safentic 1.0.4__tar.gz → 1.0.6__tar.gz

{safentic-1.0.4/safentic → safentic-1.0.6}/LICENSE.txt

@@ -1,36 +1,36 @@
-Safentic SDK Commercial License Agreement
-=========================================
-
-IMPORTANT – READ CAREFULLY:
-
-This license governs the use of the Safentic SDK (“Software”) developed and owned by Safentic. By installing or using this Software, you (“Licensee”) agree to the following terms and conditions:
-
-1. GRANT OF LICENSE  
-   Licensor grants Licensee a non-exclusive, non-transferable, non-sublicensable license to use the Software solely for internal business purposes and only in accordance with the terms of the commercial agreement executed between the parties. This license may include limited evaluation rights, subject to expiration or usage restrictions.
-
-2. RESTRICTIONS  
-   Licensee shall NOT:  
-   - Use the Software without a valid, active license key or subscription.  
-   - Reverse engineer, decompile, or disassemble the Software.  
-   - Modify, copy, or create derivative works based on the Software.  
-   - Distribute, sublicense, lease, or otherwise make the Software available to any third party.  
-   - Circumvent or attempt to disable any license verification, telemetry, or access control mechanisms.
-
-3. OWNERSHIP  
-   The Software is licensed, not sold. Safentic retains all rights, title, and interest in and to the Software, including all intellectual property rights.
-
-4. TERMINATION  
-   This license is effective until terminated. It will terminate automatically without notice if Licensee breaches any term of this agreement. Upon termination, Licensee must cease all use and destroy all copies of the Software.
-
-5. NO WARRANTY  
-   The Software is provided "as is" without warranty of any kind. Licensor disclaims all warranties, express or implied, including but not limited to warranties of merchantability and fitness for a particular purpose.
-
-6. LIMITATION OF LIABILITY  
-   In no event shall Licensor be liable for any damages arising out of the use or inability to use the Software, including but not limited to incidental, special, or consequential damages.
-
-7. GOVERNING LAW  
-   This agreement shall be governed by and construed in accordance with the laws of Ireland, without regard to its conflict of law principles.
-
-For licensing inquiries, please contact: contact@safentic.com
-
-Copyright © 2025, Safentic. All rights reserved.
+Safentic SDK Commercial License Agreement
+=========================================
+
+IMPORTANT – READ CAREFULLY:
+
+This license governs the use of the Safentic SDK (“Software”) developed and owned by Safentic. By installing or using this Software, you (“Licensee”) agree to the following terms and conditions:
+
+1. GRANT OF LICENSE  
+   Licensor grants Licensee a non-exclusive, non-transferable, non-sublicensable license to use the Software solely for internal business purposes and only in accordance with the terms of the commercial agreement executed between the parties. This license may include limited evaluation rights, subject to expiration or usage restrictions.
+
+2. RESTRICTIONS  
+   Licensee shall NOT:  
+   - Use the Software without a valid, active license key or subscription.  
+   - Reverse engineer, decompile, or disassemble the Software.  
+   - Modify, copy, or create derivative works based on the Software.  
+   - Distribute, sublicense, lease, or otherwise make the Software available to any third party.  
+   - Circumvent or attempt to disable any license verification, telemetry, or access control mechanisms.
+
+3. OWNERSHIP  
+   The Software is licensed, not sold. Safentic retains all rights, title, and interest in and to the Software, including all intellectual property rights.
+
+4. TERMINATION  
+   This license is effective until terminated. It will terminate automatically without notice if Licensee breaches any term of this agreement. Upon termination, Licensee must cease all use and destroy all copies of the Software.
+
+5. NO WARRANTY  
+   The Software is provided "as is" without warranty of any kind. Licensor disclaims all warranties, express or implied, including but not limited to warranties of merchantability and fitness for a particular purpose.
+
+6. LIMITATION OF LIABILITY  
+   In no event shall Licensor be liable for any damages arising out of the use or inability to use the Software, including but not limited to incidental, special, or consequential damages.
+
+7. GOVERNING LAW  
+   This agreement shall be governed by and construed in accordance with the laws of Ireland, without regard to its conflict of law principles.
+
+For licensing inquiries, please contact: contact@safentic.com
+
+Copyright © 2025, Safentic. All rights reserved.

