riskkernel 0.3.0__tar.gz

riskkernel-0.3.0/.gitignore

@@ -0,0 +1,38 @@
+# Binaries
+/riskkernel
+/rk
+/dist/
+*.exe
+*.test
+*.out
+
+# Local state — RiskKernel's SQLite store is the file the user owns; never commit it
+*.db
+*.db-wal
+*.db-shm
+*.sqlite
+*.sqlite3
+/data/
+
+# Secrets — keys come from env/.env/OS-keyring, never the repo
+.env
+.env.*
+!.env.example
+
+# Go
+/vendor/
+coverage.txt
+coverage.html
+
+# Editor / OS
+.DS_Store
+.idea/
+.vscode/
+*.swp
+
+# Python SDK build artifacts
+sdks/python/build/
+sdks/python/dist/
+sdks/python/*.egg-info/
+__pycache__/
+.venv/

riskkernel-0.3.0/PKG-INFO

@@ -0,0 +1,121 @@
+Metadata-Version: 2.4
+Name: riskkernel
+Version: 0.3.0
+Summary: Thin Python client for the RiskKernel reliability runtime (Surface 2).
+Project-URL: Homepage, https://github.com/prashar32/riskkernel
+Project-URL: Source, https://github.com/prashar32/riskkernel
+Author: Adarsh Prashar
+License-Expression: Apache-2.0
+Keywords: agents,budget,governance,guardrails,llm,reliability
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Software Development :: Libraries
+Requires-Python: >=3.9
+Provides-Extra: dev
+Requires-Dist: pytest; extra == 'dev'
+Provides-Extra: langchain
+Requires-Dist: langchain-core; extra == 'langchain'
+Description-Content-Type: text/markdown
+
+# riskkernel (Python SDK)
+
+The Python SDK for [RiskKernel](https://github.com/prashar32/riskkernel) — **Surface 2**, deep control over a governed agent run.
+
+It is a **thin client** over the self-hosted RiskKernel daemon. Every deterministic
+decision — budgets, loop/time halts, approval policy — happens in the Go core. The
+SDK just makes governed runs ergonomic from Python. **Core install is stdlib-only**
+(no third-party dependencies).
+
+```bash
+pip install riskkernel
+```
+
+## Quickstart
+
+```python
+import riskkernel as rk
+
+rt = rk.Runtime(base_url="http://localhost:7070")  # your daemon
+
+with rt.governed_run(name="research",
+                     budget=rt.budget(dollars=1.00, loops=20, seconds=300)) as run:
+    # Route your LLM client through the governing proxy so every model call is
+    # metered, priced, and budget-enforced under this run:
+    cfg = run.proxy_config()
+    #   cfg["base_url"]  -> http://localhost:7070/v1
+    #   cfg["headers"]   -> {"X-RiskKernel-Run-Id": "<run id>"}
+
+    for _ in range(100):
+        run.step()                      # raises rk.BudgetExceeded when loops/time run out
+        # ... your agent reasoning + tool calls ...
+        run.checkpoint("after-step", {"messages": messages})
+```
+
+When the governor halts the run (token / dollar / loop / time budget), the next
+`run.step()` — or a proxied model call — raises `rk.BudgetExceeded`.
+
+## Resume after a crash
+
+The daemon reloads non-terminal runs on restart with the budget and usage they had
+already spent, so a `SIGKILL`'d run keeps enforcing without re-spending. Reattach to
+it by id with `resume_run` and pick your work back up from the last checkpoint:
+
+```python
+with rt.resume_run(run_id) as run:          # attaches; never creates or cancels
+    cp = run.latest_checkpoint()            # the state you saved before the crash
+    start = cp["payload"]["cursor"] if cp else 0
+    for i in range(start, total):           # skip the steps you already paid for
+        run.step()                          # counts against the SAME budget
+        # ... your work ...
+        run.checkpoint("step", {"cursor": i + 1})
+```
+
+The run resumes against whatever budget it had left, so it can't overspend by
+restarting — `run.step()` still raises `rk.BudgetExceeded` at the original ceiling.
+
+## Human-in-the-loop tools
+
+Gate side-effecting tools on human approval (the daemon's policy decides what needs
+it; the call blocks until a human resolves it via CLI / web / webhook):
+
+```python
+from riskkernel import governed_tool, ApprovalGate
+
+@governed_tool(side_effect="write")
+def write_file(path, content):
+    ...                                  # only runs if approved; else rk.ApprovalDenied
+
+# or explicitly:
+gate = ApprovalGate(run)
+if gate.allow("mcp://shell", side_effect="exec", arguments={"cmd": cmd}):
+    run_shell(cmd)
+```
+
+## Framework adapters
+
+Lazy-imported, so you only pay for what you use:
+
+```python
+# LangChain / LangGraph — enforces loop/time budgets per LLM call
+from riskkernel.adapters.langchain import RiskKernelCallbackHandler
+llm.invoke(prompt, config={"callbacks": [RiskKernelCallbackHandler(run)]})
+
+# Claude Agent SDK — PreToolUse approval hook
+from riskkernel.adapters.claude_agent import make_pre_tool_use_hook
+hook = make_pre_tool_use_hook(run, side_effect_for={"Bash": "exec", "Write": "write"})
+
+# OpenAI Agents SDK — RunHooks (steps + tool approval)
+from riskkernel.adapters.openai_agents import RiskKernelRunHooks
+hooks = RiskKernelRunHooks(run, gate_tools=True)
+```
+
+## Configuration
+
+`Runtime(base_url=..., token=...)`, or the env vars `RISKKERNEL_BASE_URL` and
+`RISKKERNEL_API_TOKEN` (used by the decorator/convenience API and `default_runtime()`).
+
+## License
+
+Apache-2.0.

riskkernel-0.3.0/README.md

@@ -0,0 +1,100 @@
+# riskkernel (Python SDK)
+
+The Python SDK for [RiskKernel](https://github.com/prashar32/riskkernel) — **Surface 2**, deep control over a governed agent run.
+
+It is a **thin client** over the self-hosted RiskKernel daemon. Every deterministic
+decision — budgets, loop/time halts, approval policy — happens in the Go core. The
+SDK just makes governed runs ergonomic from Python. **Core install is stdlib-only**
+(no third-party dependencies).
+
+```bash
+pip install riskkernel
+```
+
+## Quickstart
+
+```python
+import riskkernel as rk
+
+rt = rk.Runtime(base_url="http://localhost:7070")  # your daemon
+
+with rt.governed_run(name="research",
+                     budget=rt.budget(dollars=1.00, loops=20, seconds=300)) as run:
+    # Route your LLM client through the governing proxy so every model call is
+    # metered, priced, and budget-enforced under this run:
+    cfg = run.proxy_config()
+    #   cfg["base_url"]  -> http://localhost:7070/v1
+    #   cfg["headers"]   -> {"X-RiskKernel-Run-Id": "<run id>"}
+
+    for _ in range(100):
+        run.step()                      # raises rk.BudgetExceeded when loops/time run out
+        # ... your agent reasoning + tool calls ...
+        run.checkpoint("after-step", {"messages": messages})
+```
+
+When the governor halts the run (token / dollar / loop / time budget), the next
+`run.step()` — or a proxied model call — raises `rk.BudgetExceeded`.
+
+## Resume after a crash
+
+The daemon reloads non-terminal runs on restart with the budget and usage they had
+already spent, so a `SIGKILL`'d run keeps enforcing without re-spending. Reattach to
+it by id with `resume_run` and pick your work back up from the last checkpoint:
+
+```python
+with rt.resume_run(run_id) as run:          # attaches; never creates or cancels
+    cp = run.latest_checkpoint()            # the state you saved before the crash
+    start = cp["payload"]["cursor"] if cp else 0
+    for i in range(start, total):           # skip the steps you already paid for
+        run.step()                          # counts against the SAME budget
+        # ... your work ...
+        run.checkpoint("step", {"cursor": i + 1})
+```
+
+The run resumes against whatever budget it had left, so it can't overspend by
+restarting — `run.step()` still raises `rk.BudgetExceeded` at the original ceiling.
+
+## Human-in-the-loop tools
+
+Gate side-effecting tools on human approval (the daemon's policy decides what needs
+it; the call blocks until a human resolves it via CLI / web / webhook):
+
+```python
+from riskkernel import governed_tool, ApprovalGate
+
+@governed_tool(side_effect="write")
+def write_file(path, content):
+    ...                                  # only runs if approved; else rk.ApprovalDenied
+
+# or explicitly:
+gate = ApprovalGate(run)
+if gate.allow("mcp://shell", side_effect="exec", arguments={"cmd": cmd}):
+    run_shell(cmd)
+```
+
+## Framework adapters
+
+Lazy-imported, so you only pay for what you use:
+
+```python
+# LangChain / LangGraph — enforces loop/time budgets per LLM call
+from riskkernel.adapters.langchain import RiskKernelCallbackHandler
+llm.invoke(prompt, config={"callbacks": [RiskKernelCallbackHandler(run)]})
+
+# Claude Agent SDK — PreToolUse approval hook
+from riskkernel.adapters.claude_agent import make_pre_tool_use_hook
+hook = make_pre_tool_use_hook(run, side_effect_for={"Bash": "exec", "Write": "write"})
+
+# OpenAI Agents SDK — RunHooks (steps + tool approval)
+from riskkernel.adapters.openai_agents import RiskKernelRunHooks
+hooks = RiskKernelRunHooks(run, gate_tools=True)
+```
+
+## Configuration
+
+`Runtime(base_url=..., token=...)`, or the env vars `RISKKERNEL_BASE_URL` and
+`RISKKERNEL_API_TOKEN` (used by the decorator/convenience API and `default_runtime()`).
+
+## License
+
+Apache-2.0.

riskkernel-0.3.0/pyproject.toml

@@ -0,0 +1,39 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "riskkernel"
+version = "0.3.0"
+description = "Thin Python client for the RiskKernel reliability runtime (Surface 2)."
+readme = "README.md"
+requires-python = ">=3.9"
+license = "Apache-2.0"
+authors = [{ name = "Adarsh Prashar" }]
+keywords = ["llm", "agents", "governance", "reliability", "budget", "guardrails"]
+classifiers = [
+  "Development Status :: 3 - Alpha",
+  "Intended Audience :: Developers",
+  "License :: OSI Approved :: Apache Software License",
+  "Programming Language :: Python :: 3",
+  "Topic :: Software Development :: Libraries",
+]
+dependencies = []  # core is stdlib-only
+
+[project.urls]
+Homepage = "https://github.com/prashar32/riskkernel"
+Source = "https://github.com/prashar32/riskkernel"
+
+[project.optional-dependencies]
+langchain = ["langchain-core"]
+dev = ["pytest"]
+
+# This project lives in a subdirectory (sdks/python) of the repo. Hatchling's
+# VCS-aware file selector lists tracked files relative to the repo root, which
+# don't match the project-root-relative `packages` include — so the wheel comes
+# out empty. Selecting files from the filesystem instead of git fixes it. (#32)
+[tool.hatch.build]
+ignore-vcs = true
+
+[tool.hatch.build.targets.wheel]
+packages = ["riskkernel"]

riskkernel-0.3.0/riskkernel/__init__.py

@@ -0,0 +1,59 @@
+"""RiskKernel Python SDK — Surface 2 (deep control).
+
+A thin client over the self-hosted RiskKernel daemon. The Go core makes every
+deterministic decision (budgets, halts, approval policy); this package just makes
+governed runs ergonomic from Python.
+
+Quickstart::
+
+    import riskkernel as rk
+
+    rt = rk.Runtime(base_url="http://localhost:7070")
+    with rt.governed_run(name="research", budget=rt.budget(dollars=1.00, loops=20)) as run:
+        cfg = run.proxy_config()   # route your LLM client through the governing proxy
+        for _ in range(100):
+            run.step()             # raises BudgetExceeded when loops/time run out
+            ...                    # your agent reasoning + tool calls
+            run.checkpoint("after-step", {"messages": messages})
+"""
+
+from .client import RiskKernel
+from .errors import (
+    APIError,
+    ApprovalDenied,
+    ApprovalTimeout,
+    BudgetExceeded,
+    RiskKernelError,
+)
+from .approval import ApprovalGate, governed_tool
+from .runtime import (
+    Budget,
+    Decision,
+    Run,
+    Runtime,
+    configure,
+    current_run,
+    default_runtime,
+    governed_run,
+)
+
+__version__ = "0.3.0"
+
+__all__ = [
+    "RiskKernel",
+    "Runtime",
+    "Run",
+    "Budget",
+    "Decision",
+    "ApprovalGate",
+    "governed_run",
+    "governed_tool",
+    "current_run",
+    "configure",
+    "default_runtime",
+    "RiskKernelError",
+    "APIError",
+    "BudgetExceeded",
+    "ApprovalDenied",
+    "ApprovalTimeout",
+]

riskkernel-0.3.0/riskkernel/adapters/__init__.py

@@ -0,0 +1,8 @@
+"""Framework adapters that bind a RiskKernel governed run to popular agent
+frameworks. Each adapter lazily imports its framework, so the core SDK has no
+third-party dependencies and you only pay for what you use.
+
+- ``langchain``      — a CallbackHandler (loop/time enforcement per LLM call).
+- ``claude_agent``   — a PreToolUse hook for the Claude Agent SDK (approval gate).
+- ``openai_agents``  — RunHooks for the OpenAI Agents SDK (steps + approval gate).
+"""

riskkernel-0.3.0/riskkernel/adapters/claude_agent.py

@@ -0,0 +1,75 @@
+"""Claude Agent SDK adapter: a PreToolUse hook that routes side-effecting tool
+calls through the RiskKernel approval gate. Maps cleanly to the Claude Agent SDK's
+permission model (``permissionDecision: "deny"`` blocks a tool).
+
+    from riskkernel.adapters.claude_agent import make_pre_tool_use_hook
+    hook = make_pre_tool_use_hook(run, side_effect_for={"Bash": "exec", "Write": "write"})
+    # register `hook` as your PreToolUse hook in the Claude Agent SDK options.
+
+The hook signature follows the Claude Agent SDK: it receives the hook input
+(containing the tool name and input) and returns a decision dict. Because SDK
+versions differ slightly, the returned shape is the documented
+``hookSpecificOutput`` / ``permissionDecision`` form; adjust if your version
+differs.
+"""
+
+from __future__ import annotations
+
+from typing import Any, Callable, Dict, Optional
+
+from ..runtime import Run
+
+
+def make_pre_tool_use_hook(
+    run: Run,
+    side_effect_for: Optional[Dict[str, str]] = None,
+    default_side_effect: str = "write",
+    timeout: Optional[float] = None,
+) -> Callable[..., dict]:
+    """Build a PreToolUse hook bound to a governed run.
+
+    Args:
+        run: the governed Run.
+        side_effect_for: map of tool name -> side-effect label. Tools not listed
+            use ``default_side_effect``. A tool mapped to "" (empty) is treated as
+            read-only and never gated.
+        default_side_effect: side effect for unlisted tools.
+        timeout: max seconds to await a human decision.
+    """
+    side_effect_for = side_effect_for or {}
+
+    def hook(input_data: Any = None, *args: Any, **kwargs: Any) -> dict:
+        tool_name, tool_input = _extract(input_data, kwargs)
+        side_effect = side_effect_for.get(tool_name, default_side_effect)
+        decision = run.approve(
+            tool_name or "tool", side_effect=side_effect,
+            arguments={"input": _stringify(tool_input)}, timeout=timeout,
+        )
+        if decision.approved:
+            return {}  # allow (no decision == proceed)
+        return {
+            "hookSpecificOutput": {
+                "hookEventName": "PreToolUse",
+                "permissionDecision": "deny",
+                "permissionDecisionReason": decision.reason or "denied via RiskKernel approval gate",
+            }
+        }
+
+    return hook
+
+
+def _extract(input_data: Any, kwargs: dict):
+    """Pull tool name + input out of the hook payload across SDK shapes."""
+    data = input_data if isinstance(input_data, dict) else kwargs
+    name = data.get("tool_name") or data.get("toolName") or data.get("name") or ""
+    tinput = data.get("tool_input") or data.get("toolInput") or data.get("input")
+    return name, tinput
+
+
+def _stringify(v: Any) -> Any:
+    try:
+        import json
+        json.dumps(v)
+        return v
+    except Exception:
+        return repr(v)

riskkernel-0.3.0/riskkernel/adapters/langchain.py

@@ -0,0 +1,82 @@
+"""LangChain / LangGraph adapter: a callback handler that enforces a governed
+run's loop and time budgets, ticking one step per LLM call. Point your LangChain
+LLM at the governing proxy (``run.proxy_config()``) for token/cost/budget metering;
+this handler adds the outer-loop enforcement the proxy can't see.
+
+    from riskkernel.adapters.langchain import RiskKernelCallbackHandler
+    handler = RiskKernelCallbackHandler(run)
+    llm.invoke(prompt, config={"callbacks": [handler]})
+
+A BudgetExceeded raised here propagates out of the LangChain call, halting the
+chain — exactly when the run is out of budget.
+"""
+
+from __future__ import annotations
+
+from typing import Any, Optional
+
+from ..approval import ApprovalGate
+from ..runtime import Run
+
+
+def _base_handler():
+    # Inherit the real base class when LangChain is installed (best integration);
+    # otherwise fall back to object so the module still imports.
+    try:
+        from langchain_core.callbacks import BaseCallbackHandler  # type: ignore
+        return BaseCallbackHandler
+    except Exception:
+        try:
+            from langchain.callbacks.base import BaseCallbackHandler  # type: ignore
+            return BaseCallbackHandler
+        except Exception:
+            return object
+
+
+class RiskKernelCallbackHandler(_base_handler()):  # type: ignore[misc]
+    """Enforces loop/time budgets and (optionally) gates tools on approval.
+
+    Args:
+        run: the governed Run.
+        gate_tools: if True, every tool call must pass the approval gate.
+        tool_side_effect: side-effect label reported for gated tools.
+    """
+
+    # LangChain swallows exceptions raised inside a callback — it logs them and
+    # keeps running — UNLESS the handler sets raise_error=True. Without this, a
+    # BudgetExceeded (or ApprovalDenied) raised in a hook below would be silently
+    # dropped and the chain would keep spending past its budget. This single flag
+    # is what makes the deterministic halt actually stop the LangChain run.
+    raise_error = True
+
+    def __init__(self, run: Run, gate_tools: bool = False,
+                 tool_side_effect: str = "tool"):
+        self.run = run
+        self.gate_tools = gate_tools
+        self.tool_side_effect = tool_side_effect
+        self._gate = ApprovalGate(run)
+
+    # One LLM call == one governed step. Raises BudgetExceeded when spent.
+    def on_llm_start(self, serialized: Any, prompts: Any, **kwargs: Any) -> None:
+        self.run.step()
+
+    def on_chat_model_start(self, serialized: Any, messages: Any, **kwargs: Any) -> None:
+        self.run.step()
+
+    def on_tool_start(self, serialized: Any, input_str: Any, **kwargs: Any) -> None:
+        if not self.gate_tools:
+            return
+        name = ""
+        if isinstance(serialized, dict):
+            name = serialized.get("name", "")
+        self._gate.require(name or "tool", side_effect=self.tool_side_effect,
+                           arguments={"input": _stringify(input_str)})
+
+
+def _stringify(v: Any) -> Any:
+    try:
+        import json
+        json.dumps(v)
+        return v
+    except Exception:
+        return repr(v)

riskkernel-0.3.0/riskkernel/adapters/openai_agents.py

@@ -0,0 +1,49 @@
+"""OpenAI Agents SDK adapter: lifecycle hooks that tick a governed step per agent
+turn and gate tools through the approval gate.
+
+    from riskkernel.adapters.openai_agents import RiskKernelRunHooks
+    hooks = RiskKernelRunHooks(run, gate_tools=True)
+    await Runner.run(agent, input, hooks=hooks)
+
+The OpenAI Agents SDK calls ``on_agent_start``/``on_tool_start`` (async). We tick a
+step on each agent start (loop/time enforcement) and, when ``gate_tools`` is set,
+await approval before a tool runs — raising ApprovalDenied to block it.
+"""
+
+from __future__ import annotations
+
+from typing import Any, Optional
+
+from ..approval import ApprovalGate
+from ..runtime import Run
+
+
+def _base_hooks():
+    try:
+        from agents import RunHooks  # type: ignore  (openai-agents)
+        return RunHooks
+    except Exception:
+        return object
+
+
+class RiskKernelRunHooks(_base_hooks()):  # type: ignore[misc]
+    """RunHooks that bind a governed run to an OpenAI Agents run."""
+
+    def __init__(self, run: Run, gate_tools: bool = False,
+                 tool_side_effect: str = "tool", timeout: Optional[float] = None):
+        self.run = run
+        self.gate_tools = gate_tools
+        self.tool_side_effect = tool_side_effect
+        self.timeout = timeout
+        self._gate = ApprovalGate(run)
+
+    async def on_agent_start(self, context: Any = None, agent: Any = None, **kwargs: Any) -> None:
+        # One agent turn == one governed step (enforces loop/time budgets).
+        self.run.step()
+
+    async def on_tool_start(self, context: Any = None, agent: Any = None,
+                            tool: Any = None, **kwargs: Any) -> None:
+        if not self.gate_tools:
+            return
+        name = getattr(tool, "name", None) or str(tool)
+        self._gate.require(name, side_effect=self.tool_side_effect, timeout=self.timeout)

