risk-mirror 1.0.2__tar.gz

risk-mirror-1.0.2/PKG-INFO

@@ -0,0 +1,78 @@
+Metadata-Version: 2.1
+Name: risk-mirror
+Version: 1.0.2
+Summary: Deterministic AI Safety Toolkit - Python SDK & CLI
+Home-page: https://github.com/myProjectsRavi/risk-mirror-core
+Author: RTN Labs
+Author-email: support@risk-mirror.com
+License: UNKNOWN
+Keywords: ai-safety,pii,secrets,prompt-security,deterministic,cli
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+Provides-Extra: dev
+
+# Risk Mirror SDK - Python
+
+Deterministic AI Safety Toolkit for prompt security.
+
+## Installation
+
+```bash
+pip install risk-mirror
+```
+
+## Quick Start
+
+```python
+from risk_mirror import RiskMirror
+
+# Initialize client
+client = RiskMirror(api_key="your-api-key")
+
+# Scan for safety issues
+result = client.scan("Check this text for PII and secrets")
+
+print(result.verdict)  # SAFE, REVIEW, or HIGH_RISK
+print(result.findings)  # List of findings
+print(result.safe_output)  # Redacted text
+```
+
+## Features
+
+- **PII Detection**: Email, phone, SSN, etc.
+- **Secrets Detection**: API keys, tokens, passwords
+- **Injection Detection**: Prompt injection attempts
+- **Safe Share**: Burner-safe strings for sharing with AI
+- **Zero Storage**: No content is stored
+- **Deterministic**: Same input = same output
+
+## Safe Share
+
+```python
+from risk_mirror import RiskMirror
+
+client = RiskMirror(api_key="your-api-key")
+result = client.safe_share("sk-ABCD1234-XYZ", mode="full")
+
+print(result.safe_share_text)
+print(result.audit_summary)
+```
+
+## License
+
+MIT
+
+

risk-mirror-1.0.2/README.md

@@ -0,0 +1,50 @@
+# Risk Mirror SDK - Python
+
+Deterministic AI Safety Toolkit for prompt security.
+
+## Installation
+
+```bash
+pip install risk-mirror
+```
+
+## Quick Start
+
+```python
+from risk_mirror import RiskMirror
+
+# Initialize client
+client = RiskMirror(api_key="your-api-key")
+
+# Scan for safety issues
+result = client.scan("Check this text for PII and secrets")
+
+print(result.verdict)  # SAFE, REVIEW, or HIGH_RISK
+print(result.findings)  # List of findings
+print(result.safe_output)  # Redacted text
+```
+
+## Features
+
+- **PII Detection**: Email, phone, SSN, etc.
+- **Secrets Detection**: API keys, tokens, passwords
+- **Injection Detection**: Prompt injection attempts
+- **Safe Share**: Burner-safe strings for sharing with AI
+- **Zero Storage**: No content is stored
+- **Deterministic**: Same input = same output
+
+## Safe Share
+
+```python
+from risk_mirror import RiskMirror
+
+client = RiskMirror(api_key="your-api-key")
+result = client.safe_share("sk-ABCD1234-XYZ", mode="full")
+
+print(result.safe_share_text)
+print(result.audit_summary)
+```
+
+## License
+
+MIT

risk-mirror-1.0.2/risk_mirror/__init__.py

@@ -0,0 +1,31 @@
+"""
+Risk Mirror SDK - Python
+========================
+Deterministic, stateless AI safety toolkit
+
+US-0001 to US-0020: SDKs (JS/Python) feature
+"""
+from .client import RiskMirror, RiskMirrorError, safe_share
+from .types import (
+    ScanResponse,
+    ScanPolicy,
+    Finding,
+    AuditSummary,
+    SafeShareResponse,
+    Verdict,
+    Severity,
+)
+
+__version__ = "1.0.2"
+__all__ = [
+    "RiskMirror",
+    "RiskMirrorError",
+    "ScanResponse",
+    "ScanPolicy",
+    "Finding",
+    "AuditSummary",
+    "SafeShareResponse",
+    "Verdict",
+    "Severity",
+    "safe_share",
+]