safentic-1.0.6/MANIFEST.in

@@ -0,0 +1,15 @@
+# Essentials
+include LICENSE.txt
+include README.md
+include setup.py
+include pyproject.toml
+include requirements/requirements.txt
+include requirements/requirements-dev.txt
+include requirements/constraints.txt
+
+# Include all relevant files inside safentic package
+recursive-include safentic *.py *.txt *.yaml *.yml
+
+# Ignore tests and cache
+prune tests
+global-exclude __pycache__ *.py[cod] *.pyo

safentic-1.0.6/PKG-INFO

@@ -0,0 +1,193 @@
+Metadata-Version: 2.4
+Name: safentic
+Version: 1.0.6
+Summary: Safentic SDK for AI agent runtime enforcement interception.
+Author-email: Safentic <contact@safentic.com>
+License-Expression: LicenseRef-Proprietary
+Project-URL: Homepage, https://safentic.com
+Classifier: Programming Language :: Python :: 3
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE.txt
+Requires-Dist: PyYAML
+Requires-Dist: langchain
+Requires-Dist: langchain-community
+Requires-Dist: langchain-openai
+Requires-Dist: openai
+Requires-Dist: python-dotenv
+Requires-Dist: sentence-transformers==3.2.1
+Requires-Dist: requests
+Requires-Dist: SQLAlchemy
+Provides-Extra: dev
+Requires-Dist: pytest; extra == "dev"
+Requires-Dist: coverage; extra == "dev"
+Requires-Dist: black; extra == "dev"
+Requires-Dist: isort; extra == "dev"
+Requires-Dist: ruff; extra == "dev"
+Requires-Dist: mypy; extra == "dev"
+Requires-Dist: pip-audit-extra; extra == "dev"
+Requires-Dist: types-requests; extra == "dev"
+Requires-Dist: types-PyYAML; extra == "dev"
+Dynamic: license-file
+
+# Safentic SDK
+
+- **Safentic is a runtime guardrail SDK for agentic AI systems.**
+- It intercepts and evaluates tool calls between agent intent and execution, enforcing custom safety policies and generating structured audit logs for compliance.
+
+## Installation
+`pip install safentic`
+
+# Quickstart: Wrap Your Agent
+
+- Safentic works at the action boundary, not inside the model itself. You wrap your agent with SafetyLayer:
+
+```
+from safentic.layer import SafetyLayer
+from agent import AgentClassInstance  # your existing agent
+
+agent = AgentClassInstance()
+```
+
+## Wrap with Safentic
+``` layer = SafetyLayer(agent=agent, api_key="your-api-key", agent_id="demo-agent") ```
+
+## Example tool call
+```
+try:
+    result = layer.call_tool("some_tool", {"body": "example input"})
+    print(result)
+except Exception as e:
+    print("Blocked:", e)
+```
+
+## Output:
+
+- Blocked: Blocked by policy
+
+# Configuring Your Policy File
+
+- Safentic enforces rules defined in a YAML configuration file (e.g. policy.yaml).
+- By default, it looks for config/policy.yaml, or you can set the path with:
+
+```
+export SAFENTIC_POLICY_PATH=/path/to/policy.yaml
+```
+
+## Schema
+
+- At the moment, Safentic supports the llm_verifier rule type.
+
+``` 
+tools:
+  <tool_name>:
+    rules:
+      - type: llm_verifier
+        description: "<short description of what this rule enforces>"
+        instruction: "<prompt instruction given to the verifier LLM>"
+        model: "<llm model name, e.g. gpt-4>"
+        fields: [<list of input fields to check>]
