spanforge 1.0.0__tar.gz → 1.0.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (582) hide show
  1. {spanforge-1.0.0 → spanforge-1.0.2}/.gitignore +4 -1
  2. spanforge-1.0.2/.sf-gate/artifacts/g1_result.json +11 -0
  3. spanforge-1.0.2/.sf-gate/artifacts/gate5_governance_result.json +11 -0
  4. {spanforge-1.0.0 → spanforge-1.0.2}/.sf-gate/artifacts/gate6_trust_result.json +3 -3
  5. {spanforge-1.0.0 → spanforge-1.0.2}/.sf-gate/artifacts/test-gate_result.json +2 -2
  6. {spanforge-1.0.0 → spanforge-1.0.2}/PKG-INFO +78 -26
  7. {spanforge-1.0.0 → spanforge-1.0.2}/README.md +77 -25
  8. {spanforge-1.0.0 → spanforge-1.0.2}/RELEASE.md +1 -1
  9. spanforge-1.0.2/SPANFORGE_COMPLETE_Master_Build_Plan_v6_FULL.md +949 -0
  10. spanforge-1.0.2/artifacts/g1_result.json +11 -0
  11. spanforge-1.0.2/artifacts/gate5_governance_result.json +11 -0
  12. spanforge-1.0.2/artifacts/gate6_trust_result.json +14 -0
  13. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/compliance.md +133 -4
  14. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/exceptions.md +34 -2
  15. spanforge-1.0.2/docs/api/explain.md +200 -0
  16. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/gate.md +15 -13
  17. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/governance.md +45 -0
  18. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/hooks.md +1 -0
  19. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/pii.md +12 -9
  20. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/pipelines.md +23 -23
  21. spanforge-1.0.2/docs/api/rbac.md +96 -0
  22. spanforge-1.0.2/docs/api/scope.md +126 -0
  23. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/sdk-reference.md +35 -0
  24. spanforge-1.0.2/docs/api/testing_mocks.md +275 -0
  25. spanforge-1.0.2/docs/api/validate.md +387 -0
  26. {spanforge-1.0.0 → spanforge-1.0.2}/docs/changelog.md +336 -6
  27. {spanforge-1.0.0 → spanforge-1.0.2}/docs/cli.md +728 -28
  28. {spanforge-1.0.0 → spanforge-1.0.2}/docs/configuration.md +61 -0
  29. spanforge-1.0.2/docs/ga-release-notes.md +104 -0
  30. {spanforge-1.0.0 → spanforge-1.0.2}/docs/index.md +2 -1
  31. {spanforge-1.0.0 → spanforge-1.0.2}/docs/installation.md +1 -1
  32. {spanforge-1.0.0 → spanforge-1.0.2}/docs/runbook.md +17 -17
  33. {spanforge-1.0.0 → spanforge-1.0.2}/docs/runtime-governance.md +17 -9
  34. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/compliance.md +131 -6
  35. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/export.md +6 -1
  36. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/gate.md +2 -2
  37. spanforge-1.0.2/examples/explain_demo.py +133 -0
  38. spanforge-1.0.2/examples/scope_demo.py +207 -0
  39. spanforge-1.0.2/examples/scope_manifest.yaml +55 -0
  40. spanforge-1.0.2/examples/validate_demo.py +216 -0
  41. {spanforge-1.0.0 → spanforge-1.0.2}/pyproject.toml +12 -1
  42. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/__init__.py +78 -0
  43. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_cli.py +901 -39
  44. spanforge-1.0.2/src/spanforge/_cli_audit.py +1595 -0
  45. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_cli_compliance.py +183 -2
  46. spanforge-1.0.2/src/spanforge/_cli_config.py +583 -0
  47. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_cli_ops.py +506 -5
  48. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/compliance.py +329 -325
  49. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/core/compliance_mapping.py +511 -26
  50. spanforge-1.0.2/src/spanforge/core/dx.py +214 -0
  51. spanforge-1.0.2/src/spanforge/export/siem.py +214 -0
  52. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/governance.py +80 -2
  53. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/langgraph.py +207 -0
  54. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/migrate.py +192 -0
  55. spanforge-1.0.2/src/spanforge/schemas/frameworks/frameworks.yaml +295 -0
  56. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/__init__.py +145 -122
  57. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/_exceptions.py +34 -0
  58. spanforge-1.0.2/src/spanforge/sdk/dataset_scanner.py +624 -0
  59. spanforge-1.0.2/src/spanforge/sdk/explain.py +730 -0
  60. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/fallback.py +37 -1
  61. spanforge-1.0.2/src/spanforge/sdk/rbac.py +550 -0
  62. spanforge-1.0.2/src/spanforge/sdk/scope.py +585 -0
  63. spanforge-1.0.2/src/spanforge/sdk/validate.py +683 -0