risk-mirror-1.0.2/risk_mirror/cli.py

@@ -0,0 +1,309 @@
+#!/usr/bin/env python3
+"""
+Risk Mirror CLI - API-Based Safety Scanner
+===========================================
+Scan prompts and files for PII, secrets, and injection risks.
+All scans go through the Risk Mirror API for unified usage tracking.
+
+Usage:
+    risk-mirror scan "Your prompt text here"
+    risk-mirror scan -f prompt.txt
+    risk-mirror scan -f prompt.txt --json
+    risk-mirror safe-share "sensitive string"
+    risk-mirror safe-share -f secrets.txt --mode full
+    risk-mirror --version
+"""
+
+import argparse
+import json
+import os
+import sys
+from typing import Optional, List
+
+from .client import RiskMirror, RiskMirrorError
+
+CLI_VERSION = "1.0.2"
+
+# Exit codes
+EXIT_SAFE = 0
+EXIT_RISK = 1
+EXIT_ERROR = 2
+
+
+def create_parser() -> argparse.ArgumentParser:
+    """Create argument parser."""
+    parser = argparse.ArgumentParser(
+        prog="risk-mirror",
+        description="Risk Mirror CLI - Deterministic AI Safety Scanner",
+        epilog="Examples:\n"
+               "  risk-mirror scan \"Check this prompt\"\n"
+               "  risk-mirror scan -f prompt.txt --json\n"
+               "  RISK_MIRROR_API_KEY=rm_xxx risk-mirror scan \"text\"\n",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+    
+    parser.add_argument(
+        "--version", "-V",
+        action="version",
+        version=f"risk-mirror CLI {CLI_VERSION}"
+    )
+    
+    subparsers = parser.add_subparsers(dest="command", help="Commands")
+    
+    # Scan command
+    scan_parser = subparsers.add_parser(
+        "scan",
+        help="Scan text or file for safety issues",
+        description="Scan text or file for PII, secrets, and prompt injection"
+    )
+    
+    scan_parser.add_argument(
+        "text",
+        nargs="?",
+        help="Text to scan (use -f for file input)"
+    )
+    
+    scan_parser.add_argument(
+        "-f", "--file",
+        help="File to scan"
+    )
+    
+    scan_parser.add_argument(
+        "--api-key", "-k",
+        help="API key (or set RISK_MIRROR_API_KEY env var)"
+    )
+    
+    scan_parser.add_argument(
+        "--json", "-j",
+        action="store_true",
+        help="Output as JSON"
+    )
+    
+    scan_parser.add_argument(
+        "--quiet", "-q",
+        action="store_true",
+        help="Only output verdict (for CI/CD)"
+    )
+
+    # Safe Share command
+    safe_parser = subparsers.add_parser(
+        "safe-share",
+        help="Generate Safe Share burner text",
+        description="Create non-reversible, format-preserving safe share text"
+    )
+
+    safe_parser.add_argument(
+        "text",
+        nargs="?",
+        help="Text to transform (use -f for file input)"
+    )
+
+    safe_parser.add_argument(
+        "-f", "--file",
+        help="File to transform"
+    )
+
+    safe_parser.add_argument(
+        "--mode",
+        choices=["full", "selective"],
+        default="selective",
+        help="Replacement mode (default: selective)"
+    )
+
+    safe_parser.add_argument(
+        "--no-secrets",
+        action="store_true",
+        help="Disable secrets replacement in selective mode"
+    )
+
+    safe_parser.add_argument(
+        "--allow-valid",
+        action="store_true",
+        help="Allow valid-looking values (disables strict invalid generation)"
+    )
+
+    safe_parser.add_argument(
+        "--api-key", "-k",
+        help="API key (or set RISK_MIRROR_API_KEY env var)"
+    )
+
+    safe_parser.add_argument(
+        "--json", "-j",
+        action="store_true",
+        help="Output as JSON"
+    )
+
+    safe_parser.add_argument(
+        "--quiet", "-q",
+        action="store_true",
+        help="Only output the safe share text"
+    )
+    
+    return parser
+
+
+def format_result(result, as_json: bool = False) -> str:
+    """Format scan result for display."""
+    if as_json:
+        return json.dumps({
+            "verdict": result.verdict.value if hasattr(result.verdict, 'value') else str(result.verdict),
+            "safe_output": result.safe_output,
+            "findings_count": len(result.findings) if result.findings else 0,
+        }, indent=2)
+    
+    verdict = result.verdict.value if hasattr(result.verdict, 'value') else str(result.verdict)
+    emoji = {"SAFE": "✅", "REVIEW": "⚠️", "BLOCK": "🚨"}.get(verdict, "❓")
+    
+    lines = [
+        f"\n{emoji} Verdict: {verdict}",
+    ]
+    
+    if result.findings:
+        lines.append(f"\n📋 Findings ({len(result.findings)}):")
+        for f in result.findings:
+            lines.append(f"   • {f.get('category', 'unknown')}: {f.get('count', 1)} occurrence(s)")
+    
+    if result.safe_output and result.safe_output != result.input_text:
+        lines.append(f"\n🔒 Safe Output:\n{result.safe_output[:500]}{'...' if len(result.safe_output) > 500 else ''}")
+    
+    lines.append("\n🔐 Privacy: Stateless scan, no content stored")
+    
+    return "\n".join(lines)
+
+
+def main(args: Optional[List[str]] = None) -> int:
+    """Main CLI entry point."""
+    parser = create_parser()
+    parsed = parser.parse_args(args)
+    
+    if not parsed.command:
+        parser.print_help()
+        return EXIT_ERROR
+    
+    if parsed.command == "scan":
+        return handle_scan(parsed)
+    if parsed.command == "safe-share":
+        return handle_safe_share(parsed)
+    
+    return EXIT_ERROR
+
+
+def handle_scan(args: argparse.Namespace) -> int:
+    """Handle scan command."""
+    # Get API key
+    api_key = args.api_key or os.environ.get("RISK_MIRROR_API_KEY")
+    
+    # Get input text
+    if args.file:
+        try:
+            with open(args.file, "r", encoding="utf-8") as f:
+                text = f.read()
+        except FileNotFoundError:
+            print(f"Error: File not found: {args.file}", file=sys.stderr)
+    return EXIT_ERROR
+
+
+def handle_safe_share(args: argparse.Namespace) -> int:
+    """Handle safe-share command."""
+    api_key = args.api_key or os.environ.get("RISK_MIRROR_API_KEY")
+
+    if args.file:
+        try:
+            with open(args.file, "r", encoding="utf-8") as f:
+                text = f.read()
+        except FileNotFoundError:
+            print(f"Error: File not found: {args.file}", file=sys.stderr)
+            return EXIT_ERROR
+        except Exception as e:
+            print(f"Error reading file: {e}", file=sys.stderr)
+            return EXIT_ERROR
+    elif args.text:
+        text = args.text
+    else:
+        if sys.stdin.isatty():
+            print("Error: No input provided. Use -f FILE or provide text.", file=sys.stderr)
+            return EXIT_ERROR
+        text = sys.stdin.read()
+
+    if not text.strip():
+        print("Error: Empty input", file=sys.stderr)
+        return EXIT_ERROR
+
+    try:
+        client = RiskMirror(api_key=api_key)
+        result = client.safe_share(
+            text,
+            mode=args.mode,
+            include_secrets=not args.no_secrets,
+            strict_invalid=not args.allow_valid,
+        )
+
+        if args.quiet:
+            print(result.safe_share_text)
+            return EXIT_SAFE
+
+        if args.json:
+            print(json.dumps({
+                "safe_share_text": result.safe_share_text,
+                "mode": result.mode,
+                "audit_summary": result.audit_summary,
+            }, indent=2))
+        else:
+            print(result.safe_share_text)
+            if result.audit_summary:
+                print(f"\n🔐 Replaced spans: {result.audit_summary.get('spans_replaced', 0)}")
+                print(f"🧩 Replaced chars: {result.audit_summary.get('chars_replaced', 0)}")
+            print("\n🔐 Privacy: Stateless, no content stored")
+
+        return EXIT_SAFE
+    except RiskMirrorError as e:
+        print(f"API Error: {e.message}", file=sys.stderr)
+        if e.status_code == 401:
+            print("Hint: Set RISK_MIRROR_API_KEY or use --api-key", file=sys.stderr)
+        return EXIT_ERROR
+    except Exception as e:
+        print(f"Error: {e}", file=sys.stderr)
+        return EXIT_ERROR
+        except Exception as e:
+            print(f"Error reading file: {e}", file=sys.stderr)
+            return EXIT_ERROR
+    elif args.text:
+        text = args.text
+    else:
+        # Read from stdin
+        if sys.stdin.isatty():
+            print("Error: No input provided. Use -f FILE or provide text.", file=sys.stderr)
+            return EXIT_ERROR
+        text = sys.stdin.read()
+    
+    if not text.strip():
+        print("Error: Empty input", file=sys.stderr)
+        return EXIT_ERROR
+    
+    # Create client and scan
+    try:
+        client = RiskMirror(api_key=api_key)
+        result = client.scan(text)
+        
+        if args.quiet:
+            verdict = result.verdict.value if hasattr(result.verdict, 'value') else str(result.verdict)
+            print(verdict)
+        else:
+            print(format_result(result, as_json=args.json))
+        
+        # Return exit code based on verdict
+        verdict = result.verdict.value if hasattr(result.verdict, 'value') else str(result.verdict)
+        return EXIT_SAFE if verdict == "SAFE" else EXIT_RISK
+        
+    except RiskMirrorError as e:
+        print(f"API Error: {e.message}", file=sys.stderr)
+        if e.status_code == 401:
+            print("Hint: Set RISK_MIRROR_API_KEY or use --api-key", file=sys.stderr)
+        return EXIT_ERROR
+    except Exception as e:
+        print(f"Error: {e}", file=sys.stderr)
+        return EXIT_ERROR
+
+
+if __name__ == "__main__":
+    sys.exit(main())

risk-mirror-1.0.2/risk_mirror/client.py

@@ -0,0 +1,394 @@
+"""
+Risk Mirror SDK - Python Client
+================================
+Deterministic, stateless AI safety toolkit
+Drop-in integration for prompt security
+
+US-0001: Core Behavior
+US-0002: Policy Controls
+US-0006: Edge Cases
+US-0007: Performance
+US-0008: Security
+US-0009: Audit Evidence
+US-0010: Privacy (no storage)
+US-0011: Compliance
+US-0012: Rate Limits
+US-0013: Logging
+US-0015: Rollback
+US-0020: Error Handling
+"""
+import time
+import logging
+from typing import Optional, Callable, Dict, Any
+from urllib.request import Request, urlopen
+from urllib.error import HTTPError, URLError
+import json
+
+from .types import ScanResponse, ScanPolicy, OptimizeResponse, SafeShareResponse, Verdict
+
+# Constants
+DEFAULT_BASE_URL = "https://risk-mirror-auth.anonymous617461746174.workers.dev"
+DEFAULT_TIMEOUT = 30
+DEFAULT_RETRIES = 3
+SDK_VERSION = "1.0.2"
+ENGINE_VERSION = "6.0-ULTRA"
+
+logger = logging.getLogger("risk_mirror")
+
+
+class RiskMirrorError(Exception):
+    """Base exception for Risk Mirror SDK.
+    
+    US-0020: Error Handling
+    """
+    def __init__(
+        self,
+        code: str,
+        message: str,
+        retryable: bool = False,
+        status_code: Optional[int] = None
+    ):
+        super().__init__(message)
+        self.code = code
+        self.message = message
+        self.retryable = retryable
+        self.status_code = status_code
+
+
+class RiskMirror:
+    """
+    Risk Mirror SDK Client
+    ======================
+    Deterministic AI safety scanning with zero content storage.
+    
+    Example:
+        >>> client = RiskMirror(api_key="your-key")
+        >>> result = client.scan("Check this prompt for safety")
+        >>> print(result.verdict)
+        'SAFE'
+    
+    US-0001: Core Behavior
+    """
+    
+    def __init__(
+        self,
+        base_url: str = DEFAULT_BASE_URL,
+        api_key: Optional[str] = None,
+        timeout: int = DEFAULT_TIMEOUT,
+        retries: int = DEFAULT_RETRIES,
+        debug: bool = False,
+    ):
+        """
+        Initialize the Risk Mirror client.
+        
+        Args:
+            base_url: API base URL
+            api_key: Optional API key for authentication
+            timeout: Request timeout in seconds
+            retries: Number of retries on failure
+            debug: Enable debug logging
+        """
+        self.base_url = base_url.rstrip("/")
+        self.api_key = api_key
+        self.timeout = timeout
+        self.retries = retries
+        self.debug = debug
+        self._telemetry_callback: Optional[Callable[[Dict[str, Any]], None]] = None
+        
+        if debug:
+            logging.basicConfig(level=logging.DEBUG)
+    
+    def on_telemetry(self, callback: Callable[[Dict[str, Any]], None]) -> None:
+        """
+        Set telemetry callback (receives no content, only metadata).
+        
+        US-0018: Analytics without storing content
+        """
+        self._telemetry_callback = callback
+    
+    def _log(self, msg: str, *args: Any) -> None:
+        if self.debug:
+            logger.debug(f"[RiskMirror] {msg}", *args)
+    
+    def _request(
+        self,
+        endpoint: str,
+        method: str = "POST",
+        body: Optional[Dict[str, Any]] = None
+    ) -> Dict[str, Any]:
+        """Make HTTP request with retry logic.
+        
+        US-0012: Rate Limits
+        US-0020: Error Handling
+        """
+        url = f"{self.base_url}{endpoint}"
+        headers = {
+            "Content-Type": "application/json",
+            "X-SDK-Version": SDK_VERSION,
+        }
+        
+        if self.api_key:
+            headers["X-API-Key"] = self.api_key
+        
+        last_error: Optional[Exception] = None
+        
+        for attempt in range(self.retries + 1):
+            try:
+                self._log(f"Request attempt {attempt + 1}: {method} {endpoint}")
+                
+                data = json.dumps(body).encode("utf-8") if body else None
+                req = Request(url, data=data, headers=headers, method=method)
+                
+                with urlopen(req, timeout=self.timeout) as response:
+                    return json.loads(response.read().decode("utf-8"))
+                    
+            except HTTPError as e:
+                last_error = e
+                
+                # US-0012: Rate limit handling
+                if e.code == 429:
+                    retry_after = e.headers.get("Retry-After", "1")
+                    wait_secs = int(retry_after)
+                    self._log(f"Rate limited, waiting {wait_secs}s")
+                    time.sleep(wait_secs)
+                    continue
+                
+                # Retryable server errors
+                if e.code >= 500 and attempt < self.retries:
+                    wait_secs = min(2 ** attempt, 10)
+                    self._log(f"Server error {e.code}, retry in {wait_secs}s")
+                    time.sleep(wait_secs)
+                    continue
+                
+                raise RiskMirrorError(
+                    code="API_ERROR",
+                    message=f"API returned {e.code}: {e.read().decode('utf-8', errors='ignore')}",
+                    retryable=e.code >= 500,
+                    status_code=e.code
+                )
+                
+            except URLError as e:
+                last_error = e
+                if attempt < self.retries:
+                    wait_secs = min(2 ** attempt, 10)
+                    self._log(f"Network error, retry in {wait_secs}s: {e.reason}")
+                    time.sleep(wait_secs)
+                    continue
+                raise RiskMirrorError(
+                    code="NETWORK_ERROR",
+                    message=str(e.reason),
+                    retryable=True
+                )
+            except Exception as e:
+                last_error = e
+                raise RiskMirrorError(
+                    code="UNKNOWN_ERROR",
+                    message=str(e),
+                    retryable=False
+                )
+        
+        raise last_error or RiskMirrorError("UNKNOWN_ERROR", "Request failed", False)
+    
+    def scan(
+        self,
+        input_text: str,
+        policy: Optional[ScanPolicy] = None,
+        mode: str = "default"
+    ) -> ScanResponse:
+        """
+        Scan input for safety issues.
+        
+        US-0001: Core behavior - deterministic scanning
+        US-0002: Policy controls - configurable detection
+        US-0010: Privacy - no content storage
+        
+        Args:
+            input_text: Text to scan
+            policy: Optional policy configuration
+            mode: Scan mode (default, strict, paranoid)
+        
+        Returns:
+            ScanResponse with verdict, findings, and safe_output
+        
+        Raises:
+            RiskMirrorError: On validation or API errors
+        """
+        start = time.perf_counter()
+        
+        # US-0006: Edge cases - input validation
+        if not input_text or not isinstance(input_text, str):
+            raise RiskMirrorError(
+                code="INVALID_INPUT",
+                message="Input must be a non-empty string",
+                retryable=False
+            )
+        
+        # US-0008: Security - size limit
+        max_length = policy.max_length if policy else 100000
+        if len(input_text) > max_length:
+            raise RiskMirrorError(
+                code="INPUT_TOO_LARGE",
+                message=f"Input exceeds maximum length of {max_length} characters",
+                retryable=False
+            )
+        
+        # Build request
+        policy = policy or ScanPolicy()
+        request_body = {
+            "prompt": input_text,
+            "policy": {
+                "detect_pii": policy.pii,
+                "detect_secrets": policy.secrets,
+                "detect_injection": policy.injection,
+            },
+        }
+        
+        if policy.pii_classes:
+            request_body["policy"]["pii_classes"] = policy.pii_classes
+        
+        response_data = self._request("/firewall/audit", "POST", request_body)
+        
+        latency_ms = (time.perf_counter() - start) * 1000
+        response_data["latency_ms"] = latency_ms
+        response_data["privacy"] = {"stateless": True, "content_logged": False}
+        
+        # US-0018: Analytics telemetry (no content)