+        reference_file: "<path to reference text file, optional>"
+        response_format: boolean
+        response_trigger: yes
+        match_mode: exact
+        level: block         # enforcement level: block | warn
+        severity: high       # severity: low | medium | high
+        tags: [<labels for filtering/searching logs>]
+
+logging:
+  level: INFO
+  destination: "safentic/logs/txt_logs/safentic_audit.log"
+  jsonl: "safentic/logs/json_logs/safentic_audit.jsonl"
+
+Example Policy (obfuscated)
+tools:
+  sample_tool:
+    rules:
+      - type: llm_verifier
+        description: "Block outputs that contain disallowed terms"
+        instruction: "Does this text contain disallowed terms or references?"
+        model: gpt-4
+        fields: [body]
+        reference_file: sample_guidelines.txt
+        response_format: boolean
+        response_trigger: yes
+        match_mode: exact
+        level: block
+        severity: high
+        tags: [sample, denylist]
+
+  another_tool:
+    rules: []  # Explicitly allow all actions for this tool
+
+logging:
+  level: INFO
+  destination: "safentic/logs/txt_logs/safentic_audit.log"
+  jsonl: "safentic/logs/json_logs/safentic_audit.jsonl"
+```
+
+## Audit Logs
+
+- Every decision is logged with context for compliance and debugging:
+
+```
+{
+  "timestamp": "2025-09-09T14:25:11Z",
+  "agent_id": "demo-agent",
+  "tool": "sample_tool",
+  "allowed": false,
+  "reason": "Blocked by policy",
+  "rule": "sample_tool:denylist_check",
+  "severity": "high",
+  "level": "block",
+  "tags": ["sample", "denylist"]
+}
+```
+
+### Log Fields
+
+- timestamp – when the action was evaluated
+- agent_id – the agent issuing the action
+- tool – tool name
+- allowed – whether the action was permitted
+- reason – why it was allowed or blocked
+- rule – the rule that applied (if any)
+- severity – severity of the violation
+- level – enforcement level (block, warn)
+- tags – categories attached to the rule
+- extra – additional metadata (e.g., missing fields, matched text)
+
+# CLI Commands
+
+- Safentic ships with a CLI for validating policies, running one-off checks, and inspecting logs:
+
+## Validate a policy file
+```
+safentic validate-policy --policy config/policy.yaml --strict
+```
+
+## Run a one-off tool check
+```
+safentic check-tool --tool sample_tool \
+  --input-json '{"body": "some text"}' \
+  --policy config/policy.yaml
+```
+## Tail the audit log (JSONL by default)
+```
+safentic logs tail --path safentic/logs/json_logs/safentic_audit.jsonl -f
+```
+
+## Environment Variables
+
+Set these before running Safentic:
+
+- ```OPENAI_API_KEY``` – **required** for rules that use llm_verifier (e.g., GPT-4).
+- ```SAFENTIC_POLICY_PATH``` – path to your policy.yaml (default: config/policy.yaml).
+- ```SAFENTIC_LOG_PATH``` – override the default text audit log path.
+- ```SAFENTIC_JSON_LOG_PATH``` – override the default JSONL audit log path.
+- ```LOG_LEVEL``` – optional, sets verbosity (DEBUG, INFO, etc.).
+
+# Supported Stacks
+
+- Safentic integrates with frameworks like LangChain, AutoGen, and MCP by wrapping the tool dispatcher rather than modifying the model or prompts.