  64. spanforge-1.0.2/src/spanforge/validate.py +775 -0
  65. spanforge-1.0.2/src/spanforge/workflow.py +1366 -0
  66. {spanforge-1.0.0 → spanforge-1.0.2}/tests/conformance/fixtures/compliance.json +5 -5
  67. spanforge-1.0.2/tests/fixtures/clean_dataset/data.jsonl +5 -0
  68. spanforge-1.0.2/tests/fixtures/no_consent_dataset/data.jsonl +5 -0
  69. spanforge-1.0.2/tests/fixtures/pii_dataset/data.jsonl +5 -0
  70. spanforge-1.0.2/tests/test_1e1_siem_langgraph.py +417 -0
  71. spanforge-1.0.2/tests/test_cli_compliance_dataset.py +444 -0
  72. spanforge-1.0.2/tests/test_cli_config_1d1.py +600 -0
  73. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_compliance_mapping.py +2 -1
  74. spanforge-1.0.2/tests/test_coverage_supplement_1.py +974 -0
  75. spanforge-1.0.2/tests/test_coverage_supplement_2.py +782 -0
  76. spanforge-1.0.2/tests/test_coverage_supplement_3.py +549 -0
  77. spanforge-1.0.2/tests/test_coverage_supplement_4.py +835 -0
  78. spanforge-1.0.2/tests/test_dataset_scanner.py +236 -0
  79. spanforge-1.0.2/tests/test_e2e_cli.py +1141 -0
  80. spanforge-1.0.2/tests/test_framework_mapper.py +836 -0
  81. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase0_scale.py +1 -0
  82. spanforge-1.0.2/tests/test_sdk_explain.py +553 -0
  83. spanforge-1.0.2/tests/test_sdk_scope.py +603 -0
  84. spanforge-1.0.2/tests/test_sdk_validate.py +521 -0
  85. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_explain.py +78 -1
  86. spanforge-1.0.2/tests/test_sf_rbac.py +668 -0
  87. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_scope.py +155 -1
  88. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_types.py +23 -22
  89. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_validate.py +187 -0
  90. spanforge-1.0.2/tests/test_workflow.py +1445 -0
  91. spanforge-1.0.0/docs/api/explain.md +0 -59
  92. spanforge-1.0.0/docs/api/rbac.md +0 -43
  93. spanforge-1.0.0/docs/api/scope.md +0 -51
  94. spanforge-1.0.0/docs/api/testing_mocks.md +0 -247
  95. spanforge-1.0.0/docs/api/validate.md +0 -109
  96. spanforge-1.0.0/docs/ga-release-notes.md +0 -56
  97. spanforge-1.0.0/src/spanforge/_cli_audit.py +0 -639
  98. spanforge-1.0.0/src/spanforge/sdk/explain.py +0 -170
  99. spanforge-1.0.0/src/spanforge/sdk/rbac.py +0 -280
  100. spanforge-1.0.0/src/spanforge/sdk/scope.py +0 -279
  101. spanforge-1.0.0/src/spanforge/validate.py +0 -379
  102. spanforge-1.0.0/tests/test_sf_rbac.py +0 -204
  103. {spanforge-1.0.0 → spanforge-1.0.2}/.bandit +0 -0
  104. {spanforge-1.0.0 → spanforge-1.0.2}/.gitattributes +0 -0
  105. {spanforge-1.0.0 → spanforge-1.0.2}/.github/CODEOWNERS +0 -0
  106. {spanforge-1.0.0 → spanforge-1.0.2}/.github/ISSUE_TEMPLATE/bug_report.yml +0 -0
  107. {spanforge-1.0.0 → spanforge-1.0.2}/.github/ISSUE_TEMPLATE/config.yml +0 -0
  108. {spanforge-1.0.0 → spanforge-1.0.2}/.github/ISSUE_TEMPLATE/feature_request.yml +0 -0
  109. {spanforge-1.0.0 → spanforge-1.0.2}/.github/ISSUE_TEMPLATE/rfc.yml +0 -0
  110. {spanforge-1.0.0 → spanforge-1.0.2}/.github/pull_request_template.md +0 -0
  111. {spanforge-1.0.0 → spanforge-1.0.2}/.github/workflows/ci.yml +0 -0
  112. {spanforge-1.0.0 → spanforge-1.0.2}/.github/workflows/release.yml +0 -0
  113. {spanforge-1.0.0 → spanforge-1.0.2}/.pre-commit-hooks.yaml +0 -0
  114. {spanforge-1.0.0 → spanforge-1.0.2}/CNAME +0 -0
  115. {spanforge-1.0.0 → spanforge-1.0.2}/CODE_OF_CONDUCT.md +0 -0
  116. {spanforge-1.0.0 → spanforge-1.0.2}/CONFORMANCE.md +0 -0
  117. {spanforge-1.0.0 → spanforge-1.0.2}/LICENSE +0 -0
  118. {spanforge-1.0.0 → spanforge-1.0.2}/MAINTAINERS.md +0 -0
  119. {spanforge-1.0.0 → spanforge-1.0.2}/PRICING.md +0 -0
  120. {spanforge-1.0.0 → spanforge-1.0.2}/SECURITY.md +0 -0
  121. {spanforge-1.0.0 → spanforge-1.0.2}/docker-compose.selfhosted.yml +0 -0
  122. {spanforge-1.0.0 → spanforge-1.0.2}/docs/Makefile +0 -0
  123. {spanforge-1.0.0 → spanforge-1.0.2}/docs/_static/.gitkeep +0 -0
  124. {spanforge-1.0.0 → spanforge-1.0.2}/docs/adr/ADR-001-immutable-audit-trail.md +0 -0
  125. {spanforge-1.0.0 → spanforge-1.0.2}/docs/adr/ADR-002-singleton-service-clients.md +0 -0
  126. {spanforge-1.0.0 → spanforge-1.0.2}/docs/adr/ADR-003-schema-versioning-strategy.md +0 -0
  127. {spanforge-1.0.0 → spanforge-1.0.2}/docs/adr/ADR-004-local-first-architecture.md +0 -0
  128. {spanforge-1.0.0 → spanforge-1.0.2}/docs/adr/ADR-005-sandbox-mode.md +0 -0
  129. {spanforge-1.0.0 → spanforge-1.0.2}/docs/adr/ADR-006-rag-tracing.md +0 -0
