sourcerykit 1.0.0b1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- sourcerykit-1.0.0b1/.gitignore +65 -0
- sourcerykit-1.0.0b1/CHANGELOG.md +43 -0
- sourcerykit-1.0.0b1/LICENSE.md +101 -0
- sourcerykit-1.0.0b1/PKG-INFO +228 -0
- sourcerykit-1.0.0b1/README.md +180 -0
- sourcerykit-1.0.0b1/cookbooks/claude_agent/README.md +49 -0
- sourcerykit-1.0.0b1/cookbooks/langchain_agent/README.md +50 -0
- sourcerykit-1.0.0b1/cookbooks/openai_agents/README.md +53 -0
- sourcerykit-1.0.0b1/pyproject.toml +135 -0
- sourcerykit-1.0.0b1/src/sourcerykit/__init__.py +31 -0
- sourcerykit-1.0.0b1/src/sourcerykit/bootstrap/__init__.py +3 -0
- sourcerykit-1.0.0b1/src/sourcerykit/bootstrap/_cache.py +118 -0
- sourcerykit-1.0.0b1/src/sourcerykit/bootstrap/bootstrap.py +46 -0
- sourcerykit-1.0.0b1/src/sourcerykit/cli/__init__.py +0 -0
- sourcerykit-1.0.0b1/src/sourcerykit/cli/config.py +136 -0
- sourcerykit-1.0.0b1/src/sourcerykit/cli/doctor.py +184 -0
- sourcerykit-1.0.0b1/src/sourcerykit/cli/endpoints.py +56 -0
- sourcerykit-1.0.0b1/src/sourcerykit/cli/feedback.py +57 -0
- sourcerykit-1.0.0b1/src/sourcerykit/cli/init.py +360 -0
- sourcerykit-1.0.0b1/src/sourcerykit/cli/logo.py +29 -0
- sourcerykit-1.0.0b1/src/sourcerykit/cli/main.py +50 -0
- sourcerykit-1.0.0b1/src/sourcerykit/cli/trace.py +237 -0
- sourcerykit-1.0.0b1/src/sourcerykit/cli/utils.py +160 -0
- sourcerykit-1.0.0b1/src/sourcerykit/config.py +213 -0
- sourcerykit-1.0.0b1/src/sourcerykit/db/__init__.py +1 -0
- sourcerykit-1.0.0b1/src/sourcerykit/db/_engine.py +98 -0
- sourcerykit-1.0.0b1/src/sourcerykit/db/_intercepts.py +75 -0
- sourcerykit-1.0.0b1/src/sourcerykit/db/_schema.py +139 -0
- sourcerykit-1.0.0b1/src/sourcerykit/db/_traces.py +140 -0
- sourcerykit-1.0.0b1/src/sourcerykit/db/_trusted_endpoints.py +107 -0
- sourcerykit-1.0.0b1/src/sourcerykit/errors/__init__.py +32 -0
- sourcerykit-1.0.0b1/src/sourcerykit/evaluator/__init__.py +3 -0
- sourcerykit-1.0.0b1/src/sourcerykit/evaluator/_eval_modes.py +151 -0
- sourcerykit-1.0.0b1/src/sourcerykit/evaluator/evaluator.py +120 -0
- sourcerykit-1.0.0b1/src/sourcerykit/handoff/__init__.py +5 -0
- sourcerykit-1.0.0b1/src/sourcerykit/handoff/_guide.py +46 -0
- sourcerykit-1.0.0b1/src/sourcerykit/handoff/_preprocess.py +21 -0
- sourcerykit-1.0.0b1/src/sourcerykit/handoff/_query_records.py +43 -0
- sourcerykit-1.0.0b1/src/sourcerykit/handoff/payload_builder.py +185 -0
- sourcerykit-1.0.0b1/src/sourcerykit/intercept/__init__.py +8 -0
- sourcerykit-1.0.0b1/src/sourcerykit/intercept/_aiohttp_hook.py +62 -0
- sourcerykit-1.0.0b1/src/sourcerykit/intercept/_httpx_hook.py +86 -0
- sourcerykit-1.0.0b1/src/sourcerykit/intercept/_loader.py +44 -0
- sourcerykit-1.0.0b1/src/sourcerykit/intercept/_self_egress.py +26 -0
- sourcerykit-1.0.0b1/src/sourcerykit/intercept/_storage.py +59 -0
- sourcerykit-1.0.0b1/src/sourcerykit/intercept/interceptor.py +85 -0
- sourcerykit-1.0.0b1/src/sourcerykit/intercept/requests_hook.py +97 -0
- sourcerykit-1.0.0b1/src/sourcerykit/logger.py +24 -0
- sourcerykit-1.0.0b1/src/sourcerykit/provably/__init__.py +3 -0
- sourcerykit-1.0.0b1/src/sourcerykit/provably/_answer_model.py +79 -0
- sourcerykit-1.0.0b1/src/sourcerykit/provably/_api.py +369 -0
- sourcerykit-1.0.0b1/src/sourcerykit/provably/_auth_api.py +157 -0
- sourcerykit-1.0.0b1/src/sourcerykit/provably/_errors.py +150 -0
- sourcerykit-1.0.0b1/src/sourcerykit/provably/_http.py +170 -0
- sourcerykit-1.0.0b1/src/sourcerykit/provably/auth_service.py +122 -0
- sourcerykit-1.0.0b1/src/sourcerykit/provably/service.py +617 -0
- sourcerykit-1.0.0b1/src/sourcerykit/schemas/__init__.py +6 -0
- sourcerykit-1.0.0b1/src/sourcerykit/schemas/agent_response.py +28 -0
- sourcerykit-1.0.0b1/src/sourcerykit/schemas/handoff.py +109 -0
- sourcerykit-1.0.0b1/src/sourcerykit/schemas/outcome.py +9 -0
- sourcerykit-1.0.0b1/src/sourcerykit/schemas/verification_mode.py +8 -0
- sourcerykit-1.0.0b1/src/sourcerykit/trusted_endpoints/__init__.py +11 -0
- sourcerykit-1.0.0b1/src/sourcerykit/trusted_endpoints/service.py +187 -0
- sourcerykit-1.0.0b1/src/sourcerykit/utils/__init__.py +5 -0
- sourcerykit-1.0.0b1/src/sourcerykit/utils/validation.py +20 -0
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
# Python
|
|
2
|
+
__pycache__/
|
|
3
|
+
*.py[cod]
|
|
4
|
+
*$py.class
|
|
5
|
+
*.so
|
|
6
|
+
.Python
|
|
7
|
+
build/
|
|
8
|
+
develop-eggs/
|
|
9
|
+
dist/
|
|
10
|
+
downloads/
|
|
11
|
+
eggs/
|
|
