }
 
             auth_result = self.proxilion.check(user, func.action, func.resource, context)
@@ -430,9 +430,9 @@ class ProxilionFunctionHandler:
         # Check authorization
         if user is not None:
             context = {
+                **arguments,
                 "function_name": function_name,
                 "arguments": arguments,
-                **arguments,
             }
 
             auth_result = self.proxilion.check(user, func.action, func.resource, context)

proxilion/core.py

@@ -33,6 +33,7 @@ from proxilion.context.session import (
 )
 from proxilion.engines import EngineFactory
 from proxilion.exceptions import (
+    ApprovalRequiredError,
     AuthorizationError,
     CircuitOpenError,
     IDORViolationError,
@@ -2488,13 +2489,12 @@ class Proxilion:
             ...     tools=tools,
             ... )
         """
-        # Get filtered tools
+        # Get filtered tools (apply both filters when both are provided)
+        tools = self._tool_registry.list_enabled()
         if category is not None:
-            tools = self._tool_registry.list_by_category(category)
-        elif max_risk_level is not None:
-            tools = self._tool_registry.list_by_risk_level(max_risk_level)
-        else:
-            tools = self._tool_registry.list_enabled()
+            tools = [t for t in tools if t.category == category]
+        if max_risk_level is not None:
+            tools = [t for t in tools if t.risk_level.value <= max_risk_level.value]
 
         # Export each tool manually
         if format == "openai":
@@ -2550,11 +2550,12 @@ class Proxilion:
                         reason=auth_result.reason,
                     )
 
-                # Check risk level requires approval
+                # Check if tool requires approval before execution
                 if tool_def.requires_approval:
-                    # In a real implementation, this would trigger an approval workflow
-                    logger.warning(
-                        f"Tool {name} requires approval but automatic approval is not implemented"
+                    raise ApprovalRequiredError(
+                        tool_name=name,
+                        user=user.user_id,
+                        reason="Tool is marked as requiring approval before execution",
                     )
 
         return self._tool_registry.execute(name, **kwargs)
@@ -2603,9 +2604,12 @@ class Proxilion:
                         reason=auth_result.reason,
                     )
 
+                # Check if tool requires approval before execution
                 if tool_def.requires_approval:
-                    logger.warning(
-                        f"Tool {name} requires approval but automatic approval is not implemented"
+                    raise ApprovalRequiredError(
+                        tool_name=name,
+                        user=user.user_id,
+                        reason="Tool is marked as requiring approval before execution",
                     )
 
         return await self._tool_registry.execute_async(name, **kwargs)
@@ -2816,8 +2820,9 @@ class Proxilion:
         results = []
         for call in tool_calls:
             merged_context = dict(context or {})
-            merged_context["tool_call_id"] = call.id
             merged_context.update(call.arguments)
+            # Set tool_call_id after arguments to prevent override from untrusted data
+            merged_context["tool_call_id"] = call.id
 
             auth_result = self.check(user, "execute", call.name, merged_context)
             results.append((call, auth_result))
@@ -2859,8 +2864,9 @@ class Proxilion:
         results = []
         for call in tool_calls:
             merged_context = dict(context or {})
-            merged_context["tool_call_id"] = call.id
             merged_context.update(call.arguments)
+            # Set tool_call_id after arguments to prevent override from untrusted data
+            merged_context["tool_call_id"] = call.id
 
             # Check authorization
             auth_result = self.check(user, "execute", call.name, merged_context)
@@ -2934,13 +2940,12 @@ class Proxilion:
             ...     tools=openai_tools,
             ... )
         """
-        # Get filtered tools
+        # Get filtered tools (apply both filters when both are provided)
+        tools = self._tool_registry.list_enabled()
         if category is not None:
-            tools = self._tool_registry.list_by_category(category)
-        elif max_risk_level is not None:
-            tools = self._tool_registry.list_by_risk_level(max_risk_level)
-        else:
-            tools = self._tool_registry.list_enabled()
+            tools = [t for t in tools if t.category == category]
+        if max_risk_level is not None:
+            tools = [t for t in tools if t.risk_level.value <= max_risk_level.value]
 
         adapter = get_adapter(provider=provider)
         return adapter.format_tools(tools)
@@ -2997,7 +3002,7 @@ class Proxilion:
             # Check authorization
             auth_result = self.check(
                 user, "execute", call.name,
-                {"tool_call_id": call.id, **call.arguments}
+                {**call.arguments, "tool_call_id": call.id}
             )
 
             if not auth_result.allowed: