rulegate 0.2.0__py3-none-any.whl

rulegate/__init__.py

@@ -0,0 +1,72 @@
+# Copyright 2026 actiongate-oss
+# Licensed under the Business Source License 1.1 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the LICENSE file at the
+# root of this repository.
+
+"""RuleGate: Deterministic policy enforcement for agent systems.
+
+Evaluates callable predicates against action context before execution.
+All rules must pass for the action to proceed. Pairs with ActionGate
+and BudgetGate as composable primitives in the agent execution layer.
+
+Example:
+    from rulegate import Engine, Rule, Ruleset, Context, PolicyViolation
+
+    engine = Engine()
+
+    def no_pii(ctx: Context) -> bool:
+        return "ssn" not in str(ctx.kwargs.get("query", "")).lower()
+
+    @engine.guard(Rule("api", "search"), Ruleset(predicates=(no_pii,)))
+    def search(query: str) -> list[str]:
+        return api.search(query)
+
+    try:
+        results = search(query="find user")
+    except PolicyViolation as e:
+        print(f"Blocked: {e.decision.violated_rules}")
+"""
+
+from .core import (
+    MISSING,
+    BlockReason,
+    Context,
+    Decision,
+    Mode,
+    NamedPredicate,
+    Predicate,
+    Result,
+    Rule,
+    Ruleset,
+    Status,
+    StoreErrorMode,
+)
+from .engine import Engine, PolicyViolation
+from .store import EvalRecord, MemoryStore, Store
+
+__all__ = [
+    # Core types
+    "Rule",
+    "Ruleset",
+    "Context",
+    "Decision",
+    "Result",
+    "MISSING",
+    "Predicate",
+    "NamedPredicate",
+    # Enums
+    "Mode",
+    "Status",
+    "BlockReason",
+    "StoreErrorMode",
+    # Engine
+    "Engine",
+    "PolicyViolation",
+    # Store
+    "Store",
+    "MemoryStore",
+    "EvalRecord",
+]
+
+__version__ = "0.2.0"

