safentic 0.0.1__py3-none-any.whl

safentic/LICENSE.txt

@@ -0,0 +1,36 @@
+Safentic SDK Commercial License Agreement
+=========================================
+
+IMPORTANT – READ CAREFULLY:
+
+This license governs the use of the Safentic SDK (“Software”) developed and owned by Safentic. By installing or using this Software, you (“Licensee”) agree to the following terms and conditions:
+
+1. GRANT OF LICENSE  
+   Licensor grants Licensee a non-exclusive, non-transferable, non-sublicensable license to use the Software solely for internal business purposes and only in accordance with the terms of the commercial agreement executed between the parties. This license may include limited evaluation rights, subject to expiration or usage restrictions.
+
+2. RESTRICTIONS  
+   Licensee shall NOT:  
+   - Use the Software without a valid, active license key or subscription.  
+   - Reverse engineer, decompile, or disassemble the Software.  
+   - Modify, copy, or create derivative works based on the Software.  
+   - Distribute, sublicense, lease, or otherwise make the Software available to any third party.  
+   - Circumvent or attempt to disable any license verification, telemetry, or access control mechanisms.
+
+3. OWNERSHIP  
+   The Software is licensed, not sold. Safentic retains all rights, title, and interest in and to the Software, including all intellectual property rights.
+
+4. TERMINATION  
+   This license is effective until terminated. It will terminate automatically without notice if Licensee breaches any term of this agreement. Upon termination, Licensee must cease all use and destroy all copies of the Software.
+
+5. NO WARRANTY  
+   The Software is provided "as is" without warranty of any kind. Licensor disclaims all warranties, express or implied, including but not limited to warranties of merchantability and fitness for a particular purpose.
+
+6. LIMITATION OF LIABILITY  
+   In no event shall Licensor be liable for any damages arising out of the use or inability to use the Software, including but not limited to incidental, special, or consequential damages.
+
+7. GOVERNING LAW  
+   This agreement shall be governed by and construed in accordance with the laws of Ireland, without regard to its conflict of law principles.
+
+For licensing inquiries, please contact: contact@safentic.com
+
+Copyright © 2025, Safentic. All rights reserved.

safentic/__init__.py

@@ -0,0 +1,8 @@
+from .layer import SafetyLayer, SafenticError
+
+__all__ = [
+    "SafetyLayer",
+    "SafenticError",
+]
+
+__version__ = "0.0.1"

safentic/config.py

@@ -0,0 +1,2 @@
+BASE_API_PATH = "https://safentic-api.onrender.com/"
+API_KEY_ENDPOINT = "auth/validate"

safentic/engine.py

@@ -0,0 +1,80 @@
+from .policy import PolicyEngine
+from .logger.audit import AuditLogger
+
+class PolicyEnforcer():
+    """
+    Runtime wrapper to evaluate and enforce tool usage policies.
+    Tracks agent-specific violations and supports audit logging.
+    """
+
+    def __init__(self, policy_engine: PolicyEngine = None):
+        self.policy_engine = policy_engine or PolicyEngine()
+        self.agent_states = {}
+        self.audit_logger = AuditLogger()
+
+    def enforce(self, agent_id: str, tool_name: str, tool_args: dict) -> dict:
+        """
+        Evaluates a tool action for a given agent.
+        Returns a dict with 'allowed', 'reason', and agent state metadata.
+        """
+        state = self.agent_states.setdefault(agent_id, {
+            "blocked_tools": set(),
+            "violation_count": 0,
+            "last_violation": None
+        })
+
+        # Block repeat attempts to use already-denied tool
+        if tool_name in state["blocked_tools"]:
+            reason = "Tool previously blocked for this agent."
+            self.audit_logger.log(
+                agent_id=agent_id,
+                tool=tool_name,
+                allowed=False,
+                reason=reason
+            )
+            return self._deny(tool_name, state, reason)
+
+        # Run policy evaluation
+        violation = self.policy_engine.evaluate_policy(tool_name, tool_args)
+
+        if violation:
+            state["blocked_tools"].add(tool_name)
+            state["violation_count"] += 1
+            state["last_violation"] = violation
+            self.audit_logger.log(
+                agent_id=agent_id,
+                tool=tool_name,
+                allowed=False,
+                reason=violation
+            )
+            return self._deny(tool_name, state, violation)
+
+        # Log allowed action
+        self.audit_logger.log(
+            agent_id=agent_id,
+            tool=tool_name,
+            allowed=True
+        )
+
+        return {
+            "allowed": True,
+            "reason": "Action permitted",
+            "agent_state": state
+        }
+
+    def reset(self, agent_id: str = None):
+        """
+        Clears violation state for one agent or all agents.
+        """
+        if agent_id:
+            self.agent_states.pop(agent_id, None)
+        else:
+            self.agent_states.clear()
+
+    def _deny(self, tool_name: str, state: dict, reason: str) -> dict:
+        return {
+            "allowed": False,
+            "reason": reason,
+            "tool": tool_name,
+            "agent_state": state
+        }