riskkernel-0.3.0/riskkernel/approval.py

@@ -0,0 +1,86 @@
+"""Human-in-the-loop approval helpers for the SDK."""
+
+from __future__ import annotations
+
+import functools
+from typing import Any, Callable, Optional
+
+from .errors import ApprovalDenied, RiskKernelError
+from .runtime import Decision, Run, current_run
+
+
+class ApprovalGate:
+    """Gates side-effecting actions on human approval. Wraps a Run and asks the
+    daemon (deterministic policy) whether a call needs approval, then blocks until
+    a human resolves it.
+
+        gate = ApprovalGate(run)
+        if gate.allow("mcp://shell", side_effect="exec", arguments={"cmd": cmd}):
+            run_shell(cmd)
+    """
+
+    def __init__(self, run: Optional[Run] = None):
+        self._run = run
+
+    def _resolve_run(self) -> Run:
+        run = self._run or current_run()
+        if run is None:
+            raise RiskKernelError("ApprovalGate used outside a governed run")
+        return run
+
+    def decide(self, tool: str, side_effect: str = "", arguments: Optional[dict] = None,
+               step_index: int = 0, timeout: Optional[float] = None) -> Decision:
+        """Return the Decision (blocking until resolved). Does not raise on denial."""
+        return self._resolve_run().approve(
+            tool, side_effect=side_effect, arguments=arguments,
+            step_index=step_index, timeout=timeout,
+        )
+
+    def allow(self, tool: str, side_effect: str = "", arguments: Optional[dict] = None,
+              step_index: int = 0, timeout: Optional[float] = None) -> bool:
+        """Convenience boolean: True if approved."""
+        return self.decide(tool, side_effect, arguments, step_index, timeout).approved
+
+    def require(self, tool: str, side_effect: str = "", arguments: Optional[dict] = None,
+                step_index: int = 0, timeout: Optional[float] = None) -> None:
+        """Raise ApprovalDenied if not approved (use to guard before a side effect)."""
+        d = self.decide(tool, side_effect, arguments, step_index, timeout)
+        if not d.approved:
+            raise ApprovalDenied(tool, d.reason)
+
+
+def governed_tool(_fn: Optional[Callable] = None, *, tool: Optional[str] = None,
+                  side_effect: str = "write", timeout: Optional[float] = None):
+    """Decorator for a side-effecting tool function: before it runs, ask the
+    approval gate (under the current governed run). Raises ApprovalDenied if the
+    human says no.
+
+        @governed_tool(side_effect="write")
+        def write_file(path, content): ...
+    """
+
+    def decorate(fn: Callable) -> Callable:
+        tool_name = tool or fn.__name__
+
+        @functools.wraps(fn)
+        def wrapper(*args: Any, **kwargs: Any) -> Any:
+            ApprovalGate().require(
+                tool_name, side_effect=side_effect,
+                arguments={"args": _safe(args), "kwargs": _safe(kwargs)},
+                timeout=timeout,
+            )
+            return fn(*args, **kwargs)
+
+        return wrapper
+
+    return decorate(_fn) if _fn is not None else decorate
+
+
+def _safe(obj: Any) -> Any:
+    """Best-effort JSON-able rendering of call arguments for the approver to read."""
+    try:
+        import json
+        json.dumps(obj)
+        return obj
+    except Exception:
+        return repr(obj)