rulegate/core.py

@@ -0,0 +1,205 @@
+# Copyright 2026 actiongate-oss
+# Licensed under the Business Source License 1.1 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the LICENSE file at the
+# root of this repository.
+
+"""Core types for RuleGate."""
+
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from enum import Enum, auto
+from typing import Any, Callable
+
+
+class Mode(Enum):
+    """Enforcement mode for blocked actions."""
+    HARD = auto()  # Raise exception on block
+    SOFT = auto()  # Return blocked decision (caller handles fallback)
+
+
+class StoreErrorMode(Enum):
+    """Behavior when store backend fails."""
+    FAIL_CLOSED = auto()  # Block action (safe default)
+    FAIL_OPEN = auto()    # Allow action (availability over safety)
+
+
+class Status(Enum):
+    """Decision outcome."""
+    ALLOW = auto()
+    BLOCK = auto()
+
+
+class BlockReason(Enum):
+    """Why an action was blocked."""
+    POLICY_VIOLATION = auto()  # One or more rules failed
+    STORE_ERROR = auto()       # Backend failure (behavior depends on ruleset)
+
+
+@dataclass(frozen=True, slots=True)
+class Rule:
+    """Identifies a policy-checked action stream.
+
+    Examples:
+        Rule("api", "search", "user:123")       # per-user policy
+        Rule("support", "escalate", "agent:42")  # per-agent policy
+        Rule("billing", "refund", "global")      # global policy
+    """
+    namespace: str
+    action: str
+    principal: str = "global"
+
+    def __str__(self) -> str:
+        return f"{self.namespace}:{self.action}@{self.principal}"
+
+    @property
+    def key(self) -> str:
+        """Redis-friendly key string."""
+        return f"rg:{self.namespace}:{self.action}:{self.principal}"
+
+
+@dataclass(frozen=True, slots=True)
+class Context:
+    """Immutable context passed to rule predicates.
+
+    Carries the arguments and metadata of the action being evaluated.
+    Rules inspect this to decide allow/deny without side effects.
+
+    Args:
+        rule: The rule being evaluated.
+        args: Positional arguments to the guarded function.
+        kwargs: Keyword arguments to the guarded function.
+        meta: Arbitrary metadata (e.g., headers, session info).
+    """
+    rule: Rule
+    args: tuple[Any, ...] = ()
+    kwargs: dict[str, Any] = field(default_factory=dict)
+    meta: dict[str, Any] = field(default_factory=dict)
+
+
+# Type alias for rule predicates.
+# A predicate receives a Context and returns True (allow) or False (deny).
+Predicate = Callable[[Context], bool]
+
+
+@dataclass(frozen=True, slots=True)
+class NamedPredicate:
+    """A predicate with a human-readable name for diagnostics.
+
+    When a predicate fails, the name appears in Decision.violated_rules
+    so operators can identify which rule blocked the action.
+    """
+    name: str
+    fn: Predicate
+
+    def __call__(self, ctx: Context) -> bool:
+        return self.fn(ctx)
+
+
+@dataclass(frozen=True, slots=True)
+class Ruleset:
+    """Policy rules for a gated action.
+
+    A ruleset contains one or more predicates. ALL must pass for the action
+    to be allowed (conjunction / AND logic). Any failure blocks the action.
+
+    Predicates can be plain callables or NamedPredicate instances.
+    Plain callables use their __name__ or __qualname__ for diagnostics.
+
+    Args:
+        predicates: One or more rule predicates (all must pass).
+        mode: HARD raises on block, SOFT returns decision.
+        on_store_error: FAIL_CLOSED blocks, FAIL_OPEN allows.
+
+    Example:
+        def no_pii(ctx: Context) -> bool:
+            return "ssn" not in str(ctx.kwargs.get("query", "")).lower()
+
+        Ruleset(
+            predicates=[no_pii],
+            mode=Mode.HARD,
+        )
+    """
+    predicates: tuple[Predicate | NamedPredicate, ...] = ()
+    mode: Mode = Mode.HARD
+    on_store_error: StoreErrorMode = StoreErrorMode.FAIL_CLOSED
+
+    def __post_init__(self) -> None:
+        if not self.predicates:
+            raise ValueError("predicates must not be empty")
+        for p in self.predicates:
+            if not callable(p):
+                raise TypeError(f"predicate must be callable, got {type(p).__name__}")
+
+
+@dataclass(frozen=True, slots=True)
+class Decision:
+    """Result of evaluating an action against its ruleset."""
+    status: Status
+    rule: Rule
+    ruleset: Ruleset
+    reason: BlockReason | None = None
+    message: str | None = None
+    violated_rules: tuple[str, ...] = ()
+    evaluated_count: int = 0
+
+    @property
+    def allowed(self) -> bool:
+        return self.status == Status.ALLOW
+
+    @property
+    def blocked(self) -> bool:
+        return self.status == Status.BLOCK
+
+    def __bool__(self) -> bool:
+        """Truthy = allowed."""
+        return self.allowed
+
+
+class _Missing:
+    """Sentinel for distinguishing None from missing value."""
+    __slots__ = ()
+    def __repr__(self) -> str:
+        return "<MISSING>"
+
+MISSING = _Missing()
+
+
+@dataclass(frozen=True, slots=True)
+class Result[T]:
+    """Wrapper for guarded function results.
+
+    Uses a sentinel to distinguish between:
+    - Function returned None (legitimate value)
+    - Function was blocked (no value)
+    """
+    decision: Decision
+    _value: T | _Missing = MISSING
+
+    @property
+    def ok(self) -> bool:
+        return self.decision.allowed
+
+    @property
+    def has_value(self) -> bool:
+        return not isinstance(self._value, _Missing)
+
+    @property
+    def value(self) -> T | None:
+        """Get value or None if blocked/missing."""
+        if isinstance(self._value, _Missing):
+            return None
+        return self._value
+
+    def unwrap(self) -> T:
+        """Get value or raise if blocked."""
+        if isinstance(self._value, _Missing):
+            raise ValueError(f"No value: {self.decision.message or 'blocked'}")
+        return self._value
+
+    def unwrap_or(self, default: T) -> T:
+        """Get value or return default if blocked."""
+        if isinstance(self._value, _Missing):
+            return default
+        return self._value