  130. {spanforge-1.0.0 → spanforge-1.0.2}/docs/adr/ADR-007-user-feedback.md +0 -0
  131. {spanforge-1.0.0 → spanforge-1.0.2}/docs/adr/ADR-008-sso-scim-oidc.md +0 -0
  132. {spanforge-1.0.0 → spanforge-1.0.2}/docs/adr/README.md +0 -0
  133. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/alert.md +0 -0
  134. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/audit.md +0 -0
  135. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/auto.md +0 -0
  136. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/cache.md +0 -0
  137. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/cec.md +0 -0
  138. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/config.md +0 -0
  139. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/consumer.md +0 -0
  140. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/debug.md +0 -0
  141. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/deprecations.md +0 -0
  142. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/drift.md +0 -0
  143. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/enterprise.md +0 -0
  144. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/eval.md +0 -0
  145. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/event.md +0 -0
  146. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/export.md +0 -0
  147. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/feedback.md +0 -0
  148. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/http.md +0 -0
  149. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/identity.md +0 -0
  150. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/index.md +0 -0
  151. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/integrations.md +0 -0
  152. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/io.md +0 -0
  153. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/lineage.md +0 -0
  154. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/lint.md +0 -0
  155. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/metrics.md +0 -0
  156. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/migrate.md +0 -0
  157. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/models.md +0 -0
  158. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/normalizer.md +0 -0
  159. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/observe.md +0 -0
  160. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/operator.md +0 -0
  161. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/plugins.md +0 -0
  162. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/policy.md +0 -0
  163. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/rag.md +0 -0
  164. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/redact.md +0 -0
  165. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/regression.md +0 -0
  166. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/schema.md +0 -0
  167. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/secrets.md +0 -0
  168. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/signing.md +0 -0
  169. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/stats.md +0 -0
  170. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/store.md +0 -0
  171. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/stream.md +0 -0
  172. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/testing.md +0 -0
  173. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/trace.md +0 -0
  174. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/trust.md +0 -0
  175. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/types.md +0 -0
  176. {spanforge-1.0.0 → spanforge-1.0.2}/docs/api/ulid.md +0 -0
  177. {spanforge-1.0.0 → spanforge-1.0.2}/docs/competitor-comparison.md +0 -0
  178. {spanforge-1.0.0 → spanforge-1.0.2}/docs/conf.py +0 -0
  179. {spanforge-1.0.0 → spanforge-1.0.2}/docs/contributing.md +0 -0
  180. {spanforge-1.0.0 → spanforge-1.0.2}/docs/demos/enterprise-evidence-demo.md +0 -0
  181. {spanforge-1.0.0 → spanforge-1.0.2}/docs/demos/runtime-governance-demo.md +0 -0
  182. {spanforge-1.0.0 → spanforge-1.0.2}/docs/deployment/air-gapped.md +0 -0
  183. {spanforge-1.0.0 → spanforge-1.0.2}/docs/deployment/kubernetes.md +0 -0
  184. {spanforge-1.0.0 → spanforge-1.0.2}/docs/enterprise-integrations.md +0 -0
  185. {spanforge-1.0.0 → spanforge-1.0.2}/docs/evidence-export.md +0 -0
  186. {spanforge-1.0.0 → spanforge-1.0.2}/docs/integrations/crewai.md +0 -0