safentic-1.0.6/README.md

@@ -0,0 +1,160 @@
+# Safentic SDK
+
+- **Safentic is a runtime guardrail SDK for agentic AI systems.**
+- It intercepts and evaluates tool calls between agent intent and execution, enforcing custom safety policies and generating structured audit logs for compliance.
+
+## Installation
+`pip install safentic`
+
+# Quickstart: Wrap Your Agent
+
+- Safentic works at the action boundary, not inside the model itself. You wrap your agent with SafetyLayer:
+
+```
+from safentic.layer import SafetyLayer
+from agent import AgentClassInstance  # your existing agent
+
+agent = AgentClassInstance()
+```
+
+## Wrap with Safentic
+``` layer = SafetyLayer(agent=agent, api_key="your-api-key", agent_id="demo-agent") ```
+
+## Example tool call
+```
+try:
+    result = layer.call_tool("some_tool", {"body": "example input"})
+    print(result)
+except Exception as e:
+    print("Blocked:", e)
+```
+
+## Output:
+
+- Blocked: Blocked by policy
+
+# Configuring Your Policy File
+
+- Safentic enforces rules defined in a YAML configuration file (e.g. policy.yaml).
+- By default, it looks for config/policy.yaml, or you can set the path with:
+
+```
+export SAFENTIC_POLICY_PATH=/path/to/policy.yaml
+```
+
+## Schema
+
+- At the moment, Safentic supports the llm_verifier rule type.
+
+``` 
+tools:
+  <tool_name>:
+    rules:
+      - type: llm_verifier
+        description: "<short description of what this rule enforces>"
+        instruction: "<prompt instruction given to the verifier LLM>"
+        model: "<llm model name, e.g. gpt-4>"
+        fields: [<list of input fields to check>]
+        reference_file: "<path to reference text file, optional>"
+        response_format: boolean
+        response_trigger: yes
+        match_mode: exact
+        level: block         # enforcement level: block | warn
+        severity: high       # severity: low | medium | high
+        tags: [<labels for filtering/searching logs>]
+
+logging:
+  level: INFO
+  destination: "safentic/logs/txt_logs/safentic_audit.log"
+  jsonl: "safentic/logs/json_logs/safentic_audit.jsonl"
+
+Example Policy (obfuscated)
+tools:
+  sample_tool:
+    rules:
+      - type: llm_verifier
+        description: "Block outputs that contain disallowed terms"
+        instruction: "Does this text contain disallowed terms or references?"
+        model: gpt-4
+        fields: [body]
+        reference_file: sample_guidelines.txt
+        response_format: boolean
+        response_trigger: yes
+        match_mode: exact
+        level: block
+        severity: high
+        tags: [sample, denylist]
+
+  another_tool:
+    rules: []  # Explicitly allow all actions for this tool
+
+logging:
+  level: INFO
+  destination: "safentic/logs/txt_logs/safentic_audit.log"
+  jsonl: "safentic/logs/json_logs/safentic_audit.jsonl"
+```
+
+## Audit Logs
+
+- Every decision is logged with context for compliance and debugging:
+
+```
+{
+  "timestamp": "2025-09-09T14:25:11Z",
+  "agent_id": "demo-agent",
+  "tool": "sample_tool",
+  "allowed": false,
+  "reason": "Blocked by policy",
+  "rule": "sample_tool:denylist_check",
+  "severity": "high",
+  "level": "block",
+  "tags": ["sample", "denylist"]
+}
+```
+
+### Log Fields
+
+- timestamp – when the action was evaluated
+- agent_id – the agent issuing the action
+- tool – tool name
+- allowed – whether the action was permitted
+- reason – why it was allowed or blocked
+- rule – the rule that applied (if any)
+- severity – severity of the violation
+- level – enforcement level (block, warn)
+- tags – categories attached to the rule
+- extra – additional metadata (e.g., missing fields, matched text)
+
+# CLI Commands
+
+- Safentic ships with a CLI for validating policies, running one-off checks, and inspecting logs:
+
+## Validate a policy file
+```
+safentic validate-policy --policy config/policy.yaml --strict
+```
+
+## Run a one-off tool check
+```
+safentic check-tool --tool sample_tool \
+  --input-json '{"body": "some text"}' \
+  --policy config/policy.yaml
+```
+## Tail the audit log (JSONL by default)
+```
+safentic logs tail --path safentic/logs/json_logs/safentic_audit.jsonl -f
+```
+
+## Environment Variables
+
+Set these before running Safentic:
+
+- ```OPENAI_API_KEY``` – **required** for rules that use llm_verifier (e.g., GPT-4).
+- ```SAFENTIC_POLICY_PATH``` – path to your policy.yaml (default: config/policy.yaml).
+- ```SAFENTIC_LOG_PATH``` – override the default text audit log path.
+- ```SAFENTIC_JSON_LOG_PATH``` – override the default JSONL audit log path.
+- ```LOG_LEVEL``` – optional, sets verbosity (DEBUG, INFO, etc.).
+
+# Supported Stacks
+
+- Safentic integrates with frameworks like LangChain, AutoGen, and MCP by wrapping the tool dispatcher rather than modifying the model or prompts.