rulegate/engine.py

@@ -0,0 +1,397 @@
+# Copyright 2026 actiongate-oss
+# Licensed under the Business Source License 1.1 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the LICENSE file at the
+# root of this repository.
+
+"""Core engine for RuleGate."""
+
+from __future__ import annotations
+
+import time
+from functools import wraps
+from typing import Any, Callable, ParamSpec, TypeVar
+
+from .core import (
+    BlockReason,
+    Context,
+    Decision,
+    Mode,
+    NamedPredicate,
+    Predicate,
+    Result,
+    Rule,
+    Ruleset,
+    Status,
+)
+from .store import MemoryStore, Store
+
+P = ParamSpec("P")
+T = TypeVar("T")
+
+
+class PolicyViolation(RuntimeError):
+    """Raised when action violates policy in HARD mode."""
+
+    def __init__(self, decision: Decision) -> None:
+        super().__init__(decision.message or f"Policy violation: {decision.reason}")
+        self.decision = decision
+
+
+def _predicate_name(predicate: Predicate | NamedPredicate) -> str:
+    """Extract a human-readable name from a predicate."""
+    if isinstance(predicate, NamedPredicate):
+        return predicate.name
+    name = getattr(predicate, "__qualname__", None) or getattr(predicate, "__name__", None)
+    return name or repr(predicate)
+
+
+class Engine:
+    """RuleGate engine for policy enforcement on agent actions.
+
+    RuleGate evaluates callable predicates against action context
+    before execution. All predicates in a ruleset must pass for
+    the action to be allowed (conjunction / AND logic).
+
+    Rules are stateless: evaluation depends only on the predicates
+    and the context at call time, never on stored state. The store
+    is used only for audit logging of evaluation outcomes.
+
+    Example:
+        engine = Engine()
+
+        def no_pii(ctx: Context) -> bool:
+            return "ssn" not in str(ctx.kwargs.get("query", "")).lower()
+
+        def business_hours(ctx: Context) -> bool:
+            return 9 <= ctx.meta["hour"] < 17
+
+        @engine.guard(
+            Rule("api", "search"),
+            Ruleset(predicates=(no_pii, business_hours)),
+        )
+        def search(query: str) -> list[str]:
+            return db.search(query)
+
+        try:
+            results = search(query="find user")
+        except PolicyViolation as e:
+            print(f"Blocked: {e.decision.violated_rules}")
+
+        # Or use guard_result for no-exception handling:
+        @engine.guard_result(
+            Rule("api", "fetch"),
+            Ruleset(predicates=(no_pii,), mode=Mode.SOFT),
+        )
+        def fetch(url: str) -> dict:
+            return requests.get(url).json()
+
+        result = fetch(url="https://api.example.com")
+        data = result.unwrap_or({"error": "policy violation"})
+    """
+
+    __slots__ = ("_store", "_clock", "_rulesets", "_listeners", "_errors")
+
+    def __init__(
+        self,
+        store: Store | None = None,
+        clock: Callable[[], float] | None = None,
+    ) -> None:
+        self._store: Store = store or MemoryStore()
+        self._clock = clock or time.monotonic
+        self._rulesets: dict[Rule, Ruleset] = {}
+        self._listeners: list[Callable[[Decision], None]] = []
+        self._errors = 0
+
+    # ─────────────────────────────────────────────────────────────
+    # Configuration
+    # ─────────────────────────────────────────────────────────────
+
+    def register(self, rule: Rule, ruleset: Ruleset) -> None:
+        """Register a ruleset for a rule."""
+        self._rulesets[rule] = ruleset
+
+    def ruleset_for(self, rule: Rule) -> Ruleset | None:
+        """Get ruleset for rule (None if not registered)."""
+        return self._rulesets.get(rule)
+
+    def on_decision(self, listener: Callable[[Decision], None]) -> None:
+        """Add a listener for decisions (for logging/metrics)."""
+        self._listeners.append(listener)
+
+    @property
+    def listener_errors(self) -> int:
+        """Count of listener exceptions (never block execution)."""
+        return self._errors
+
+    # ─────────────────────────────────────────────────────────────
+    # Core API
+    # ─────────────────────────────────────────────────────────────
+
+    def check(
+        self,
+        rule: Rule,
+        ruleset: Ruleset | None = None,
+        *,
+        args: tuple[Any, ...] = (),
+        kwargs: dict[str, Any] | None = None,
+        meta: dict[str, Any] | None = None,
+    ) -> Decision:
+        """Evaluate all predicates in the ruleset against the action context.
+
+        All predicates must return True for the action to be allowed.
+        Evaluation short-circuits on the first failure.
+
+        Args:
+            rule: The rule identity to evaluate.
+            ruleset: Ruleset to use (overrides registered). Required if not registered.
+            args: Positional arguments to the guarded function.
+            kwargs: Keyword arguments to the guarded function.
+            meta: Arbitrary metadata for predicates to inspect.
+
+        Returns:
+            Decision with status ALLOW or BLOCK.
+
+        Raises:
+            ValueError: If no ruleset is registered or provided.
+        """
+        return self._evaluate(
+            rule, ruleset, args=args, kwargs=kwargs, meta=meta, short_circuit=True,
+        )
+
+    def check_all(
+        self,
+        rule: Rule,
+        ruleset: Ruleset | None = None,
+        *,
+        args: tuple[Any, ...] = (),
+        kwargs: dict[str, Any] | None = None,
+        meta: dict[str, Any] | None = None,
+    ) -> Decision:
+        """Evaluate ALL predicates without short-circuiting.
+
+        Unlike check(), this evaluates every predicate even after a failure.
+        Useful for diagnostics: shows all violated rules, not just the first.
+
+        Same signature and return type as check().
+        """
+        return self._evaluate(
+            rule, ruleset, args=args, kwargs=kwargs, meta=meta, short_circuit=False,
+        )
+
+    def enforce(self, decision: Decision) -> None:
+        """Raise PolicyViolation if decision is blocked in HARD mode."""
+        if decision.blocked and decision.ruleset.mode == Mode.HARD:
+            raise PolicyViolation(decision)
+
+    def clear(self, rule: Rule) -> None:
+        """Clear evaluation records for a rule."""
+        self._store.clear(rule)
+
+    def clear_all(self) -> None:
+        """Clear all evaluation records."""
+        self._store.clear_all()
+