12
|
+
.eggs/
|
|
13
|
+
lib/
|
|
14
|
+
lib64/
|
|
15
|
+
parts/
|
|
16
|
+
sdist/
|
|
17
|
+
var/
|
|
18
|
+
wheels/
|
|
19
|
+
*.egg-info/
|
|
20
|
+
*.egg
|
|
21
|
+
MANIFEST
|
|
22
|
+
|
|
23
|
+
# Pre-commit hook environments (local cache)
|
|
24
|
+
.cache/
|
|
25
|
+
|
|
26
|
+
# Cursor IDE / debug session artifacts
|
|
27
|
+
.cursor/
|
|
28
|
+
|
|
29
|
+
# Virtual environments
|
|
30
|
+
.venv/
|
|
31
|
+
venv/
|
|
32
|
+
ENV/
|
|
33
|
+
env/
|
|
34
|
+
|
|
35
|
+
# Documentation
|
|
36
|
+
docs/_build/
|
|
37
|
+
|
|
38
|
+
# Testing / coverage
|
|
39
|
+
.pytest_cache/
|
|
40
|
+
.coverage
|
|
41
|
+
.coverage.*
|
|
42
|
+
htmlcov/
|
|
43
|
+
coverage.xml
|
|
44
|
+
.hypothesis/
|
|
45
|
+
|
|
46
|
+
# Type checkers / linters
|
|
47
|
+
.mypy_cache/
|
|
48
|
+
.ruff_cache/
|
|
49
|
+
.pytype/
|
|
50
|
+
|
|
51
|
+
# IDEs
|
|
52
|
+
.claude/
|
|
53
|
+
.idea/
|
|
54
|
+
.vscode/
|
|
55
|
+
*.swp
|
|
56
|
+
*.swo
|
|
57
|
+
|
|
58
|
+
# OS
|
|
59
|
+
.DS_Store
|
|
60
|
+
Thumbs.db
|
|
61
|
+
|
|
62
|
+
# Secrets
|
|
63
|
+
.env
|
|
64
|
+
.env.*
|
|
65
|
+
!.env.example
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
## 1.0.0
|
|
4
|
+
|
|
5
|
+
Major release following a full repository refactor. The package is now published as **`sourcerykit`**.
|
|
6
|
+
|
|
7
|
+
### Breaking changes
|
|
8
|
+
|
|
9
|
+
- **Package renamed** — all imports change from `provably` to `sourcerykit`. (#44)
|
|
10
|
+
- **`set_interceptor_context` removed** — replaced by the `intercept_context()` context manager, which correctly scopes the `ContextVar` and prevents leaks across requests. (#44)
|
|
11
|
+
- **Database schema redesigned** — `provably_intercepts` and `trusted_endpoints` now use `UUID` primary keys (was `SERIAL`) with updated column types (e.g. `indexed_average` stored as `TEXT`). Run `alembic upgrade head` (migration `000` drops old tables, `001`/`002` recreate them). (#44)
|
|
12
|
+
|
|
13
|
+
### Architecture & tooling
|
|
14
|
+
|
|
15
|
+
- **Async architecture** — HTTP client migrated to `httpx` async; database layer upgraded to async SQLAlchemy. (#44)
|
|
16
|
+
- **Alembic migrations** — schema changes are managed via versioned Alembic scripts. (#44)
|
|
17
|
+
- **Authentication service** — `SourceryKitAuthService` handles account and organisation management against the Provably API. (#44)
|
|
18
|
+
- **CLI setup wizard** — interactive `sourcerykit init` command for first-time account, org, and database configuration. (#44)
|
|
19
|
+
- **Test coverage gate** — `pytest-cov` enforces a 60 % floor on the unit suite in CI. (#44)
|
|
20
|
+
|
|
21
|
+
### Examples & onboarding
|
|
22
|
+
|
|
23
|
+
- **Cookbooks** — runnable examples using Claude Agent SDK, OpenAI Agents SDK and Langchain Agent SDK. (#44)
|
|
24
|
+
- **Skill** (`init-sourcerykit`) — step-by-step guided onboarding skill for adding SourceryKit to an existing agent project. (#44)
|
|
25
|
+
- **SDK documentation** — full developer docs (Sphinx) covering interception, handoffs, trusted endpoints, and verification modes. (#44)
|
|
26
|
+
|
|
27
|
+
## 0.2.0
|
|
28
|
+
|
|
29
|
+
- Added `configure_indexing(enable_indexing)`: one-call bootstrap (`initialize_runtime` + `init_interceptor` + enable/disable) for sender agents.
|
|
30
|
+
- Added `outcome_from_trace(trace)` and `aggregate_outcome(payload)` helpers for extracting and rolling up verdicts.
|
|
31
|
+
- Added `set_intercept_url_allowlist(urls)` to top-level namespace; scopes the simulation body hook to an explicit set of URLs.
|
|
32
|
+
- `Outcome` now includes `"ERROR"` alongside `"PASS"` and `"CAUGHT"`.
|
|
33
|
+
- Logging migrated from `print()` to structured `structlog` output.
|
|
34
|
+
|
|
35
|
+
## 0.1.0
|
|
36
|
+
|
|
37
|
+
Init.
|
|
38
|
+
|
|
39
|
+
- `initialize_runtime` for one-time bootstrap.
|
|
40
|
+
- `intercept` module: monkey-patches `requests` and `httpx`, records rows in `provably_intercepts`, enforces trusted-endpoint allow-list.
|
|
41
|
+
- `handoff` module: `HandoffPayload`, `HandoffClaim`, `post_handoff`, and `evaluate_handoff` with per-claim verification modes (`verbatim`, `field_extraction`, `schema_type`, `range_threshold`).
|
|
42
|
+
- `claim_contract` builder: generates the LLM-facing JSON contract from `HandoffClaim` + `VerificationMode`.
|
|
43
|
+
- `trusted_endpoints`: `is_trusted_endpoint`, `list_trusted_endpoints`, `check_claim_endpoints_are_trusted`.