safentic/helper/auth.py

@@ -0,0 +1,12 @@
+import requests
+from ..config import *
+
+def validate_api_key(key: str) -> dict:
+    try:
+        response = requests.post(BASE_API_PATH + API_KEY_ENDPOINT, json={"api_key": key})
+        if response.status_code != 200:
+            return {"valid": False}
+        data = response.json()
+        return {"valid": True, **data}
+    except Exception:
+        return {"valid": False}

safentic/layer.py

@@ -0,0 +1,50 @@
+from .engine import PolicyEnforcer
+from .logger.audit import AuditLogger
+from .helper.auth import validate_api_key
+
+class SafenticError(Exception):
+    """Raised when Safentic blocks an action."""
+    pass
+
+
+class SafetyLayer():
+    """
+    Safentic runtime enforcement wrapper for agent actions.
+    First, insert your api key, then run an action.
+    Example:
+        safety.protect("send_email", {"body": "..."})
+        # Raises SafenticError if blocked
+    """
+
+    def __init__(self, api_key: str, agent_id: str, enforcer: PolicyEnforcer = None, raise_on_block: bool = True):
+        self.agent_id = agent_id
+        self.raise_on_block = raise_on_block
+        self.logger = AuditLogger()
+
+        # If no custom enforcer is provided, instantiate one with the API key
+        self.enforcer = enforcer or PolicyEnforcer()
+        self.api_key = validate_api_key(api_key)
+        self.enforcer.reset(agent_id)
+
+    def protect(self, tool_name: str, tool_args: dict) -> dict:
+        """
+        Checks whether a tool action is allowed.
+        Raises SafenticError if blocked (default), or returns result if raise_on_block=False.
+        """
+        result = self.enforcer.enforce(self.agent_id, tool_name, tool_args)
+
+        # Log structured event
+        self.logger.log(
+            agent_id=self.agent_id,
+            tool=tool_name,
+            allowed=result["allowed"],
+            reason=result["reason"] if not result["allowed"] else None
+        )
+
+        # Raise or return based on outcome and config
+        if not result["allowed"]:
+            if self.raise_on_block:
+                raise SafenticError(result["reason"])
+            return result
+
+        return result