+    # ─────────────────────────────────────────────────────────────
+    # Decorator API
+    # ─────────────────────────────────────────────────────────────
+
+    def guard(
+        self,
+        rule: Rule,
+        ruleset: Ruleset | None = None,
+        *,
+        meta: dict[str, Any] | None = None,
+    ) -> Callable[[Callable[P, T]], Callable[P, T]]:
+        """Decorator that returns T directly.
+
+        Evaluates all predicates before executing the guarded function.
+        The function's args and kwargs are passed to predicates via Context.
+
+        Raises PolicyViolation on block regardless of mode.
+        Use guard_result for no-exception handling.
+
+        Args:
+            rule: The rule identity.
+            ruleset: Ruleset to register (optional if already registered).
+            meta: Static metadata passed to every evaluation.
+
+        Example:
+            @engine.guard(Rule("api", "search"), Ruleset(predicates=(no_pii,)))
+            def search(query: str) -> list[str]:
+                return db.search(query)
+
+            results = search("hello")  # Returns list[str] or raises PolicyViolation
+        """
+        if ruleset is not None:
+            self.register(rule, ruleset)
+
+        def decorator(fn: Callable[P, T]) -> Callable[P, T]:
+            @wraps(fn)
+            def wrapper(*args: P.args, **kwargs: P.kwargs) -> T:
+                decision = self.check(
+                    rule,
+                    args=args,
+                    kwargs=dict(kwargs),
+                    meta=meta or {},
+                )
+                if decision.blocked:
+                    raise PolicyViolation(decision)
+                return fn(*args, **kwargs)
+
+            return wrapper
+
+        return decorator
+
+    def guard_result(
+        self,
+        rule: Rule,
+        ruleset: Ruleset | None = None,
+        *,
+        meta: dict[str, Any] | None = None,
+    ) -> Callable[[Callable[P, T]], Callable[P, Result[T]]]:
+        """Decorator that returns Result[T] (never raises).
+
+        Use this when you want to handle policy violations gracefully
+        without exceptions.
+
+        Example:
+            @engine.guard_result(
+                Rule("api", "fetch"),
+                Ruleset(predicates=(no_pii,), mode=Mode.SOFT),
+            )
+            def fetch(url: str) -> dict:
+                return requests.get(url).json()
+
+            result = fetch(url="https://api.example.com")
+            data = result.unwrap_or({"error": "policy violation"})
+        """
+        if ruleset is not None:
+            self.register(rule, ruleset)
+
+        def decorator(fn: Callable[P, T]) -> Callable[P, Result[T]]:
+            @wraps(fn)
+            def wrapper(*args: P.args, **kwargs: P.kwargs) -> Result[T]:
+                decision = self.check(
+                    rule,
+                    args=args,
+                    kwargs=dict(kwargs),
+                    meta=meta or {},
+                )
+
+                if decision.blocked:
+                    return Result(decision=decision)
+
+                value = fn(*args, **kwargs)
+                return Result(decision=decision, _value=value)
+
+            return wrapper
+
+        return decorator
+
+    # ─────────────────────────────────────────────────────────────
+    # Internal
+    # ─────────────────────────────────────────────────────────────
+
+    def _evaluate(
+        self,
+        rule: Rule,
+        ruleset: Ruleset | None,
+        *,
+        args: tuple[Any, ...],
+        kwargs: dict[str, Any] | None,
+        meta: dict[str, Any] | None,
+        short_circuit: bool,
+    ) -> Decision:
+        """Shared evaluation logic for check() and check_all()."""
+        now = self._clock()
+        ruleset = ruleset or self.ruleset_for(rule)
+
+        if ruleset is None:
+            method = "check" if short_circuit else "check_all"
+            raise ValueError(
+                f"No ruleset registered for {rule}. "
+                f"Call engine.register() or pass ruleset to {method}()."
+            )
+
+        ctx = Context(
+            rule=rule,
+            args=args,
+            kwargs=kwargs or {},
+            meta=meta or {},
+        )
+
+        violated: list[str] = []
+        evaluated = 0
+
+        for predicate in ruleset.predicates:
+            evaluated += 1
+            try:
+                result = predicate(ctx)
+            except Exception as e:
+                name = _predicate_name(predicate)
+                violated.append(f"{name} (raised: {type(e).__name__}: {e})")
+                if short_circuit:
+                    break
+                continue
+
+            if not result:
+                violated.append(_predicate_name(predicate))
+                if short_circuit:
+                    break
+
+        if violated:
+            decision = self._decide(
+                rule,
+                ruleset,
+                status=Status.BLOCK,
+                reason=BlockReason.POLICY_VIOLATION,
+                message=f"Policy violation: {', '.join(violated)}",
+                violated_rules=tuple(violated),
+                evaluated_count=evaluated,
+            )
+        else:
+            decision = self._decide(
+                rule,
+                ruleset,
+                status=Status.ALLOW,
+                evaluated_count=evaluated,
+            )
+
+        # Audit log (fire-and-forget, never affects decision)
+        try:
+            self._store.record(rule, now, decision)
+        except Exception:
+            self._errors += 1
+
+        return decision
+
+    def _decide(
+        self,
+        rule: Rule,
+        ruleset: Ruleset,
+        *,
+        status: Status,
+        reason: BlockReason | None = None,
+        message: str | None = None,
+        violated_rules: tuple[str, ...] = (),
+        evaluated_count: int = 0,
+    ) -> Decision:
+        decision = Decision(
+            status=status,
+            rule=rule,
+            ruleset=ruleset,
+            reason=reason,
+            message=message,
+            violated_rules=violated_rules,
+            evaluated_count=evaluated_count,
+        )
+        self._emit(decision)
+        return decision
+
+    def _emit(self, decision: Decision) -> None:
+        for listener in self._listeners:
+            try:
+                listener(decision)
+            except Exception:
+                self._errors += 1