+        if self._telemetry_callback:
+            self._telemetry_callback({
+                "operation": "scan",
+                "verdict": response_data.get("verdict", "SAFE"),
+                "findings_count": len(response_data.get("findings", [])),
+                "latency_ms": latency_ms,
+                "timestamp": time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime()),
+            })
+        
+        return ScanResponse.from_dict(response_data)
+    
+    def audit(
+        self,
+        input_text: str,
+        policy: Optional[ScanPolicy] = None
+    ) -> ScanResponse:
+        """
+        Audit scan for compliance reporting.
+        
+        US-0009: Audit Evidence
+        
+        Args:
+            input_text: Text to audit
+            policy: Optional policy configuration
+        
+        Returns:
+            ScanResponse with detailed audit evidence
+        """
+        return self.scan(input_text, policy, mode="strict")
+    
+    def optimize(
+        self,
+        input_text: str,
+        mode: str = "compress"
+    ) -> OptimizeResponse:
+        """
+        Optimize prompt for token efficiency.
+        
+        Args:
+            input_text: Text to optimize
+            mode: compress, refine, or strip
+        
+        Returns:
+            OptimizeResponse with optimized text
+        """
+        if not input_text or not isinstance(input_text, str):
+            raise RiskMirrorError(
+                code="INVALID_INPUT",
+                message="Input must be a non-empty string",
+                retryable=False
+            )
+        
+        response_data = self._request("/optimize/prompt", "POST", {
+            "prompt": input_text,
+            "mode": mode,
+        })
+        
+        return OptimizeResponse.from_dict(response_data)
+
+    def safe_share(
+        self,
+        input_text: str,
+        mode: str = "selective",
+        include_secrets: bool = True,
+        strict_invalid: bool = True
+    ) -> SafeShareResponse:
+        """
+        Generate Safe Share burner text (non-reversible).
+        
+        Args:
+            input_text: Text to transform
+            mode: full or selective
+            include_secrets: Replace secrets in selective mode
+            strict_invalid: Force invalid CC/SSN/etc
+        
+        Returns:
+            SafeShareResponse with safe_share_text and audit summary
+        """
+        if not input_text or not isinstance(input_text, str):
+            raise RiskMirrorError(
+                code="INVALID_INPUT",
+                message="Input must be a non-empty string",
+                retryable=False
+            )
+        
+        response_data = self._request("/safe-share/text", "POST", {
+            "text": input_text,
+            "mode": mode,
+            "include_secrets": include_secrets,
+            "strict_invalid": strict_invalid,
+        })
+        
+        return SafeShareResponse.from_dict(response_data)
+    
+    def get_version(self) -> Dict[str, str]:
+        """
+        Get SDK and engine version.
+        
+        US-0015: Rollback - version tracking
+        """
+        return {
+            "sdk": SDK_VERSION,
+            "engine": ENGINE_VERSION,
+        }
+
+
+# ============ Quick Helpers ============
+_default_client: Optional[RiskMirror] = None
+
+
+def configure(**kwargs: Any) -> None:
+    """Configure the default client."""
+    global _default_client
+    _default_client = RiskMirror(**kwargs)
+
+
+def scan(
+    input_text: str,
+    policy: Optional[ScanPolicy] = None,
+    mode: str = "default"
+) -> ScanResponse:
+    """Quick scan using default client."""
+    global _default_client
+    if _default_client is None:
+        _default_client = RiskMirror()
+    return _default_client.scan(input_text, policy, mode)
+
+
+def safe_share(
+    input_text: str,
+    mode: str = "selective",
+    include_secrets: bool = True,
+    strict_invalid: bool = True
+) -> SafeShareResponse:
+    """Quick safe share using default client."""
+    global _default_client
+    if _default_client is None:
+        _default_client = RiskMirror()
+    return _default_client.safe_share(input_text, mode, include_secrets, strict_invalid)