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
# License
|
|
2
|
+
|
|
3
|
+
Business Source License 1.1
|
|
4
|
+
|
|
5
|
+
Copyright © 2026 Provably Technologies LTD
|
|
6
|
+
|
|
7
|
+
Use Limitation: You may not offer the Software as a commercial hosted
|
|
8
|
+
service without purchasing a commercial license from Provably Technologies Ltd.
|
|
9
|
+
|
|
10
|
+
Change Date: 2029-05-07
|
|
11
|
+
Change License: GPL-3.0-or-later
|
|
12
|
+
|
|
13
|
+
Business Source License 1.1
|
|
14
|
+
|
|
15
|
+
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
|
|
16
|
+
"Business Source License" is a trademark of MariaDB Corporation Ab.
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
1. Definitions
|
|
20
|
+
The "Licensed Work" is the software and documentation made available
|
|
21
|
+
under this License.
|
|
22
|
+
The "Licensor" is the entity offering the Licensed Work under this
|
|
23
|
+
License.
|
|
24
|
+
"You" refers to the licensee of the Licensed Work.
|
|
25
|
+
"Use Limitation" means the restrictions (if any) placed on your use of
|
|
26
|
+
the Licensed Work before the Change Date, as listed in the license
|
|
27
|
+
parameters at the top of this License.
|
|
28
|
+
"Additional Use Grant" means additional rights (if any) the Licensor
|
|
29
|
+
grants to you before the Change Date, as listed in the license parameters
|
|
30
|
+
at the top of this License.
|
|
31
|
+
The "Change License" is the license selected by the Licensor to replace
|
|
32
|
+
this License, as listed in the license parameters at the top of this
|
|
33
|
+
License.
|
|
34
|
+
The "Change Date" is the date when the license automatically changes
|
|
35
|
+
from this License to the Change License, as listed in the license
|
|
36
|
+
parameters at the top of this License.
|
|
37
|
+
"Distribution" and "Use" have the same meaning as under copyright law.
|
|
38
|
+
|
|
39
|
+
|
|
40
|
+
2. License Grant
|
|
41
|
+
From the Effective Date until the Change Date, the Licensor hereby grants
|
|
42
|
+
you the following rights:
|
|
43
|
+
a) The right to copy, modify, create derivative works, redistribute, and
|
|
44
|
+
make non-production Use of the Licensed Work, solely in compliance
|
|
45
|
+
with the Use Limitation and Additional Use Grant.
|
|
46
|
+
b) The right to sublicense the foregoing rights to third parties acting
|
|
47
|
+
on your behalf (for example, cloud service providers or contractors),
|
|
48
|
+
subject to the same Use Limitation.
|
|
49
|
+
|
|
50
|
+
All other rights are expressly reserved by the Licensor.
|
|
51
|
+
|
|
52
|
+
|
|
53
|
+
3. Change Date
|
|
54
|
+
On the Change Date, the rights granted in Section 2 terminate, and you
|
|
55
|
+
may thereafter exercise the rights granted to you under the Change
|
|
56
|
+
License. The Licensor will publish the Change License in the same
|
|
57
|
+
repository or source as the Licensed Work or in any successor location.
|
|
58
|
+
|
|
59
|
+
|
|
60
|
+
4. Compliance and Termination
|
|
61
|
+
Any Use of the Licensed Work not expressly permitted under this License
|
|
62
|
+
(including violating the Use Limitation) is **prohibited**.
|
|
63
|
+
|
|
64
|
+
If you violate this License, your rights will terminate automatically,
|
|
65
|
+
and you must cease all Use and Distribution of the Licensed Work as soon
|
|
66
|
+
as possible. Your licenses from anyone else remain in force.
|
|
67
|
+
|
|
68
|
+
|
|
69
|
+
5. Disclaimer of Warranty
|
|
70
|
+
THE LICENSED WORK IS PROVIDED "AS IS". TO THE MAXIMUM EXTENT PERMITTED
|
|
71
|
+
BY APPLICABLE LAW, THE LICENSOR DISCLAIMS ALL WARRANTIES, EXPRESS OR
|
|
72
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF
|
|
73
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND
|
|
74
|
+
NON-INFRINGEMENT.
|
|
75
|
+
|
|
76
|
+
|
|
77
|
+
6. Limitation of Liability
|
|
78
|
+
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE
|
|
79
|
+
LICENSOR BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR
|
|
80
|
+
CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE LICENSED
|
|
81
|
+
WORK OR THIS LICENSE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
|
82
|
+
|
|
83
|
+
|
|
84
|
+
7. Trademarks
|
|
85
|
+
This License does not grant permission to use the Licensor's trademarks
|
|
86
|
+
or trade names, except to the extent required for reasonable and
|
|
87
|
+
customary use in describing the origin of the Licensed Work.
|
|
88
|
+
|
|
89
|
+
|
|
90
|
+
8. Severability
|
|
91
|
+
If any provision of this License is held unenforceable or invalid under
|
|
92
|
+
applicable law, such provision shall be interpreted to accomplish the
|
|
93
|
+
objectives of such provision to the greatest extent possible and the
|
|
94
|
+
remaining provisions shall continue in full force and effect.