  187. {spanforge-1.0.0 → spanforge-1.0.2}/docs/integrations/halluccheck.md +0 -0
  188. {spanforge-1.0.0 → spanforge-1.0.2}/docs/make.bat +0 -0
  189. {spanforge-1.0.0 → spanforge-1.0.2}/docs/migrations/from-langfuse.md +0 -0
  190. {spanforge-1.0.0 → spanforge-1.0.2}/docs/migrations/from-langsmith.md +0 -0
  191. {spanforge-1.0.0 → spanforge-1.0.2}/docs/migrations/from-openllmetry.md +0 -0
  192. {spanforge-1.0.0 → spanforge-1.0.2}/docs/migrations/v5-to-v6.md +0 -0
  193. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/audit.md +0 -0
  194. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/cache.md +0 -0
  195. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/consent.md +0 -0
  196. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/cost.md +0 -0
  197. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/diff.md +0 -0
  198. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/eval.md +0 -0
  199. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/explanation.md +0 -0
  200. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/feedback.md +0 -0
  201. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/fence.md +0 -0
  202. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/guard.md +0 -0
  203. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/hitl.md +0 -0
  204. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/index.md +0 -0
  205. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/model_registry.md +0 -0
  206. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/prompt.md +0 -0
  207. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/redact_ns.md +0 -0
  208. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/retrieval.md +0 -0
  209. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/template.md +0 -0
  210. {spanforge-1.0.0 → spanforge-1.0.2}/docs/namespaces/trace.md +0 -0
  211. {spanforge-1.0.0 → spanforge-1.0.2}/docs/quickstart.md +0 -0
  212. {spanforge-1.0.0 → spanforge-1.0.2}/docs/reference-architectures.md +0 -0
  213. {spanforge-1.0.0 → spanforge-1.0.2}/docs/replay-simulation.md +0 -0
  214. {spanforge-1.0.0 → spanforge-1.0.2}/docs/rfc/adr-index.md +0 -0
  215. {spanforge-1.0.0 → spanforge-1.0.2}/docs/rfc/rfc-0001.md +0 -0
  216. {spanforge-1.0.0 → spanforge-1.0.2}/docs/runtime-governance-contracts.md +0 -0
  217. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/README.md +0 -0
  218. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/envelope.schema.json +0 -0
  219. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/agent-run.schema.json +0 -0
  220. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/agent-step.schema.json +0 -0
  221. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/audit.schema.json +0 -0
  222. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/cache.schema.json +0 -0
  223. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/consent.schema.json +0 -0
  224. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/cost.schema.json +0 -0
  225. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/diff.schema.json +0 -0
  226. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/eval.schema.json +0 -0
  227. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/explanation.schema.json +0 -0
  228. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/fence.schema.json +0 -0
  229. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/guard.schema.json +0 -0
  230. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/hitl.schema.json +0 -0
  231. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/model-registry.schema.json +0 -0
  232. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/prompt.schema.json +0 -0
  233. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/redact.schema.json +0 -0
  234. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/span.schema.json +0 -0
  235. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/payloads/template.schema.json +0 -0
  236. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema/types/common.schema.json +0 -0
  237. {spanforge-1.0.0 → spanforge-1.0.2}/docs/schema-versioning.md +0 -0
  238. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/alert.md +0 -0
  239. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/audit.md +0 -0
  240. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/cache.md +0 -0
  241. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/custom_exporters.md +0 -0