safentic/logger/audit.py

@@ -0,0 +1,83 @@
+import logging
+from datetime import datetime
+import os
+import json
+
+class AuditLogger:
+    def __init__(self, config: dict = None):
+        config = config or {}
+
+        # Allow disabling via config or env
+        self.enabled = config.get("enabled", True)
+        if os.getenv("SAFE_AUDIT_LOG") == "0":
+            self.enabled = False
+
+        # File paths from config or default
+        self.txt_log_path = config.get("destination", "safentic/logs/txt_logs/safentic_audit.log")
+        self.jsonl_path = config.get("jsonl", "safentic/logs/json_logs/safentic_audit.jsonl")
+
+        # Ensure directories exist
+        os.makedirs(os.path.dirname(self.txt_log_path), exist_ok=True)
+        os.makedirs(os.path.dirname(self.jsonl_path), exist_ok=True)
+
+        # Set up logger
+        self.logger = logging.getLogger("safentic.audit")
+
+        level_str = config.get("level", "INFO").upper()
+        level_map = {
+            "DEBUG": logging.DEBUG,
+            "INFO": logging.INFO,
+            "WARNING": logging.WARNING,
+            "ERROR": logging.ERROR,
+            "CRITICAL": logging.CRITICAL
+        }
+        level = level_map.get(level_str, logging.INFO)
+        self.logger.setLevel(level)
+
+        # Prevent duplicate handlers (e.g., in notebooks)
+        if not self.logger.handlers:
+            formatter = logging.Formatter("%(asctime)s | %(levelname)s | %(message)s")
+
+            stream_handler = logging.StreamHandler()
+            stream_handler.setFormatter(formatter)
+            self.logger.addHandler(stream_handler)
+
+            file_handler = logging.FileHandler(self.txt_log_path)
+            file_handler.setFormatter(formatter)
+            self.logger.addHandler(file_handler)
+
+    def log(self, agent_id: str, tool: str, allowed: bool, reason: str = None):
+        if not self.enabled:
+            return
+
+        entry = {
+            "timestamp": datetime.now().isoformat(),
+            "agent_id": agent_id,
+            "tool": tool,
+            "allowed": allowed,
+            "reason": reason or "No violation"
+        }
+
+        log_level = logging.INFO if allowed else logging.WARNING
+        self.logger.log(log_level, f"[AUDIT] {entry}")
+
+        try:
+            with open(self.jsonl_path, "a", encoding="utf-8") as f:
+                f.write(json.dumps(entry) + "\n")
+        except Exception as e:
+            self.logger.error(f"Failed to write structured audit log: {e}")
+
+    def set_level(self, level: str):
+        level_map = {
+            "DEBUG": logging.DEBUG,
+            "INFO": logging.INFO,
+            "WARNING": logging.WARNING,
+            "ERROR": logging.ERROR,
+            "CRITICAL": logging.CRITICAL
+        }
+
+        level = level.upper()
+        if level in level_map:
+            self.logger.setLevel(level_map[level])
+        else:
+            raise ValueError(f"Unsupported log level: {level}")

safentic/policies/__init__.py

@@ -0,0 +1,3 @@
+from ..layer import SafetyLayer, SafenticError
+
+__version__ = "0.1"

safentic/policies/example_policy.txt

@@ -0,0 +1,33 @@
+Standard Refund Policy
+
+Last Updated: February 1, 2025
+
+1. Overview
+At XYZ, we strive to ensure your complete satisfaction with our platform. If you are not entirely happy with your purchase, you may be eligible for a refund as described below.
+
+2. Eligibility
+- Monthly Subscriptions: You may request a full refund within 30 days of your initial subscription charge.
+- Annual Subscriptions: You may request a pro-rated refund (the remaining unused portion of your term) within 30 days of your initial annual subscription charge.
+- One-Time Purchases and Credits: Refunds on one-time feature purchases or in-app credits are handled on a case-by-case basis and must be requested within 14 days of purchase.
+
+3. How to Request a Refund
+1. Log in to your XYZ account at https://app.XYZ.ai.
+2. Go to Settings -> Billing -> Refunds.
+3. Select the transaction you wish to refund and click Request Refund.
+4. In the "Reason" field, briefly describe why you are requesting a refund.
+5. Submit your request. You will receive an email confirmation within one business day.
+
+4. Processing Time
+- Refunds for credit-card or PayPal payments will be credited back to your original payment method within 5-7 business days after approval.
+- In-app credits or wallet balances will be restored within 24 hours of approval.
+
+5. Exceptions and Limitations
+- No refunds will be issued for subscription renewals after the initial 30-day period.
+- Promotional, gift, or trial subscriptions are non-refundable.
+- Refund requests made more than 30 days after the initial charge are subject to review and may be denied.
+- We reserve the right to refuse a refund if we suspect abuse of the refund policy.
+
+6. Contact Us
+If you have any questions or need assistance, please contact our Support Team at support@XYZ.ai or via the in-app chat.
+
+Thank you for choosing XYZ! We appreciate your business and are committed to delivering a great experience.