|
|
95
|
+
|
|
96
|
+
|
|
97
|
+
9. Governing Law
|
|
98
|
+
This License shall be governed by and construed in accordance with the
|
|
99
|
+
laws of the jurisdiction specified by the Licensor, excluding its
|
|
100
|
+
conflicts-of-law principles. If no jurisdiction is specified, the laws
|
|
101
|
+
of Finland apply (excluding conflict-of-law rules).
|
|
@@ -0,0 +1,228 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: sourcerykit
|
|
3
|
+
Version: 1.0.0b1
|
|
4
|
+
Summary: SourceryKit
|
|
5
|
+
Project-URL: Homepage, https://github.com/ProvablyAI/sourcerykit
|
|
6
|
+
Project-URL: Issues, https://github.com/ProvablyAI/sourcerykit/issues
|
|
7
|
+
Author: Provably Technologies Ltd
|
|
8
|
+
License: Proprietary
|
|
9
|
+
License-File: LICENSE.md
|
|
10
|
+
Keywords: agent,handoff,interceptor,provably,sourcerykit,verifiable
|
|
11
|
+
Classifier: Operating System :: OS Independent
|
|
12
|
+
Classifier: Programming Language :: Python :: 3
|
|
13
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
15
|
+
Requires-Python: >=3.12
|
|
16
|
+
Requires-Dist: aiohttp>=3.9
|
|
17
|
+
Requires-Dist: alembic>=1.13
|
|
18
|
+
Requires-Dist: greenlet>=3.0
|
|
19
|
+
Requires-Dist: httpx>=0.26
|
|
20
|
+
Requires-Dist: jsonschema>=4.0
|
|
21
|
+
Requires-Dist: msgspec>=0.18.0
|
|
22
|
+
Requires-Dist: psycopg[binary]>=3.1
|
|
23
|
+
Requires-Dist: pydantic>=2.6
|
|
24
|
+
Requires-Dist: python-dotenv>=1.2
|
|
25
|
+
Requires-Dist: questionary>=2.1
|
|
26
|
+
Requires-Dist: requests>=2.31
|
|
27
|
+
Requires-Dist: requests>=2.34
|
|
28
|
+
Requires-Dist: sqlalchemy>=2.0
|
|
29
|
+
Requires-Dist: structlog>=24.1
|
|
30
|
+
Requires-Dist: typer>=0.26
|
|
31
|
+
Provides-Extra: dev
|
|
32
|
+
Requires-Dist: build>=1.2; extra == 'dev'
|
|
33
|
+
Requires-Dist: coverage[toml]>=7.0; extra == 'dev'
|
|
34
|
+
Requires-Dist: mypy>=1.10; extra == 'dev'
|
|
35
|
+
Requires-Dist: myst-parser>=5.1; extra == 'dev'
|
|
36
|
+
Requires-Dist: openai-agents>=0.0.3; extra == 'dev'
|
|
37
|
+
Requires-Dist: pre-commit>=4.0; extra == 'dev'
|
|
38
|
+
Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
|
|
39
|
+
Requires-Dist: pytest-cov>=5.0; extra == 'dev'
|
|
40
|
+
Requires-Dist: pytest>=8.0; extra == 'dev'
|
|
41
|
+
Requires-Dist: ruff>=0.3; extra == 'dev'
|
|
42
|
+
Requires-Dist: sphinx-rtd-theme>=3.1; extra == 'dev'
|
|
43
|
+
Requires-Dist: sphinx>=9.1; extra == 'dev'
|
|
44
|
+
Requires-Dist: sphinxcontrib-mermaid>=2.0; extra == 'dev'
|
|
45
|
+
Requires-Dist: types-jsonschema>=4.0; extra == 'dev'
|
|
46
|
+
Requires-Dist: types-requests>=2.31; extra == 'dev'
|
|
47
|
+
Description-Content-Type: text/markdown
|
|
48
|
+
|
|
49
|
+
<div align="center">
|
|
50
|
+
<img src="https://github.com/ProvablyAI/sourcerykit/blob/main/docs/logo.svg" alt="SourceryKit" width="280" />
|
|
51
|
+
</div>
|
|
52
|
+
|
|
53
|
+
<div align="center">
|
|
54
|
+
|
|
55
|
+
[](https://github.com/ProvablyAI/sourcerykit/blob/main/CHANGELOG.md)
|
|
56
|
+
[](https://github.com/ProvablyAI/sourcerykit/blob/main/pyproject.toml)
|
|
57
|
+
[](https://github.com/ProvablyAI/sourcerykit/blob/main/LICENSE.md)
|
|
58
|
+
|
|
59
|
+
</div>
|
|
60
|
+
|
|
61
|
+
SourceryKit is the Python SDK for [Provably](https://provably.ai). It provides verifiable guardrails for AI agents by automatically recording outbound HTTP calls, enforcing endpoint policies, and checking your agent's claims against a source of truth—all before any request leaves your process.
|
|
62
|
+
|
|
63
|
+
---
|
|
64
|
+
|
|
65
|
+
> [!IMPORTANT]
|
|
66
|
+
> Upgrading the SDK from v0.2 to v1.0? See the [v1.0 migration guide](https://github.com/ProvablyAI/sourcerykit/blob/main/docs/migrations/v1_0/v1_0.md).
|
|
67
|
+
|
|
68
|
+
|
|
69
|
+
## How Does It Work?
|
|
70
|
+
|
|
71
|
+
SourceryKit handles policy enforcement and logging right inside your agent's normal workflow:
|
|
72
|
+
|
|
73
|
+
|
|
74
|
+
```mermaid
|
|
75
|
+
flowchart TD
|
|
76
|
+
Agent([Agent]) -->|Initializes| Bootstrap[Bootstrap System]
|
|
77
|
+
Bootstrap -->|Configures| Interceptor[HTTP Interceptor]
|
|
78
|
+
Bootstrap -->|Registers| TrustedEndpoints[(Trusted Endpoints)]
|
|
79
|
+
|
|
80
|
+
Agent -->|Outbound HTTP| Interceptor
|
|
81
|
+
Interceptor -->|Validates against| TrustedEndpoints
|
|
82
|
+
Interceptor -->|Logs to| Intercepts[(Intercepts Table)]
|
|
83
|
+
|
|
84
|
+
Agent -->|Submits| Handoff[Handoff Payload]
|
|
85
|
+
Handoff -->|Verified by| Evaluator[Evaluator]
|
|
86
|
+
Evaluator -->|Queries records| Provably[Provably Backend]
|
|
87
|
+
Provably -->|Generates proofs from| Intercepts
|
|
88
|
+
Evaluator -->|Returns Verdict| Agent
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
### The Pieces
|
|
92
|
+
|
|
93
|
+
- **HTTP Interceptor**: Patches your HTTP libraries to watch and log outbound calls, blocking untrusted requests on the spot.