  242. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/debugging.md +0 -0
  243. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/events.md +0 -0
  244. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/feedback.md +0 -0
  245. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/governance.md +0 -0
  246. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/in_memory_state.md +0 -0
  247. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/index.md +0 -0
  248. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/linting.md +0 -0
  249. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/metrics.md +0 -0
  250. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/migration.md +0 -0
  251. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/rag.md +0 -0
  252. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/redaction.md +0 -0
  253. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/signing.md +0 -0
  254. {spanforge-1.0.0 → spanforge-1.0.2}/docs/user_guide/tracing.md +0 -0
  255. {spanforge-1.0.0 → spanforge-1.0.2}/examples/agent_workflow.py +0 -0
  256. {spanforge-1.0.0 → spanforge-1.0.2}/examples/budget_alert.py +0 -0
  257. {spanforge-1.0.0 → spanforge-1.0.2}/examples/docker/Dockerfile +0 -0
  258. {spanforge-1.0.0 → spanforge-1.0.2}/examples/docker/docker-compose.yml +0 -0
  259. {spanforge-1.0.0 → spanforge-1.0.2}/examples/docker/otel-config.yaml +0 -0
  260. {spanforge-1.0.0 → spanforge-1.0.2}/examples/enterprise_evidence_demo.py +0 -0
  261. {spanforge-1.0.0 → spanforge-1.0.2}/examples/gates/gate5_governance.yaml +0 -0
  262. {spanforge-1.0.0 → spanforge-1.0.2}/examples/gates/sf-gate.yaml +0 -0
  263. {spanforge-1.0.0 → spanforge-1.0.2}/examples/langchain_chain.py +0 -0
  264. {spanforge-1.0.0 → spanforge-1.0.2}/examples/multi_agent_rag.py +0 -0
  265. {spanforge-1.0.0 → spanforge-1.0.2}/examples/multi_tenant.py +0 -0
  266. {spanforge-1.0.0 → spanforge-1.0.2}/examples/openai_chat.py +0 -0
  267. {spanforge-1.0.0 → spanforge-1.0.2}/examples/otlp_grafana.py +0 -0
  268. {spanforge-1.0.0 → spanforge-1.0.2}/examples/production_multi_agent.py +0 -0
  269. {spanforge-1.0.0 → spanforge-1.0.2}/examples/runtime_governance_demo.py +0 -0
  270. {spanforge-1.0.0 → spanforge-1.0.2}/examples/secure_pipeline.py +0 -0
  271. {spanforge-1.0.0 → spanforge-1.0.2}/examples/streaming_response.py +0 -0
  272. {spanforge-1.0.0 → spanforge-1.0.2}/examples/testing_mocks_example.py +0 -0
  273. {spanforge-1.0.0 → spanforge-1.0.2}/helm/spanforge/Chart.yaml +0 -0
  274. {spanforge-1.0.0 → spanforge-1.0.2}/helm/spanforge/templates/_helpers.tpl +0 -0
  275. {spanforge-1.0.0 → spanforge-1.0.2}/helm/spanforge/templates/deployment.yaml +0 -0
  276. {spanforge-1.0.0 → spanforge-1.0.2}/helm/spanforge/templates/hpa.yaml +0 -0
  277. {spanforge-1.0.0 → spanforge-1.0.2}/helm/spanforge/templates/networkpolicy.yaml +0 -0
  278. {spanforge-1.0.0 → spanforge-1.0.2}/helm/spanforge/templates/pdb.yaml +0 -0
  279. {spanforge-1.0.0 → spanforge-1.0.2}/helm/spanforge/templates/secret.yaml +0 -0
  280. {spanforge-1.0.0 → spanforge-1.0.2}/helm/spanforge/templates/service.yaml +0 -0
  281. {spanforge-1.0.0 → spanforge-1.0.2}/helm/spanforge/values.yaml +0 -0
  282. {spanforge-1.0.0 → spanforge-1.0.2}/k6/README.md +0 -0
  283. {spanforge-1.0.0 → spanforge-1.0.2}/k6/pii_scan_50rps.js +0 -0
  284. {spanforge-1.0.0 → spanforge-1.0.2}/k6/score_100rps.js +0 -0
  285. {spanforge-1.0.0 → spanforge-1.0.2}/k6/secrets_scan_100rps.js +0 -0
  286. {spanforge-1.0.0 → spanforge-1.0.2}/sonar-project.properties +0 -0
  287. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_ansi.py +0 -0
  288. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_batch_exporter.py +0 -0
  289. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_cli_cost.py +0 -0
  290. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_cli_phase11.py +0 -0
  291. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_hooks.py +0 -0
  292. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_server.py +0 -0
  293. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_span.py +0 -0
  294. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_store.py +0 -0
  295. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_stream.py +0 -0
  296. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_trace.py +0 -0
  297. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/_tracer.py +0 -0
  298. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/actor.py +0 -0