safentic/policies/policy.yaml

@@ -0,0 +1,25 @@
+tools:
+  send_email:
+    checks:
+      - type: deny_phrase
+        phrases:
+          - "one device per subscription"
+          - "24 hours"
+
+      - type: semantic
+        trigger_phrases:
+          - "refund policy"
+          - "guarantee"
+          - "our policy"
+        reference_file: "example_policy.txt"
+
+  update_ticket:
+    checks: []  # Explicitly allow all — no policy checks
+
+  log_to_crm:
+    checks: []  # Explicitly allow all — no policy checks
+
+logging:
+  level: INFO
+  destination: "safentic/logs/txt_logs/safentic_audit.log"
+  jsonl: "safentic/logs/json_logs/safentic_audit.jsonl"

safentic/policy.py

@@ -0,0 +1,106 @@
+import os
+import yaml
+from typing import Optional
+from .verifiers.sentence_verifier import SentenceTransformerVerifier
+from .logger.audit import AuditLogger
+
+
+class PolicyEngine:
+    """
+    Evaluates whether a given tool action complies with safety policies.
+    Uses rule types such as deny_phrase and semantic checks.
+    """
+
+    VALID_RULE_TYPES = {"deny_phrase", "semantic"}
+
+    def __init__(
+        self,
+        policy_path: Optional[str] = None,
+        policy_base_dir: Optional[str] = None
+    ):
+        self.base_dir = policy_base_dir or os.path.dirname(__file__)
+        policy_path = policy_path or os.path.join(self.base_dir, "policies", "policy.yaml")
+
+        with open(policy_path, encoding="utf-8") as f:
+            self.policy_cfg = yaml.safe_load(f)
+
+        self.verifier = SentenceTransformerVerifier(
+            model_name="all-MiniLM-L6-v2",
+            low_threshold=0.50,
+            high_threshold=0.75,
+        )
+
+        self.audit_logger = AuditLogger()
+
+    def _load_reference_text(self, filename: str) -> str:
+        path = os.path.join(self.base_dir, "policies", filename)
+        with open(path, encoding="utf-8") as f:
+            return f.read().strip().lower()
+
+    def evaluate_policy(self, tool_name: str, args: dict, agent_id: str = "unknown") -> Optional[str]:
+        """
+        Returns None if allowed, or a string reason if blocked.
+        Supports modular rule types per tool.
+        """
+        tool_rules = self.policy_cfg.get("tools", {}).get(tool_name)
+        if not tool_rules:
+            return None  # No policy = allow
+
+        text = (args.get("body") or args.get("note") or "").strip().lower()
+        if not text:
+            return None  # Empty input = allow
+
+        for check in tool_rules.get("checks", []):
+            rule_type = check.get("type")
+
+            if rule_type not in self.VALID_RULE_TYPES:
+                warning = f"Unknown rule type in policy: '{rule_type}' for tool: '{tool_name}'"
+                self.audit_logger.log(
+                    agent_id=agent_id,
+                    tool=tool_name,
+                    allowed=True,
+                    reason=warning
+                )
+                continue
+
+            if rule_type == "deny_phrase":
+                for phrase in check.get("phrases", []):
+                    if phrase.lower() in text:
+                        reason = f"Blocked: matched deny phrase “{phrase}”"
+                        self.audit_logger.log(
+                            agent_id=agent_id,
+                            tool=tool_name,
+                            allowed=False,
+                            reason=reason
+                        )
+                        return reason
+
+            elif rule_type == "semantic":
+                trigger_phrases = [p.lower() for p in check.get("trigger_phrases", [])]
+                if any(p in text for p in trigger_phrases):
+                    reference_file = check.get("reference_file")
+                    if not reference_file:
+                        continue
+
+                    reference_text = self._load_reference_text(reference_file)
+                    decision = self.verifier.decision(candidate=text, official=reference_text)
+
+                    if decision == "block":
+                        explanation = self.verifier.explain(candidate=text, official=reference_text)
+                        reason = f"Blocked by semantic check: {explanation}"
+                        self.audit_logger.log(
+                            agent_id=agent_id,
+                            tool=tool_name,
+                            allowed=False,
+                            reason=reason
+                        )
+                        return reason
+
+                    self.audit_logger.log(
+                        agent_id=agent_id,
+                        tool=tool_name,
+                        allowed=True,
+                        reason=f"Semantic decision: {decision}"
+                    )
+
+        return None