|
|
94
|
+
- **Trusted Endpoints**: A database allow-list of approved destinations for your agent.
|
|
95
|
+
- **Intercepts Table**: An append-only DB table that logs every request and response for auditing.
|
|
96
|
+
- **SourceryKitAgentResponse**: A Pydantic model used as the structured response_format for your agent. Enforces a typed response contract with a `claimed_values` list of extracted values.
|
|
97
|
+
- **Handoff Payload**: A clean data bundle containing the claims your agent is making about its external actions.
|
|
98
|
+
- **Evaluator**: Compares the handoff payload against records in the Provably backend to give you a clear verdict.
|
|
99
|
+
- **Provably Backend**: The source of truth that turns your local intercepts into anchored verification proofs.
|
|
100
|
+
|
|
101
|
+
|
|
102
|
+
## Quick Example
|
|
103
|
+
Here is how to bootstrap the system, run an intercepted request, build a payload, and check if everything passes validation:
|
|
104
|
+
|
|
105
|
+
```python
|
|
106
|
+
import uuid
|
|
107
|
+
import httpx
|
|
108
|
+
import sourcerykit
|
|
109
|
+
from agents import Agent, Runner
|
|
110
|
+
from sourcerykit import SourceryKitAgentResponse
|
|
111
|
+
|
|
112
|
+
async def run_verifiable_agent():
|
|
113
|
+
# 1. Fire up the system
|
|
114
|
+
await sourcerykit.bootstrap_system()
|
|
115
|
+
|
|
116
|
+
# 2. Tell the registry which URL is allowed
|
|
117
|
+
await sourcerykit.insert_trusted_endpoint(url="https://api.example.com/data")
|
|
118
|
+
|
|
119
|
+
# 3. Make a network call inside an intercept context
|
|
120
|
+
async with sourcerykit.async_intercept_context(agent_id="demo-agent", action_name="get_data"):
|
|
121
|
+
async with httpx.AsyncClient() as client:
|
|
122
|
+
response = await client.get(
|
|
123
|
+
"https://api.example.com/data",
|
|
124
|
+
params={"query": "example_parameter"}
|
|
125
|
+
)
|
|
126
|
+
response.raise_for_status()
|
|
127
|
+
|
|
128
|
+
# 4. Configure your agent with SourceryKitAgentResponse as the structured output type
|
|
129
|
+
# and run it. Each framework exposes the typed result differently, but the output
|
|
130
|
+
# is always a SourceryKitAgentResponse with `claimed_values`.
|
|
131
|
+
# Pass the keyword argument supported by your framework, e.g.:
|
|
132
|
+
# output_type=SourceryKitAgentResponse (OpenAI Agents SDK)
|
|
133
|
+
# response_format=SourceryKitAgentResponse (LangChain)
|
|
134
|
+
prompt = You are a helpful assistant.
|
|
135
|
+
agent = Agent(
|
|
136
|
+
name="demo-agent",
|
|
137
|
+
instructions=prompt,
|
|
138
|
+
tools=[...],
|
|
139
|
+
model=MODEL_NAME,
|
|
140
|
+
output_type=SourceryKitAgentResponse,
|
|
141
|
+
)
|
|
142
|
+
result = await Runner.run(agent, prompt)
|
|
143
|
+
final_output: SourceryKitAgentResponse = result.final_output
|
|
144
|
+
|
|
145
|
+
# 5. Build the handoff payload from the agent's structured output
|
|
146
|
+
payload_data = {
|
|
147
|
+
"reasoning": final_output.reasoning,
|
|
148
|
+
"claims": [
|
|
149
|
+
{
|
|
150
|
+
"action_name": "get_data",
|
|
151
|
+
"claimed_value": final_output.claimed_values,
|
|
152
|
+
"verification_mode": "field_extraction",
|
|
153
|
+
}
|
|
154
|
+
],
|
|
155
|
+
}
|
|
156
|
+
|
|
157
|
+
payload = await sourcerykit.build_handoff_payload(
|
|
158
|
+
payload_data,
|
|
159
|
+
run_id=uuid.uuid4(),
|
|
160
|
+
prompt=prompt,
|
|
161
|
+
intercept_agent_id="demo-agent",
|
|
162
|
+
)
|
|
163
|
+
|
|
164
|
+
# 6. Ask the evaluator for a verdict
|
|
165
|
+
result = await sourcerykit.evaluate_handoff(payload=payload)
|
|
166
|
+
print(f"Evaluation Outcome: {result.get('outcome')}") # PASS, CAUGHT, or ERROR
|
|
167
|
+
```
|
|
168
|
+
|
|
169
|
+
## Installation
|
|
170
|
+
|
|
171
|
+
SourceryKit requires **Python 3.12+**. You can grab it directly from source:
|
|
172
|
+
|
|
173
|
+
```bash
|
|
174
|
+
git clone git@github.com:ProvablyAI/sourcerykit.git
|
|
175
|
+
pip install -e ./sourcerykit
|
|
176
|
+
```
|
|
177
|
+
|
|
178
|
+
Or install it directly via pip:
|
|
179
|
+
|
|
180
|
+
```bash
|
|
181
|
+
pip install sourcerykit
|
|
182
|
+
```
|
|
183
|
+
|
|
184
|
+
|
|
185
|
+
## Configuration
|
|
186
|
+
To get things running, SourceryKit must be configured with your project variables. The interactive CLI handles account provisioning, organization workspace initialization, database validation, and persists credentials globally (OS application folder) and locally (project `.env`).