risk-mirror-1.0.2/risk_mirror/types.py

@@ -0,0 +1,160 @@
+"""
+Risk Mirror SDK - Type Definitions
+==================================
+Dataclasses for SDK request/response models
+
+US-0004: API Surface
+US-0005: Data Model
+"""
+from dataclasses import dataclass, field
+from typing import List, Optional, Dict, Any, Literal
+from enum import Enum
+
+
+class Verdict(str, Enum):
+    SAFE = "SAFE"
+    REVIEW = "REVIEW"
+    HIGH_RISK = "HIGH_RISK"
+
+
+class Severity(str, Enum):
+    LOW = "LOW"
+    MED = "MED"
+    HIGH = "HIGH"
+
+
+@dataclass
+class Finding:
+    """A single finding from the scan."""
+    category: str
+    severity: Severity
+    count: int
+    match: Optional[str] = None
+
+
+@dataclass
+class AuditSummary:
+    """Summary of modifications made."""
+    phrases_removed: int = 0
+    pii_redacted: int = 0
+    secrets_masked: int = 0
+    injections_blocked: int = 0
+
+
+@dataclass
+class ScanPolicy:
+    """Configuration for scan behavior.
+    
+    US-0002: Policy Controls
+    """
+    pii: bool = True
+    secrets: bool = True
+    injection: bool = True
+    pii_classes: Optional[List[str]] = None
+    max_length: int = 100000
+
+
+@dataclass
+class Privacy:
+    """Privacy guarantees."""
+    stateless: bool = True
+    content_logged: bool = False
+
+
+@dataclass
+class ScanResponse:
+    """Response from scan operation.
+    
+    US-0009: Audit Evidence
+    US-0010: Privacy
+    US-0011: Compliance
+    """
+    verdict: Verdict
+    findings: List[Finding]
+    safe_output: str
+    audit_summary: AuditSummary
+    policy_hash: str
+    engine_version: str
+    latency_ms: float
+    privacy: Optional[Privacy] = None
+    compliance_tags: List[str] = field(default_factory=list)
+    
+    @classmethod
+    def from_dict(cls, data: Dict[str, Any]) -> "ScanResponse":
+        """Create ScanResponse from API response dict."""
+        findings = [
+            Finding(
+                category=f.get("category", "unknown"),
+                severity=Severity(f.get("severity", "LOW")),
+                count=f.get("count", 1),
+                match=f.get("match"),
+            )
+            for f in data.get("findings", [])
+        ]
+        
+        audit_data = data.get("audit_summary", {})
+        audit_summary = AuditSummary(
+            phrases_removed=audit_data.get("phrases_removed", 0),
+            pii_redacted=audit_data.get("pii_redacted", 0),
+            secrets_masked=audit_data.get("secrets_masked", 0),
+            injections_blocked=audit_data.get("injections_blocked", 0),
+        )
+        
+        privacy_data = data.get("privacy")
+        privacy = Privacy(
+            stateless=privacy_data.get("stateless", True),
+            content_logged=privacy_data.get("content_logged", False),
+        ) if privacy_data else Privacy()
+        
+        return cls(
+            verdict=Verdict(data.get("verdict", "SAFE")),
+            findings=findings,
+            safe_output=data.get("safe_output", ""),
+            audit_summary=audit_summary,
+            policy_hash=data.get("policy_hash", ""),
+            engine_version=data.get("engine_version", "6.0-ULTRA"),
+            latency_ms=data.get("latency_ms", 0.0),
+            privacy=privacy,
+            compliance_tags=data.get("compliance_tags", []),
+        )
+
+
+@dataclass
+class OptimizeResponse:
+    """Response from optimize operation."""
+    optimized: str
+    tokens_saved: int
+    compression_ratio: float
+    
+    @classmethod
+    def from_dict(cls, data: Dict[str, Any]) -> "OptimizeResponse":
+        return cls(
+            optimized=data.get("optimized", ""),
+            tokens_saved=data.get("tokens_saved", 0),
+            compression_ratio=data.get("compression_ratio", 1.0),
+        )
+
+
+@dataclass
+class SafeShareResponse:
+    """Response from Safe Share operation."""
+    safe_share_text: str
+    mode: str
+    audit_summary: Dict[str, Any]
+    engine_version: str
+    privacy: Optional[Privacy] = None
+
+    @classmethod
+    def from_dict(cls, data: Dict[str, Any]) -> "SafeShareResponse":
+        privacy_data = data.get("privacy")
+        privacy = Privacy(
+            stateless=privacy_data.get("stateless", True),
+            content_logged=False,
+        ) if privacy_data else Privacy()
+        return cls(
+            safe_share_text=data.get("safe_share_text", ""),
+            mode=data.get("mode", "selective"),
+            audit_summary=data.get("audit_summary", {}),
+            engine_version=data.get("engine_version", ""),
+            privacy=privacy,
+        )