safentic/verifiers/sentence_verifier.py

@@ -0,0 +1,69 @@
+from sentence_transformers import SentenceTransformer, util
+from ..logger.audit import AuditLogger
+
+
+class SentenceTransformerVerifier:
+    """
+    Verifies whether a candidate text is semantically aligned with an official policy text.
+    Uses cosine similarity thresholds to decide: allow, verify, or block.
+    """
+
+    def __init__(
+        self,
+        model_name: str = "all-MiniLM-L6-v2",
+        low_threshold: float = 0.50,
+        high_threshold: float = 0.75,
+    ):
+        self.embedder = SentenceTransformer(model_name)
+        self.low = low_threshold
+        self.high = high_threshold
+        self.logger = AuditLogger()
+
+    def similarity(self, a: str, b: str) -> float:
+        """
+        Computes cosine similarity between two strings.
+        """
+        vecs = self.embedder.encode([a, b], convert_to_tensor=True)
+        return util.cos_sim(vecs[0], vecs[1]).item()
+
+    def decision(self, candidate: str, official: str, agent_id: str = "semantic-check") -> str:
+        """
+        Returns one of: "allow", "verify", or "block"
+        based on similarity thresholds.
+        Also logs the similarity score and decision.
+        """
+        score = self.similarity(candidate, official)
+
+        if score >= self.high:
+            result = "allow"
+        elif score <= self.low:
+            result = "block"
+        else:
+            result = "verify"
+
+        self.logger.log(
+            agent_id=agent_id,
+            tool="semantic_policy_check",
+            allowed=(result != "block"),
+            reason=f"Semantic decision: {result} (score={score:.2f})"
+        )
+
+        return result
+
+    def explain(self, candidate: str, official: str, agent_id: str = "semantic-check") -> str:
+        """
+        Returns a debug-friendly explanation string including the similarity score.
+        Also logs it to structured audit log for traceability.
+        """
+        score = self.similarity(candidate, official)
+        explanation = f"Semantic similarity = {score:.2f} (low={self.low}, high={self.high})"
+
+        # Structured debug logging (allowed=True since it’s informational)
+        self.logger.log(
+            agent_id=agent_id,
+            tool="semantic_policy_check",
+            allowed=True,
+            reason=explanation
+        )
+
+        return explanation

safentic-0.0.1.dist-info/METADATA

@@ -0,0 +1,54 @@
+Metadata-Version: 2.4
+Name: safentic
+Version: 0.0.1
+Summary: Safentic SDK for behavior analysis
+Home-page: https://safentic.com
+Author: Safentic
+Author-email: contact@safentic.com
+License: Proprietary :: Safentic Commercial License
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: Other/Proprietary License
+Classifier: Operating System :: OS Independent
+Description-Content-Type: text/markdown
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: license
+Dynamic: summary
+
+# Safentic SDK
+
+Safentic is a runtime guardrail SDK for agentic AI systems.  
+It intercepts and evaluates unsafe tool calls between agent **intent** and **execution**, enforcing custom safety policies.
+
+---
+
+## Installation
+
+Install from PyPI:
+
+    pip install safentic
+
+---
+
+## API Key Required
+
+Safentic requires a valid API key to function.  
+To obtain one, contact: contact@safentic.com
+
+---
+
+## Quick Start
+
+```python
+from safentic import SafetyLayer, SafenticError
+
+layer = SafetyLayer(api_key="your-api-key", agent_id="agent-007")
+
+try:
+    layer.protect("send_email", {"body": "Refund me now!"})
+except SafenticError as e:
+    print("Blocked by policy:", e)