|
|
187
|
+
|
|
188
|
+
```bash
|
|
189
|
+
sourcerykit init
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
The wizard will guide you through:
|
|
193
|
+
- **Account Setup & Authorization**: Create a new account or log into an existing one, and select your organization workspace.
|
|
194
|
+
- **API Key Generation**: Automatically fetch your SDK API-KEY from your account profile.
|
|
195
|
+
- **Database Handshake**: Enter your database details, test the connection, and ensure it's accessible.
|
|
196
|
+
- **Save Config**: Automatically write your credentials and tokens straight to a local .env file.
|
|
197
|
+
|
|
198
|
+
> [!IMPORTANT]
|
|
199
|
+
> The wizard only configures **SOURCERYKIT_*** variables. It does **not** handle third-party LLM provider infrastructure keys, which must still be exported separately.
|
|
200
|
+
|
|
201
|
+
For a full list of environment variables, see [.env.example](https://github.com/ProvablyAI/sourcerykit/blob/main/.env.example).
|
|
202
|
+
|
|
203
|
+
For a full list of CLI commands, run:
|
|
204
|
+
```bash
|
|
205
|
+
sourcerykit --help
|
|
206
|
+
```
|
|
207
|
+
|
|
208
|
+
## More Docs
|
|
209
|
+
Want to dig into the details? Check out the specific guides:
|
|
210
|
+
|
|
211
|
+
- [Architecture Overview](https://github.com/ProvablyAI/sourcerykit/blob/main/docs/architecture.md)
|
|
212
|
+
- [HTTP Interception](https://github.com/ProvablyAI/sourcerykit/blob/main/docs/intercept.md)
|
|
213
|
+
- [Managing Trusted Endpoints](https://github.com/ProvablyAI/sourcerykit/blob/main/docs/trusted-endpoints.md)
|
|
214
|
+
- [Handoff Contracts & Evaluation](https://github.com/ProvablyAI/sourcerykit/blob/main/docs/handoff.md)
|
|
215
|
+
|
|
216
|
+
|
|
217
|
+
## Contributing
|
|
218
|
+
We welcome fixes, features, and doc updates! Check out [CONTRIBUTING.md](https://github.com/ProvablyAI/sourcerykit/blob/main/CONTRIBUTING.md) to see how to run tests and open up a pull request.
|
|
219
|
+
|
|
220
|
+
## License
|
|
221
|
+
|
|
222
|
+
This project is licensed under the [Business Source License 1.1](https://github.com/ProvablyAI/sourcerykit/blob/main/LICENSE.md).
|
|
223
|
+
|
|
224
|
+
- Copyright © 2026 Provably Technologies LTD
|
|
225
|
+
- You may not offer the Software as a commercial hosted service without purchasing a commercial license from [Provably Technologies Ltd](https://provably.ai).
|
|
226
|
+
- On 2029-05-07, the license will automatically convert to GPL-3.0-or-later.
|
|
227
|
+
|
|
228
|
+
See the [LICENSE](https://github.com/ProvablyAI/sourcerykit/blob/main/LICENSE.md) file for full terms and details.
|
|
@@ -0,0 +1,180 @@
|
|
|
1
|
+
<div align="center">
|
|
2
|
+
<img src="https://github.com/ProvablyAI/sourcerykit/blob/main/docs/logo.svg" alt="SourceryKit" width="280" />
|
|
3
|
+
</div>
|
|
4
|
+
|
|
5
|
+
<div align="center">
|
|
6
|
+
|
|
7
|
+
[](https://github.com/ProvablyAI/sourcerykit/blob/main/CHANGELOG.md)
|
|
8
|
+
[](https://github.com/ProvablyAI/sourcerykit/blob/main/pyproject.toml)
|
|
9
|
+
[](https://github.com/ProvablyAI/sourcerykit/blob/main/LICENSE.md)
|
|
10
|
+
|
|
11
|
+
</div>
|
|
12
|
+
|
|
13
|
+
SourceryKit is the Python SDK for [Provably](https://provably.ai). It provides verifiable guardrails for AI agents by automatically recording outbound HTTP calls, enforcing endpoint policies, and checking your agent's claims against a source of truth—all before any request leaves your process.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
> [!IMPORTANT]
|
|
18
|
+
> Upgrading the SDK from v0.2 to v1.0? See the [v1.0 migration guide](https://github.com/ProvablyAI/sourcerykit/blob/main/docs/migrations/v1_0/v1_0.md).
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
## How Does It Work?
|
|
22
|
+
|
|
23
|
+
SourceryKit handles policy enforcement and logging right inside your agent's normal workflow:
|
|
24
|
+
|
|
25
|
+
|
|
26
|
+
```mermaid
|
|
27
|
+
flowchart TD
|
|
28
|
+
Agent([Agent]) -->|Initializes| Bootstrap[Bootstrap System]
|
|
29
|
+
Bootstrap -->|Configures| Interceptor[HTTP Interceptor]
|
|
30
|
+
Bootstrap -->|Registers| TrustedEndpoints[(Trusted Endpoints)]
|
|
31
|
+
|
|
32
|
+
Agent -->|Outbound HTTP| Interceptor
|
|
33
|
+
Interceptor -->|Validates against| TrustedEndpoints
|
|
34
|
+
Interceptor -->|Logs to| Intercepts[(Intercepts Table)]
|
|
35
|
+
|
|
36
|
+
Agent -->|Submits| Handoff[Handoff Payload]
|
|
37
|
+
Handoff -->|Verified by| Evaluator[Evaluator]
|
|
38
|
+
Evaluator -->|Queries records| Provably[Provably Backend]
|
|
39
|
+
Provably -->|Generates proofs from| Intercepts
|
|
40
|
+
Evaluator -->|Returns Verdict| Agent
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
### The Pieces
|
|
44
|
+
|
|
45
|
+
- **HTTP Interceptor**: Patches your HTTP libraries to watch and log outbound calls, blocking untrusted requests on the spot.