  299. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/alerts.py +0 -0
  300. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/auto.py +0 -0
  301. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/baseline.py +0 -0
  302. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/cache.py +0 -0
  303. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/config.py +0 -0
  304. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/consent.py +0 -0
  305. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/consumer.py +0 -0
  306. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/core/__init__.py +0 -0
  307. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/cost.py +0 -0
  308. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/debug.py +0 -0
  309. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/deprecations.py +0 -0
  310. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/drift.py +0 -0
  311. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/egress.py +0 -0
  312. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/eval.py +0 -0
  313. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/event.py +0 -0
  314. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/exceptions.py +0 -0
  315. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/explain.py +0 -0
  316. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/__init__.py +0 -0
  317. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/append_only.py +0 -0
  318. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/cloud.py +0 -0
  319. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/datadog.py +0 -0
  320. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/grafana.py +0 -0
  321. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/jsonl.py +0 -0
  322. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/openinference.py +0 -0
  323. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/otel_bridge.py +0 -0
  324. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/otlp.py +0 -0
  325. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/otlp_bridge.py +0 -0
  326. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/redis_backend.py +0 -0
  327. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/siem_schema.py +0 -0
  328. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/siem_splunk.py +0 -0
  329. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/siem_syslog.py +0 -0
  330. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/export/webhook.py +0 -0
  331. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/exporters/__init__.py +0 -0
  332. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/exporters/console.py +0 -0
  333. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/exporters/jsonl.py +0 -0
  334. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/exporters/sqlite.py +0 -0
  335. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/gate.py +0 -0
  336. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/hitl.py +0 -0
  337. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/http.py +0 -0
  338. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/inspect.py +0 -0
  339. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/__init__.py +0 -0
  340. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/_pricing.py +0 -0
  341. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/anthropic.py +0 -0
  342. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/azure_openai.py +0 -0
  343. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/bedrock.py +0 -0
  344. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/crewai.py +0 -0
  345. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/gemini.py +0 -0
  346. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/groq.py +0 -0
  347. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/langchain.py +0 -0
  348. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/llamaindex.py +0 -0
  349. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/ollama.py +0 -0
  350. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/openai.py +0 -0
  351. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/integrations/together.py +0 -0
  352. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/io.py +0 -0
  353. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/lint.py +0 -0
  354. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/metrics.py +0 -0