rulegate/store.py

@@ -0,0 +1,140 @@
+# Copyright 2026 actiongate-oss
+# Licensed under the Business Source License 1.1 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the LICENSE file at the
+# root of this repository.
+
+"""Storage backends for RuleGate.
+
+RuleGate rules are stateless predicates — they don't accumulate events
+like ActionGate or BudgetGate. The store records evaluation outcomes
+for observability and audit purposes.
+"""
+
+from __future__ import annotations
+
+import threading
+from dataclasses import dataclass
+from typing import Protocol
+
+from .core import Decision, Rule
+
+
+@dataclass(slots=True)
+class EvalRecord:
+    """A recorded rule evaluation."""
+    ts: float
+    decision: Decision
+
+
+class Store(Protocol):
+    """Storage backend protocol for evaluation records.
+
+    Implementations provide audit logging of rule evaluation outcomes.
+    Unlike ActionGate/BudgetGate stores, the RuleGate store is NOT
+    in the critical path — evaluation does not depend on store state.
+    Store failures never affect the allow/deny decision.
+    """
+
+    def record(self, rule: Rule, now: float, decision: Decision) -> None:
+        """Record an evaluation outcome.
+
+        This is fire-and-forget. Failures are silently ignored
+        (they do not affect the decision).
+        """
+        ...
+
+    def get_records(
+        self,
+        rule: Rule,
+        now: float,
+        window: float | None,
+    ) -> list[EvalRecord]:
+        """Get evaluation records for a rule within a time window.
+
+        Args:
+            rule: The rule to query.
+            now: Current timestamp.
+            window: Rolling window in seconds (None = all records).
+
+        Returns:
+            List of evaluation records, oldest first.
+        """
+        ...
+
+    def clear(self, rule: Rule) -> None:
+        """Clear evaluation records for a specific rule."""
+        ...
+
+    def clear_all(self) -> None:
+        """Clear all evaluation records."""
+        ...
+
+
+class MemoryStore:
+    """Thread-safe in-memory store for evaluation records.
+
+    Lock ordering (must always acquire in this order to prevent deadlock):
+        1. _global_lock
+        2. rule-specific lock from _locks
+
+    Suitable for single-process deployments and testing.
+    """
+
+    __slots__ = ("_records", "_locks", "_global_lock")
+
+    def __init__(self) -> None:
+        self._records: dict[Rule, list[EvalRecord]] = {}
+        self._locks: dict[Rule, threading.Lock] = {}
+        self._global_lock = threading.Lock()
+
+    def _get_lock(self, rule: Rule) -> threading.Lock:
+        """Get or create lock for rule. Must hold _global_lock when calling."""
+        if rule not in self._locks:
+            self._locks[rule] = threading.Lock()
+        return self._locks[rule]
+
+    def _prune(
+        self,
+        records: list[EvalRecord],
+        now: float,
+        window: float | None,
+    ) -> list[EvalRecord]:
+        """Remove records outside the window."""
+        if window is None:
+            return list(records)
+        cutoff = now - window
+        return [r for r in records if r.ts >= cutoff]
+
+    def record(self, rule: Rule, now: float, decision: Decision) -> None:
+        with self._global_lock:
+            lock = self._get_lock(rule)
+            with lock:
+                records = self._records.get(rule, [])
+                records.append(EvalRecord(ts=now, decision=decision))
+                self._records[rule] = records
+
+    def get_records(
+        self,
+        rule: Rule,
+        now: float,
+        window: float | None,
+    ) -> list[EvalRecord]:
+        with self._global_lock:
+            lock = self._get_lock(rule)
+            with lock:
+                records = self._records.get(rule, [])
+                pruned = self._prune(records, now, window)
+                self._records[rule] = pruned
+                return list(pruned)
+
+    def clear(self, rule: Rule) -> None:
+        with self._global_lock:
+            lock = self._get_lock(rule)
+            with lock:
+                self._records.pop(rule, None)
+
+    def clear_all(self) -> None:
+        with self._global_lock:
+            self._records.clear()
+            self._locks.clear()