|
|
46
|
+
- **Trusted Endpoints**: A database allow-list of approved destinations for your agent.
|
|
47
|
+
- **Intercepts Table**: An append-only DB table that logs every request and response for auditing.
|
|
48
|
+
- **SourceryKitAgentResponse**: A Pydantic model used as the structured response_format for your agent. Enforces a typed response contract with a `claimed_values` list of extracted values.
|
|
49
|
+
- **Handoff Payload**: A clean data bundle containing the claims your agent is making about its external actions.
|
|
50
|
+
- **Evaluator**: Compares the handoff payload against records in the Provably backend to give you a clear verdict.
|
|
51
|
+
- **Provably Backend**: The source of truth that turns your local intercepts into anchored verification proofs.
|
|
52
|
+
|
|
53
|
+
|
|
54
|
+
## Quick Example
|
|
55
|
+
Here is how to bootstrap the system, run an intercepted request, build a payload, and check if everything passes validation:
|
|
56
|
+
|
|
57
|
+
```python
|
|
58
|
+
import uuid
|
|
59
|
+
import httpx
|
|
60
|
+
import sourcerykit
|
|
61
|
+
from agents import Agent, Runner
|
|
62
|
+
from sourcerykit import SourceryKitAgentResponse
|
|
63
|
+
|
|
64
|
+
async def run_verifiable_agent():
|
|
65
|
+
# 1. Fire up the system
|
|
66
|
+
await sourcerykit.bootstrap_system()
|
|
67
|
+
|
|
68
|
+
# 2. Tell the registry which URL is allowed
|
|
69
|
+
await sourcerykit.insert_trusted_endpoint(url="https://api.example.com/data")
|
|
70
|
+
|
|
71
|
+
# 3. Make a network call inside an intercept context
|
|
72
|
+
async with sourcerykit.async_intercept_context(agent_id="demo-agent", action_name="get_data"):
|
|
73
|
+
async with httpx.AsyncClient() as client:
|
|
74
|
+
response = await client.get(
|
|
75
|
+
"https://api.example.com/data",
|
|
76
|
+
params={"query": "example_parameter"}
|
|
77
|
+
)
|
|
78
|
+
response.raise_for_status()
|
|
79
|
+
|
|
80
|
+
# 4. Configure your agent with SourceryKitAgentResponse as the structured output type
|
|
81
|
+
# and run it. Each framework exposes the typed result differently, but the output
|
|
82
|
+
# is always a SourceryKitAgentResponse with `claimed_values`.
|
|
83
|
+
# Pass the keyword argument supported by your framework, e.g.:
|
|
84
|
+
# output_type=SourceryKitAgentResponse (OpenAI Agents SDK)
|
|
85
|
+
# response_format=SourceryKitAgentResponse (LangChain)
|
|
86
|
+
prompt = You are a helpful assistant.
|
|
87
|
+
agent = Agent(
|
|
88
|
+
name="demo-agent",
|
|
89
|
+
instructions=prompt,
|
|
90
|
+
tools=[...],
|
|
91
|
+
model=MODEL_NAME,
|
|
92
|
+
output_type=SourceryKitAgentResponse,
|
|
93
|
+
)
|
|
94
|
+
result = await Runner.run(agent, prompt)
|
|
95
|
+
final_output: SourceryKitAgentResponse = result.final_output
|
|
96
|
+
|
|
97
|
+
# 5. Build the handoff payload from the agent's structured output
|
|
98
|
+
payload_data = {
|
|
99
|
+
"reasoning": final_output.reasoning,
|
|
100
|
+
"claims": [
|
|
101
|
+
{
|
|
102
|
+
"action_name": "get_data",
|
|
103
|
+
"claimed_value": final_output.claimed_values,
|
|
104
|
+
"verification_mode": "field_extraction",
|
|
105
|
+
}
|
|
106
|
+
],
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
payload = await sourcerykit.build_handoff_payload(
|
|
110
|
+
payload_data,
|
|
111
|
+
run_id=uuid.uuid4(),
|
|
112
|
+
prompt=prompt,
|
|
113
|
+
intercept_agent_id="demo-agent",
|
|
114
|
+
)
|
|
115
|
+
|
|
116
|
+
# 6. Ask the evaluator for a verdict
|
|
117
|
+
result = await sourcerykit.evaluate_handoff(payload=payload)
|
|
118
|
+
print(f"Evaluation Outcome: {result.get('outcome')}") # PASS, CAUGHT, or ERROR
|
|
119
|
+
```
|
|
120
|
+
|
|
121
|
+
## Installation
|
|
122
|
+
|
|
123
|
+
SourceryKit requires **Python 3.12+**. You can grab it directly from source:
|
|
124
|
+
|
|
125
|
+
```bash
|
|
126
|
+
git clone git@github.com:ProvablyAI/sourcerykit.git
|
|
127
|
+
pip install -e ./sourcerykit
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
Or install it directly via pip:
|
|
131
|
+
|
|
132
|
+
```bash
|
|
133
|
+
pip install sourcerykit
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
|
|
137
|
+
## Configuration
|
|
138
|
+
To get things running, SourceryKit must be configured with your project variables. The interactive CLI handles account provisioning, organization workspace initialization, database validation, and persists credentials globally (OS application folder) and locally (project `.env`).
|
|
139
|
+
|
|
140
|
+
```bash
|
|
141
|
+
sourcerykit init
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
The wizard will guide you through:
|
|
145
|
+
- **Account Setup & Authorization**: Create a new account or log into an existing one, and select your organization workspace.
|
|
146
|
+
- **API Key Generation**: Automatically fetch your SDK API-KEY from your account profile.
|
|
147
|
+
- **Database Handshake**: Enter your database details, test the connection, and ensure it's accessible.
|
|
148
|
+
- **Save Config**: Automatically write your credentials and tokens straight to a local .env file.