safentic-0.0.1.dist-info/RECORD

@@ -0,0 +1,22 @@
+safentic/LICENSE.txt,sha256=xl3AZ2rkiOG5qE01SPRBgoW5Ib5YKZQeszh6OlvKePk,2330
+safentic/__init__.py,sha256=T6sUAvYN7XW5lo3dpzBPnzoUTIokV-W6xuMXhId1iJk,132
+safentic/config.py,sha256=V6c8Fz0t-Ja278kjCrQMlGPBQ4Hj830t3q7U7oM4Q4k,90
+safentic/engine.py,sha256=-a90x70SY15WkOIkgxoPVLs_9xGsf4Krj-CmpoMs6tE,2597
+safentic/layer.py,sha256=LzdAGLa3cX8oheBQEABrTK_X0cte9XTyW1GdtgxI25o,1742
+safentic/policy.py,sha256=ApAAAxiWb_M5TUTtYKk10BVWEy4xViSbM8ikocIqWoI,4111
+safentic/helper/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+safentic/helper/auth.py,sha256=evhikKRTtGXYp0YKkdntBM4bUjdUTtvJ2nA5YLt2IIA,391
+safentic/logger/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+safentic/logger/audit.py,sha256=GAqZFVPERKyuugmGn6G1-fg9QLaHqN1aWl0S_J3dYXI,2947
+safentic/policies/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+safentic/policies/__init__.py,sha256=s37JO8wBcNstqvPif1q2Dw46imddeZZJBo-f3mSfd58,69
+safentic/policies/example_policy.txt,sha256=Vkv5p2Kcyppijl8BD--P1APy2cBgWrYCrKzfo2pW0lo,1955
+safentic/policies/policy.yaml,sha256=W0_6kPp0VqS568eR_NnYgFEiHVi1YWlIwrk3txd1Lr4,627
+safentic/verifiers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+safentic/verifiers/sentence_verifier.py,sha256=jgObZ1t4UCYHYIfNayI0n69hVBWOHc9GAhpJsDbiD2c,2376
+tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tests/test_all.py,sha256=nIUedvH5ny_Glp5PuxmzHCRW2KvqkmwM3bB8rZvHLSo,5723
+safentic-0.0.1.dist-info/METADATA,sha256=toBfprV-Pml2wEud51LuESBIQzeWHjJAl0J0bs8PtvA,1303
+safentic-0.0.1.dist-info/WHEEL,sha256=0CuiUZ_p9E4cD6NyLD6UG80LBXYyiSYZOKDm5lp32xk,91
+safentic-0.0.1.dist-info/top_level.txt,sha256=8bLyq7i9we7XEcbDYLHTUfR3IIpICeMfG8NWAHCLU5s,15
+safentic-0.0.1.dist-info/RECORD,,

safentic-0.0.1.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (80.3.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