risk-mirror-1.0.2/risk_mirror.egg-info/PKG-INFO

@@ -0,0 +1,78 @@
+Metadata-Version: 2.1
+Name: risk-mirror
+Version: 1.0.2
+Summary: Deterministic AI Safety Toolkit - Python SDK & CLI
+Home-page: https://github.com/myProjectsRavi/risk-mirror-core
+Author: RTN Labs
+Author-email: support@risk-mirror.com
+License: UNKNOWN
+Keywords: ai-safety,pii,secrets,prompt-security,deterministic,cli
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+Provides-Extra: dev
+
+# Risk Mirror SDK - Python
+
+Deterministic AI Safety Toolkit for prompt security.
+
+## Installation
+
+```bash
+pip install risk-mirror
+```
+
+## Quick Start
+
+```python
+from risk_mirror import RiskMirror
+
+# Initialize client
+client = RiskMirror(api_key="your-api-key")
+
+# Scan for safety issues
+result = client.scan("Check this text for PII and secrets")
+
+print(result.verdict)  # SAFE, REVIEW, or HIGH_RISK
+print(result.findings)  # List of findings
+print(result.safe_output)  # Redacted text
+```
+
+## Features
+
+- **PII Detection**: Email, phone, SSN, etc.
+- **Secrets Detection**: API keys, tokens, passwords
+- **Injection Detection**: Prompt injection attempts
+- **Safe Share**: Burner-safe strings for sharing with AI
+- **Zero Storage**: No content is stored
+- **Deterministic**: Same input = same output
+
+## Safe Share
+
+```python
+from risk_mirror import RiskMirror
+
+client = RiskMirror(api_key="your-api-key")
+result = client.safe_share("sk-ABCD1234-XYZ", mode="full")
+
+print(result.safe_share_text)
+print(result.audit_summary)
+```
+
+## License
+
+MIT
+
+

risk-mirror-1.0.2/risk_mirror.egg-info/SOURCES.txt

@@ -0,0 +1,12 @@
+README.md
+setup.py
+risk_mirror/__init__.py
+risk_mirror/cli.py
+risk_mirror/client.py
+risk_mirror/types.py
+risk_mirror.egg-info/PKG-INFO
+risk_mirror.egg-info/SOURCES.txt
+risk_mirror.egg-info/dependency_links.txt
+risk_mirror.egg-info/entry_points.txt
+risk_mirror.egg-info/requires.txt
+risk_mirror.egg-info/top_level.txt

risk-mirror-1.0.2/risk_mirror.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

risk-mirror-1.0.2/risk_mirror.egg-info/entry_points.txt

@@ -0,0 +1,3 @@
+[console_scripts]
+risk-mirror = risk_mirror.cli:main
+

risk-mirror-1.0.2/risk_mirror.egg-info/requires.txt

@@ -0,0 +1,5 @@
+
+[dev]
+pytest
+pytest-cov
+mypy

risk-mirror-1.0.2/risk_mirror.egg-info/top_level.txt

@@ -0,0 +1 @@
+risk_mirror

risk-mirror-1.0.2/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

risk-mirror-1.0.2/setup.py

@@ -0,0 +1,44 @@
+"""
+Risk Mirror SDK - Python Package Setup
+"""
+from setuptools import setup, find_packages
+
+with open("README.md", "r", encoding="utf-8") as f:
+    long_description = f.read() if f else ""
+
+setup(
+    name="risk-mirror",
+    version="1.0.2",
+    author="RTN Labs",
+    author_email="support@risk-mirror.com",
+    description="Deterministic AI Safety Toolkit - Python SDK & CLI",
+    long_description=long_description,
+    long_description_content_type="text/markdown",
+    url="https://github.com/myProjectsRavi/risk-mirror-core",
+    packages=find_packages(),
+    classifiers=[
+        "Development Status :: 5 - Production/Stable",
+        "Intended Audience :: Developers",
+        "License :: OSI Approved :: MIT License",
+        "Operating System :: OS Independent",
+        "Programming Language :: Python :: 3",
+        "Programming Language :: Python :: 3.8",
+        "Programming Language :: Python :: 3.9",
+        "Programming Language :: Python :: 3.10",
+        "Programming Language :: Python :: 3.11",
+        "Programming Language :: Python :: 3.12",
+        "Topic :: Security",
+        "Topic :: Software Development :: Libraries :: Python Modules",
+    ],
+    python_requires=">=3.8",
+    install_requires=[],  # Zero dependencies - uses stdlib only
+    extras_require={
+        "dev": ["pytest", "pytest-cov", "mypy"],
+    },
+    entry_points={
+        "console_scripts": [
+            "risk-mirror=risk_mirror.cli:main",
+        ],
+    },
+    keywords=["ai-safety", "pii", "secrets", "prompt-security", "deterministic", "cli"],
+)