  355. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/metrics_export.py +0 -0
  356. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/model_registry.py +0 -0
  357. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/models.py +0 -0
  358. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/__init__.py +0 -0
  359. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/audit.py +0 -0
  360. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/cache.py +0 -0
  361. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/chain.py +0 -0
  362. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/confidence.py +0 -0
  363. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/consent.py +0 -0
  364. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/cost.py +0 -0
  365. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/decision.py +0 -0
  366. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/diff.py +0 -0
  367. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/drift.py +0 -0
  368. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/eval_.py +0 -0
  369. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/feedback.py +0 -0
  370. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/fence.py +0 -0
  371. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/guard.py +0 -0
  372. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/hitl.py +0 -0
  373. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/latency.py +0 -0
  374. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/prompt.py +0 -0
  375. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/redact.py +0 -0
  376. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/retrieval.py +0 -0
  377. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/runtime_governance.py +0 -0
  378. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/template.py +0 -0
  379. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/tool_call.py +0 -0
  380. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/namespaces/trace.py +0 -0
  381. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/normalizer.py +0 -0
  382. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/plugins.py +0 -0
  383. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/presidio_backend.py +0 -0
  384. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/processor.py +0 -0
  385. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/prompt_registry.py +0 -0
  386. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/py.typed +0 -0
  387. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/redact.py +0 -0
  388. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/regression.py +0 -0
  389. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/runtime_policy.py +0 -0
  390. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sampling.py +0 -0
  391. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/schema.py +0 -0
  392. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/schemas/v1.0/schema.json +0 -0
  393. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/schemas/v2.0/schema.json +0 -0
  394. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/_base.py +0 -0
  395. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/_base.pyi +0 -0
  396. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/_types.py +0 -0
  397. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/alert.py +0 -0
  398. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/alert.pyi +0 -0
  399. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/audit.py +0 -0
  400. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/audit.pyi +0 -0
  401. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/cec.py +0 -0
  402. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/cec.pyi +0 -0
  403. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/config.py +0 -0
  404. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/config.pyi +0 -0
  405. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/enterprise.py +0 -0
  406. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/enterprise.pyi +0 -0
  407. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/feedback.py +0 -0
  408. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/gate.py +0 -0
  409. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/gate.pyi +0 -0
  410. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/identity.py +0 -0
  411. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/identity.pyi +0 -0