rulegate-0.2.0.dist-info/METADATA

@@ -0,0 +1,277 @@
+Metadata-Version: 2.4
+Name: rulegate
+Version: 0.2.0
+Summary: Deterministic, pre-execution policy enforcement for semantic actions in agent systems.
+Project-URL: Homepage, https://github.com/actiongate-oss/rulegate
+Project-URL: Documentation, https://github.com/actiongate-oss/rulegate#readme
+Project-URL: Repository, https://github.com/actiongate-oss/rulegate
+Author-email: ActionGate OSS <actiongate-oss@users.noreply.github.com>
+License-Expression: BUSL-1.1
+License-File: LICENSE
+Keywords: agent-framework,ai-agents,llm,policy-enforcement,rules-engine
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: Other/Proprietary License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Typing :: Typed
+Requires-Python: >=3.12
+Provides-Extra: dev
+Requires-Dist: mypy>=1.0; extra == 'dev'
+Requires-Dist: pytest-cov>=4.0; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.1; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# RuleGate
+
+Deterministic, pre-execution policy enforcement for semantic actions in agent systems.
+
+## Source of Truth
+
+The canonical source is [github.com/actiongate-oss/rulegate](https://github.com/actiongate-oss/rulegate). PyPI distribution is a convenience mirror.
+
+**Vendoring and forking are permitted** under the terms of the [BSL 1.1 license](LICENSE). If you vendor RuleGate, you must preserve the LICENSE file, preserve copyright headers in source files, and not remove or modify the BSL terms. The production use restriction applies to vendored copies. See [SEMANTICS.md](SEMANTICS.md) for the behavioral contract if you reimplement.
+
+---
+
+## Quick Start
+
+```python
+from rulegate import Engine, Rule, Ruleset, Context, PolicyViolation
+
+engine = Engine()
+
+def no_pii(ctx: Context) -> bool:
+    return "ssn" not in str(ctx.kwargs.get("query", "")).lower()
+
+@engine.guard(Rule("api", "search"), Ruleset(predicates=(no_pii,)))
+def search(query: str) -> list[str]:
+    return api.search(query)
+
+try:
+    results = search(query="find user")
+except PolicyViolation as e:
+    print(f"Blocked: {e.decision.violated_rules}")
+```
+
+---
+
+## Core Concepts
+
+### Rule
+
+Identifies what's being policy-checked:
+
+```python
+Rule(namespace, action, principal)
+
+Rule("api", "search", "user:123")       # per-user policy
+Rule("support", "escalate", "agent:42")  # per-agent policy
+Rule("billing", "refund", "global")      # global policy
+```
+
+### Ruleset
+
+```python
+Ruleset(
+    predicates=(no_pii, business_hours),  # all must pass (AND logic)
+    mode=Mode.HARD,                        # HARD raises, SOFT returns decision
+    on_store_error=StoreErrorMode.FAIL_CLOSED,
+)
+```
+
+### Predicates
+
+A predicate is a callable that receives a `Context` and returns `True` (allow) or `False` (deny). Predicates must be pure functions — no I/O, no side effects, no mutations. All external state (time, configuration, session data) should be passed via `meta`:
+
+```python
+def no_pii(ctx: Context) -> bool:
+    return "ssn" not in str(ctx.kwargs.get("query", "")).lower()
+
+def business_hours(ctx: Context) -> bool:
+    return 9 <= ctx.meta["hour"] < 17
+```
+
+For diagnostics, wrap predicates in `NamedPredicate`:
+
+```python
+from rulegate import NamedPredicate
+
+no_pii_named = NamedPredicate("no_pii", no_pii)
+```
+
+If a predicate raises an exception, the action is blocked. A predicate that cannot execute cannot assert permission.
+
+### Context
+
+Every predicate receives the full action context:
+
+```python
+Context(
+    rule=Rule("api", "search"),       # the rule being evaluated
+    args=("hello",),                   # positional args to guarded function
+    kwargs={"query": "find user"},     # keyword args to guarded function
+    meta={"role": "admin", "hour": 14},# arbitrary metadata (time, session, etc.)
+)
+```
+
+### Decision
+
+Every check returns a Decision:
+
+```python
+decision.allowed           # bool
+decision.blocked           # bool
+decision.violated_rules    # tuple of predicate names that failed
+decision.evaluated_count   # number of predicates evaluated
+decision.reason            # BlockReason.POLICY_VIOLATION or None
+```
+
+### Two Decorator Styles
+
+```python
+@engine.guard(rule, ruleset)        # returns T, raises PolicyViolation
+@engine.guard_result(rule, ruleset) # returns Result[T], never raises
+```
+
+---
+
+## Short-Circuit vs. Exhaustive
+
+```python
+# Production path: stops at first failure
+decision = engine.check(rule, ruleset)
+
+# Diagnostic path: evaluates all predicates, reports every violation
+decision = engine.check_all(rule, ruleset)
+```
+
+---
+
+## Determinism Guarantee
+
+The allow/deny decision is always deterministic relative to the predicates and context. Specifically:
+
+- The store is write-only from the engine's perspective and is never consulted during evaluation. Predicate results are computed independently of store state.
+- Store audit write failures are counted and silently ignored. The `on_store_error` field on `Ruleset` is accepted for forward compatibility but is not consulted in v0.2 — the store is not in the decision path.