safentic-1.0.6/pyproject.toml

@@ -0,0 +1,55 @@
+[project]
+name = "safentic"
+version = "1.0.6"
+description = "Safentic SDK for AI agent runtime enforcement interception."
+authors = [{ name = "Safentic", email = "contact@safentic.com" }]
+readme = "README.md"
+license = "LicenseRef-Proprietary"  # SPDX-compatible custom license
+requires-python = ">=3.10"
+
+dependencies = [
+    "PyYAML",
+    "langchain",
+    "langchain-community",
+    "langchain-openai",
+    "openai",
+    "python-dotenv",
+    "sentence-transformers==3.2.1",
+    "requests",
+    "SQLAlchemy"
+]
+
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "Operating System :: OS Independent"
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest",
+    "coverage",
+    "black",
+    "isort",
+    "ruff",
+    "mypy",
+    "pip-audit-extra",
+    "types-requests",
+    "types-PyYAML"
+]
+
+[project.urls]
+Homepage = "https://safentic.com"
+
+[project.scripts]
+safentic = "safentic.cli.main:main"
+
+[tool.setuptools.packages.find]
+include = ["safentic*"]
+exclude = ["config", "integrations", "safentic_poc", "policy_file_docs"]
+
+[tool.setuptools]
+license-files = ["LICENSE.txt"]
+
+[build-system]
+requires = ["setuptools>=61", "wheel"]
+build-backend = "setuptools.build_meta"

safentic-1.0.6/requirements/constraints.txt

@@ -0,0 +1,16 @@
+# requirements/constraints.txt
+
+# Security guardrails (transitives)
+aiohttp>=3.12.14
+pillow>=11.3.0
+transformers>=4.53.0
+torch!=2.7.1          
+
+# Core dependencies
+PyYAML>=6.0.2
+requests>=2.32.0
+SQLAlchemy>=2.0.0
+langchain>=0.2.16
+langchain-community>=0.2.16
+langchain-openai>=0.1.20
+openai>=1.40.0

safentic-1.0.6/requirements/requirements-dev.txt

@@ -0,0 +1,21 @@
+# requirements/requirements-dev.txt
+
+# Pull in the SDK/runtime deps (relative to THIS file)
+-r requirements.txt
+
+# Testing
+pytest
+coverage
+
+# Formatting / linting / typing
+black
+isort
+ruff
+mypy
+
+# Security auditing
+pip-audit-extra
+
+# Type stubs
+types-requests
+types-PyYAML

{safentic-1.0.4 → safentic-1.0.6/requirements}/requirements.txt

@@ -1,10 +1,9 @@
-PyYAML
-langchain
-langchain-community
-langchain-openai
-openai
-python-dotenv
-sentence-transformers==3.2.1
-pyautogen
-pytest
-coverage
+PyYAML
+langchain
+langchain-community
+langchain-openai
+openai
+python-dotenv
+sentence-transformers==3.2.1
+requests
+SQLAlchemy

safentic-1.0.6/safentic/__init__.py

@@ -0,0 +1,5 @@
+from .layer import SafetyLayer
+from ._internal.errors import SafenticError
+
+__all__ = ["SafetyLayer", "SafenticError"]
+__version__ = "1.0.6"

safentic-1.0.6/safentic/_internal/errors.py

@@ -0,0 +1,26 @@
+class SafenticError(Exception):
+    """Base class for all Safentic errors."""
+
+
+class PolicyValidationError(SafenticError):
+    """Raised when a policy file or rule is invalid."""
+
+
+class ReferenceFileError(SafenticError):
+    """Raised when a reference file is missing, unreadable, or empty."""
+
+
+class EnforcementError(SafenticError):
+    """Raised when enforcement fails unexpectedly."""
+
+
+class VerifierError(SafenticError):
+    """Raised when the LLM verifier fails unexpectedly."""
+
+
+class InvalidAPIKeyError(SafenticError):
+    """Raised when an API key is missing or invalid."""
+
+
+class InvalidAgentInterfaceError(SafenticError):
+    """Raised when the wrapped agent doesn't expose the expected interface."""