safentic-0.0.1.dist-info/top_level.txt

@@ -0,0 +1,2 @@
+safentic
+tests

tests/test_all.py

@@ -0,0 +1,132 @@
+import os
+import sys
+import math
+import logging
+import pytest
+from unittest import mock
+
+from safentic.policy import PolicyEngine
+from safentic.engine import PolicyEnforcer
+from safentic.layer import SafetyLayer, SafenticError
+from safentic.verifiers.sentence_verifier import SentenceTransformerVerifier
+from safentic.logger.audit import AuditLogger
+
+os.environ["SAFE_AUDIT_LOG"] = "0"
+
+TESTS = {
+    "valid_excerpt": "Here is our refund policy: any cancellation within 30 days of purchase receives a full refund.",
+    "hallucination_one_device": "According to our refund policy, every user may only refund one device per subscription.",
+    "made_up_timeframe": "Refund policy: you must request a refund within 24 hours of purchase.",
+    "generic_refund": "I’m sorry for the trouble—please let us know more about your refund issue.",
+}
+
+@pytest.fixture
+def policy_engine():
+    return PolicyEngine()
+
+@pytest.fixture
+def enforcer():
+    return PolicyEnforcer()
+
+@pytest.mark.parametrize("case, expected_contains", [
+    ("valid_excerpt", None),
+    ("generic_refund", None),
+    ("hallucination_one_device", "one device per subscription"),
+    ("made_up_timeframe", "24 hours"),
+])
+def test_policy_engine_evaluate(policy_engine, case, expected_contains):
+    reason = policy_engine.evaluate_policy("send_email", {"body": TESTS[case]})
+    if expected_contains is None:
+        assert reason is None
+    else:
+        assert expected_contains in reason.lower()
+
+def test_policy_engine_skips_empty(policy_engine):
+    assert policy_engine.evaluate_policy("send_email", {"body": ""}) is None
+
+def test_policy_engine_unknown_rule_type(policy_engine):
+    policy_engine.policy_cfg = {
+        "tools": {"send_email": {"checks": [{"type": "unknown_type"}]}}
+    }
+    assert policy_engine.evaluate_policy("send_email", {"body": "test"}) is None
+
+def test_policy_engine_malformed_semantic(policy_engine):
+    policy_engine.policy_cfg = {
+        "tools": {"send_email": {"checks": [{"type": "semantic", "trigger_phrases": ["refund"]}]}}
+    }
+    assert policy_engine.evaluate_policy("send_email", {"body": "refund policy applies"}) is None
+
+def test_enforcer_allows_valid_and_generic(enforcer):
+    agent_id = "agent-allow"
+    for case in ["valid_excerpt", "generic_refund"]:
+        assert enforcer.enforce(agent_id, "send_email", {"body": TESTS[case]})["allowed"]
+
+def test_enforcer_blocks_and_resets(enforcer):
+    agent_id = "agent-block"
+    res = enforcer.enforce(agent_id, "send_email", {"body": TESTS["hallucination_one_device"]})
+    assert not res["allowed"]
+    repeat = enforcer.enforce(agent_id, "send_email", {"body": TESTS["hallucination_one_device"]})
+    assert "previously blocked" in repeat["reason"].lower()
+    enforcer.reset(agent_id)
+    assert agent_id not in enforcer.agent_states
+
+def test_safety_layer_blocks_and_raises():
+    layer = SafetyLayer(api_key="demo-1234", agent_id="safety-1", raise_on_block=True)
+    with pytest.raises(SafenticError):
+        layer.protect("send_email", {"body": TESTS["made_up_timeframe"]})
+
+def test_safety_layer_returns_result():
+    layer = SafetyLayer(api_key="demo-1234", agent_id="safety-2", raise_on_block=False)
+    assert layer.protect("send_email", {"body": TESTS["generic_refund"]})["allowed"]
+
+@mock.patch("safentic.verifiers.sentence_verifier.SentenceTransformer")
+def test_similarity_score_consistency(mock_model_class):
+    mock_model = mock_model_class.return_value
+    mock_model.encode.return_value = [[1.0], [1.0]]
+    verifier = SentenceTransformerVerifier()
+    score = verifier.similarity("a", "a")
+    assert math.isclose(score, 1.0, abs_tol=1e-4)
+
+@mock.patch("safentic.verifiers.sentence_verifier.SentenceTransformer")
+@pytest.mark.parametrize("a,b,score,expected", [
+    ("a", "a", 0.95, "allow"),
+    ("a", "b", 0.5, "verify"),
+    ("x", "y", 0.1, "block"),
+])
+def test_verifier_threshold_behavior(mock_model_class, a, b, score, expected):
+    mock_model = mock_model_class.return_value
+    with mock.patch("safentic.verifiers.sentence_verifier.util.cos_sim") as mock_cos_sim:
+        mock_cos_sim.return_value = mock.Mock()
+        mock_cos_sim.return_value.item.return_value = score
+
+        verifier = SentenceTransformerVerifier(low_threshold=0.2, high_threshold=0.9)
+        result = verifier.decision(a, b)
+        assert result == expected
+
+@mock.patch("safentic.verifiers.sentence_verifier.SentenceTransformer")
+def test_verifier_explains_score(mock_model_class):
+    mock_model = mock_model_class.return_value
+    mock_model.encode.return_value = [[1.0], [1.0]]
+    verifier = SentenceTransformerVerifier()
+    assert "Semantic similarity" in verifier.explain("a", "a")
+
+@mock.patch("safentic.logger.audit.open", new_callable=mock.mock_open)
+def test_logger_set_level_and_log(mock_open_file):
+    os.environ["SAFE_AUDIT_LOG"] = "1"  # Ensure logger is active
+
+    logger = AuditLogger(config={"txt": "dummy.txt", "json": "dummy.jsonl"})
+    logger.set_level("DEBUG")
+    logger.log(agent_id="mock-agent", tool="send_email", allowed=True)
+    logger.log(agent_id="mock-agent", tool="send_email", allowed=False, reason="test")
+
+    handle = mock_open_file()
+    handle.write.assert_called()  # Ensure something was written
+
+def test_logger_invalid_level():
+    with pytest.raises(ValueError):
+        AuditLogger().set_level("FAKE")
+
+@mock.patch("safentic.logger.audit.open", side_effect=OSError("mocked failure"))
+def test_logger_gracefully_fails_json_write(mock_open):
+    logger = AuditLogger(config={"txt": "ok.txt", "json": "fail.jsonl"})
+    logger.log("agent", "tool", False, reason="test")