+- Given the same predicates and the same context, the same decision is produced every time.
+
+---
+
+## Scope & Non-Goals
+
+**RuleGate does:**
+- Pre-execution policy enforcement (all predicates must pass)
+- Stateless evaluation (decision depends only on predicates and context)
+- Short-circuit and exhaustive evaluation modes
+- Full decision explainability (which predicates failed and why)
+
+**RuleGate does not:**
+- Make LLM or model inference calls
+- Perform rate limiting or throttling (use [ActionGate](https://github.com/actiongate-oss/actiongate))
+- Manage costs, budgets, or billing (use [BudgetGate](https://github.com/actiongate-oss/budgetgate))
+- Provide authentication or authorization
+- Evaluate rules based on stored state or historical patterns
+- Make network calls or perform I/O during evaluation
+
+See [SEMANTICS.md](SEMANTICS.md) for the formal behavioral contract.
+
+---
+
+## Observability
+
+```python
+engine.on_decision(lambda d: logger.info(f"{d.status}: {d.rule} {d.violated_rules}"))
+```
+
+Every decision includes: status, rule, ruleset, reason, violated_rules, evaluated_count. The store records evaluation outcomes for audit purposes but is never in the decision path.
+
+---
+
+## Relation to ActionGate and BudgetGate
+
+RuleGate is one of three composable primitives in the agent execution layer:
+
+| Primitive | Limits | Use case |
+|-----------|--------|----------|
+| [ActionGate](https://github.com/actiongate-oss/actiongate) | calls/time | Rate limiting |
+| [BudgetGate](https://github.com/actiongate-oss/budgetgate) | cost/time | Spend limiting |
+| RuleGate | policy predicates | Policy enforcement |
+
+All three are deterministic, pre-execution, and decorator-friendly. They compose via stacking:
+
+```python
+from decimal import Decimal
+
+@actiongate_engine.guard(Gate("api", "search"), Policy(max_calls=100))
+@budgetgate_engine.guard(Ledger("api", "search"), Budget(max_spend=Decimal("1.00")), cost=Decimal("0.01"))
+@rulegate_engine.guard(Rule("api", "search"), Ruleset(predicates=(no_pii, business_hours)))
+def search(query: str) -> list:
+    ...
+```
+
+---
+
+## Benchmarks
+
+```bash
+python -m rulegate.bench
+```
+
+Single-thread latency, CPython 3.12, default GC, no `PYTHONOPTIMIZE`. Measured on Linux (container, 2 vCPU). Run `bench_rulegate.py` on your target hardware — Docker, VM, and bare metal will produce different tail profiles:
+
+| Scenario | p50 | p95 | p99 |
+|----------|-----|-----|-----|
+| 1 trivial predicate | ~4μs | ~7μs | ~12μs |
+| 5 enterprise predicates | ~4.5μs | ~7μs | ~12μs |
+| 10 predicates (all pass) | ~4.5μs | ~7μs | ~12μs |
+| NullStore (no audit) | ~3μs | ~3μs | ~5μs |
+
+Predicate count adds ~30–50ns per predicate. The MemoryStore audit write is the dominant fixed cost (~1.5μs). Decision logic is bounded at 3–6μs regardless of composition.
+
+---
+
+## API Reference
+
+| Type | Purpose |
+|------|---------|
+| `Engine` | Core policy evaluation |
+| `Rule` | Action identity tuple |
+| `Ruleset` | Policy configuration (predicates + mode) |
+| `Context` | Immutable context passed to predicates |
+| `Decision` | Evaluation result with full diagnostics |
+| `Result[T]` | Wrapper for `guard_result` |
+| `PolicyViolation` | Exception from `guard` |
+| `NamedPredicate` | Predicate with human-readable name |
+| `MemoryStore` | Single-process audit backend |
+
+| Enum | Values |
+|------|--------|
+| `Mode` | `HARD`, `SOFT` |
+| `StoreErrorMode` | `FAIL_CLOSED`, `FAIL_OPEN` |
+| `Status` | `ALLOW`, `BLOCK` |
+| `BlockReason` | `POLICY_VIOLATION`, `STORE_ERROR` |
+
+---
+
+## License
+
+RuleGate is licensed under the [Business Source License 1.1](LICENSE).
+
+```
+Licensor:             actiongate-oss
+Licensed Work:        RuleGate
+Additional Use Grant: None
+Change Date:          2030-02-25 (four years from initial publication)
+Change License:       Mozilla Public License 2.0
+```
+
+**What this means:** You may copy, modify, create derivative works, redistribute, and make non-production use of RuleGate. The Additional Use Grant is "None", which means any use in a live environment that provides value to end users or internal business operations — including SaaS, internal enterprise deployment, and paid betas — requires a commercial license from the licensor. On the Change Date, RuleGate becomes available under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/) and the production restriction terminates. Each version has its own Change Date calculated from its publication.
+
+**If you vendor RuleGate:** Preserve the LICENSE file and copyright headers. Do not remove or modify the BSL terms. The production restriction applies to all copies, vendored or otherwise.
+
+**Licensing difference from siblings:** [ActionGate](https://github.com/actiongate-oss/actiongate) and [BudgetGate](https://github.com/actiongate-oss/budgetgate) are Apache 2.0. RuleGate is BSL 1.1. If composing all three, ensure your use complies with both license terms.
+
+See [LICENSE](LICENSE) for the legally binding text.