|
|
149
|
+
|
|
150
|
+
> [!IMPORTANT]
|
|
151
|
+
> The wizard only configures **SOURCERYKIT_*** variables. It does **not** handle third-party LLM provider infrastructure keys, which must still be exported separately.
|
|
152
|
+
|
|
153
|
+
For a full list of environment variables, see [.env.example](https://github.com/ProvablyAI/sourcerykit/blob/main/.env.example).
|
|
154
|
+
|
|
155
|
+
For a full list of CLI commands, run:
|
|
156
|
+
```bash
|
|
157
|
+
sourcerykit --help
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
## More Docs
|
|
161
|
+
Want to dig into the details? Check out the specific guides:
|
|
162
|
+
|
|
163
|
+
- [Architecture Overview](https://github.com/ProvablyAI/sourcerykit/blob/main/docs/architecture.md)
|
|
164
|
+
- [HTTP Interception](https://github.com/ProvablyAI/sourcerykit/blob/main/docs/intercept.md)
|
|
165
|
+
- [Managing Trusted Endpoints](https://github.com/ProvablyAI/sourcerykit/blob/main/docs/trusted-endpoints.md)
|
|
166
|
+
- [Handoff Contracts & Evaluation](https://github.com/ProvablyAI/sourcerykit/blob/main/docs/handoff.md)
|
|
167
|
+
|
|
168
|
+
|
|
169
|
+
## Contributing
|
|
170
|
+
We welcome fixes, features, and doc updates! Check out [CONTRIBUTING.md](https://github.com/ProvablyAI/sourcerykit/blob/main/CONTRIBUTING.md) to see how to run tests and open up a pull request.
|
|
171
|
+
|
|
172
|
+
## License
|
|
173
|
+
|
|
174
|
+
This project is licensed under the [Business Source License 1.1](https://github.com/ProvablyAI/sourcerykit/blob/main/LICENSE.md).
|
|
175
|
+
|
|
176
|
+
- Copyright © 2026 Provably Technologies LTD
|
|
177
|
+
- You may not offer the Software as a commercial hosted service without purchasing a commercial license from [Provably Technologies Ltd](https://provably.ai).
|
|
178
|
+
- On 2029-05-07, the license will automatically convert to GPL-3.0-or-later.
|
|
179
|
+
|
|
180
|
+
See the [LICENSE](https://github.com/ProvablyAI/sourcerykit/blob/main/LICENSE.md) file for full terms and details.
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# Claude Agent SDK
|
|
2
|
+
This example demonstrates how to integrate SourceryKit with the [Claude Agent SDK](https://github.com/anthropics/claude-agent-sdk-python). It showcases automated intercept capture, target endpoint allow-list constraints, and runtime evaluation loops inside a structured agent execution flow.
|
|
3
|
+
|
|
4
|
+
## How It Works
|
|
5
|
+
1. **HTTP Interception**: The `bootstrap_system()` hook dynamically monitors outbound `httpx` calls, ensuring that network operations generated within the agent tool loop (`get_current_temperature_london`) are securely logged to your database intercepts table.
|
|
6
|
+
2. **All-Method Trust Gate**: SourceryKit enforces structural target validation checks against your external network endpoints. The external weather lookup endpoint (`api.open-meteo.com`) is explicitly registered via policy seeds (`insert_trusted_endpoint`) before execution.
|
|
7
|
+
3. **Automated Handoff & Evaluation**: Captured network states are bundled alongside the agent's structured `SourceryKitAgentResponse` output. The agent is configured with `output_format={"type": "json_schema", "schema": SourceryKitAgentResponse.model_json_schema()}`, which enforces a typed contract—the LLM returns a `reasoning` string and a `claimed_values` list of `ClaimedValue` objects (each with a JSONPath `path` and extracted string `value`). These `claimed_values` are passed as the `claimed_value` field in the handoff payload and submitted to `evaluate_handoff` to verify data integrity and catch hallucinations.
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
## Environment Configuration
|
|
11
|
+
Before running the agent, run the interactive setup wizard to configure your SourceryKit project variables automatically:
|
|
12
|
+
|
|
13
|
+
```bash
|
|
14
|
+
sourcerykit init
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
> [!IMPORTANT]
|
|
18
|
+
> The wizard only configures **SOURCERYKIT_*** variables. It does **not** configure your LLM provider infrastructure keys (like `MODEL_NAME` or `ANTHROPIC_API_KEY`). Those must still be set up separately in your environment.
|
|
19
|
+
|
|
20
|
+
You will also need to set these LLM-provider variables manually:
|
|
21
|
+
|
|
22
|
+
| Variable | Required | Description |
|
|
23
|
+
|---|---|---|
|
|
24
|
+
| `MODEL_NAME` | **yes** | Targeted model architecture identifier string passed to create_agent (e.g., `claude-haiku-4-5`). |
|
|
25
|
+
| `ANTHROPIC_API_KEY` | **yes** | API authentication token. |
|
|
26
|
+
|
|
27
|
+
---
|
|
28
|
+
|
|
29
|
+
## Execution
|
|
30
|
+
|
|
31
|
+
1. Install the SDK package:
|
|
32
|
+
```bash
|
|
33
|
+
pip install sourcerykit claude-agent-sdk python-dotenv httpx pydantic
|
|
34
|
+
```
|
|
35
|
+
2. Export your LLM-provider keys into your current shell or place them in a local `.env` file:
|
|
36
|
+
```bash
|
|
37
|
+
export MODEL_NAME="claude-haiku-4-5"
|
|
38
|
+
export ANTHROPIC_API_KEY="sk-ant-..."
|
|
39
|
+
```
|
|
40
|
+
3. Run the example:
|
|
41
|
+
```bash
|
|
42
|
+
# Standard Validation
|
|
43
|
+
python agent_run.py
|
|
44
|
+
|
|
45
|
+
# or
|
|
46
|
+
|
|
47
|
+
# Hallucination Simulation
|
|
48
|
+
python agent_run.py --tamper
|
|
49
|
+
```
|