safentic-1.0.6/safentic/adapters/mcp_adapter.py

@@ -0,0 +1,46 @@
+from typing import Any, Dict, Mapping, cast
+from safentic.policy_enforcer import PolicyEnforcer
+
+
+def handle_mcp_action(
+    action_request: Mapping[str, Any], enforcer: PolicyEnforcer
+) -> Dict[str, Any]:
+    """
+    Accepts an MCP ActionRequest and returns a Safentic policy enforcement result.
+    Requires a PolicyEnforcer instance to be passed in.
+
+    Expected shape (minimal):
+    {
+        "tool": {
+            "name": str,
+            "input": dict[str, Any]
+        },
+        "agent": {
+            "id": str
+        }
+    }
+    """
+
+    tool: Dict[str, Any] = cast(Dict[str, Any], action_request.get("tool", {}))
+    agent: Dict[str, Any] = cast(Dict[str, Any], action_request.get("agent", {}))
+
+    tool_name: str = cast(str, tool.get("name", "unknown_tool"))
+    tool_args: Dict[str, Any] = cast(
+        Dict[str, Any], tool.get("input", {})
+    )  # Expected to include "body" or "note"
+    agent_id: str = cast(str, agent.get("id", "unknown_agent"))
+
+    result: Dict[str, Any] = enforcer.enforce(
+        agent_id=agent_id,
+        tool_name=tool_name,
+        tool_args=tool_args,
+    )
+
+    return {
+        "tool": tool_name,
+        "agent_id": agent_id,
+        "allowed": result["allowed"],
+        "reason": result["reason"],
+        "agent_state": result.get("agent_state", {}),
+        "violation": result.get("violation"),  # Optional violation metadata
+    }

safentic-1.0.6/safentic/cli/__init__.py

@@ -0,0 +1,3 @@
+from typing import List
+
+__all__: List[str] = []

safentic-1.0.6/safentic/cli/commands/check_tool.py

@@ -0,0 +1,47 @@
+from typing import Any, Dict, Optional
+
+from safentic.policy_engine import PolicyEngine
+from safentic.policy_enforcer import PolicyEnforcer
+from safentic.cli.utils import resolve_policy_path, load_json_arg, ok, error
+
+
+def run(
+    policy: Optional[str],
+    tool_name: str,
+    agent_id: str,
+    input_json: Optional[str],
+    input_file: Optional[str],
+    dry_run: bool,
+    allow_fail: bool,
+    no_llm: bool = False,
+) -> Dict[str, Any]:
+    """
+    Run a one-off policy enforcement for a tool + payload.
+    Returns a JSON payload. Raises SystemExit(2) if blocked and allow_fail=False.
+    """
+    policy_path = resolve_policy_path(policy)
+
+    try:
+        engine = PolicyEngine(policy_path=policy_path, dry_run=dry_run, no_llm=no_llm)
+        enforcer = PolicyEnforcer(policy_engine=engine)
+
+        payload: Dict[str, Any] = load_json_arg(input_json, input_file)
+        decision = enforcer.enforce(
+            agent_id=agent_id, tool_name=tool_name, tool_args=payload
+        )
+
+        result = ok(
+            f"Check completed for tool: {tool_name}",
+            {"policy_path": policy_path, "decision": decision},
+        )
+
+        if not decision.get("allowed", False) and not allow_fail:
+            # Signal to CI callers that this is a block
+            raise SystemExit(2)
+
+        return result
+
+    except SystemExit:
+        raise
+    except Exception as e:
+        return error("check-tool failed", {"details": str(e)})