rulegate-0.2.0.dist-info/RECORD

@@ -0,0 +1,8 @@
+rulegate/__init__.py,sha256=HXYpkX8BL4YBnIJeAcmPZ3cwxJzf0A1ANw7qtCr1Mn0,1700
+rulegate/core.py,sha256=5llNGJ39scdd66AA9y0fmh4LGvQo7uFfK5LYx5G526E,6001
+rulegate/engine.py,sha256=DXqQasVS0_g6hzIEOEGxOvp6JdO4TncNGMk5hhmbu1I,13617
+rulegate/store.py,sha256=0U8QURZuYaPZkQRJufOIkfXgciozFCreos78QQkRKX8,4205
+rulegate-0.2.0.dist-info/METADATA,sha256=UTVIp-z9kk-nRfX0enonHHi5pW2Kr3Py1EdORwXegDk,10145
+rulegate-0.2.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+rulegate-0.2.0.dist-info/licenses/LICENSE,sha256=3k0hOCMFgjQev2SkD6FI15ckvohsOKzzlKpfq0s95x8,4152
+rulegate-0.2.0.dist-info/RECORD,,

rulegate-0.2.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.29.0
+Root-Is-Purelib: true
+Tag: py3-none-any

rulegate-0.2.0.dist-info/licenses/LICENSE

@@ -0,0 +1,56 @@
+Business Source License 1.1
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+"Business Source License" is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Parameters
+
+Licensor:             actiongate-oss
+Licensed Work:        RuleGate
+Additional Use Grant: None
+Change Date:          Four years from the date the Licensed Work is published.
+Change License:       Mozilla Public License 2.0
+
+-----------------------------------------------------------------------------
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative works, redistribute, and make non-production use of the Licensed Work. The Licensor may make an Additional Use Grant, above, permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly available distribution of a specific version of the Licensed Work under this License, whichever comes first, the Licensor hereby grants you rights under the terms of the Change License, and the rights granted in the paragraph above terminate.
+
+If your use of the Licensed Work does not comply with the requirements currently in effect as described in this License, you must purchase a commercial license from the Licensor, its affiliated entities, or authorized resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works of the Licensed Work, are subject to this License. This License applies separately for each version of the Licensed Work and the Change Date may vary for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy of the Licensed Work. If you receive the Licensed Work in original or modified form from a third party, the terms and conditions set forth in this License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically terminate your rights under this License for the current and all other versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of Licensor or its affiliates (provided that you may use a trademark or logo of Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE.
+
+MariaDB hereby grants you permission to use this License's text to license your works, and to refer to it using the trademark "Business Source License", as long as you comply with the Covenants of Licensor below.
+
+-----------------------------------------------------------------------------
+
+Covenants of Licensor
+
+In consideration of the right to use this License's text and the "Business Source License" name and trademark, Licensor covenants to MariaDB, and to all other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version, or a license that is compatible with GPL Version 2.0 or a later version, where "compatible" means that software provided under the Change License can be included in a program with software provided under GPL Version 2.0 or a later version. Licensor may specify additional Change Licenses without limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not impose any additional restriction on the right granted in this License, as the Additional Use Grant; or (b) insert the text "None".
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.
+
+-----------------------------------------------------------------------------
+
+Notice
+
+The Business Source License (this document, or the "License") is not an Open Source license. However, the Licensed Work will eventually be made available under an Open Source License, as stated in this License.