  412. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/lineage.py +0 -0
  413. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/observe.py +0 -0
  414. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/observe.pyi +0 -0
  415. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/operator.py +0 -0
  416. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/pii.py +0 -0
  417. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/pii.pyi +0 -0
  418. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/pipelines.py +0 -0
  419. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/pipelines.pyi +0 -0
  420. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/policy.py +0 -0
  421. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/rag.py +0 -0
  422. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/registry.py +0 -0
  423. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/registry.pyi +0 -0
  424. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/secrets.py +0 -0
  425. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/secrets.pyi +0 -0
  426. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/security.py +0 -0
  427. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/security.pyi +0 -0
  428. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/trust.py +0 -0
  429. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/sdk/trust.pyi +0 -0
  430. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/secrets.py +0 -0
  431. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/signing.py +0 -0
  432. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/stats.py +0 -0
  433. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/stream.py +0 -0
  434. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/testing.py +0 -0
  435. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/testing_mocks.py +0 -0
  436. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/trace.py +0 -0
  437. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/types.py +0 -0
  438. {spanforge-1.0.0 → spanforge-1.0.2}/src/spanforge/ulid.py +0 -0
  439. {spanforge-1.0.0 → spanforge-1.0.2}/test_agent.jsonl +0 -0
  440. {spanforge-1.0.0 → spanforge-1.0.2}/test_events.jsonl +0 -0
  441. {spanforge-1.0.0 → spanforge-1.0.2}/tests/__init__.py +0 -0
  442. {spanforge-1.0.0 → spanforge-1.0.2}/tests/chaos/README.md +0 -0
  443. {spanforge-1.0.0 → spanforge-1.0.2}/tests/chaos/test_service_unavailability.py +0 -0
  444. {spanforge-1.0.0 → spanforge-1.0.2}/tests/conformance/__init__.py +0 -0
  445. {spanforge-1.0.0 → spanforge-1.0.2}/tests/conformance/fixtures/chain.json +0 -0
  446. {spanforge-1.0.0 → spanforge-1.0.2}/tests/conformance/fixtures/key_security.json +0 -0
  447. {spanforge-1.0.0 → spanforge-1.0.2}/tests/conformance/fixtures/migration.json +0 -0
  448. {spanforge-1.0.0 → spanforge-1.0.2}/tests/conformance/fixtures/pii.json +0 -0
  449. {spanforge-1.0.0 → spanforge-1.0.2}/tests/conformance/fixtures/signing.json +0 -0
  450. {spanforge-1.0.0 → spanforge-1.0.2}/tests/conformance/fixtures.json +0 -0
  451. {spanforge-1.0.0 → spanforge-1.0.2}/tests/conformance/run_conformance.py +0 -0
  452. {spanforge-1.0.0 → spanforge-1.0.2}/tests/conformance/test_conformance.py +0 -0
  453. {spanforge-1.0.0 → spanforge-1.0.2}/tests/conftest.py +0 -0
  454. {spanforge-1.0.0 → spanforge-1.0.2}/tests/integration/__init__.py +0 -0
  455. {spanforge-1.0.0 → spanforge-1.0.2}/tests/integration/test_dx_integration.py +0 -0
  456. {spanforge-1.0.0 → spanforge-1.0.2}/tests/load/README.md +0 -0
  457. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_actor.py +0 -0
  458. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_alerts.py +0 -0
  459. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_ansi.py +0 -0
  460. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_auto.py +0 -0
  461. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_baseline.py +0 -0
  462. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_batch_exporter.py +0 -0
  463. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_benchmarks.py +0 -0
  464. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_budget_alert.py +0 -0
  465. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_cache.py +0 -0
  466. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_cli.py +0 -0
  467. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_cli_audit_module.py +0 -0
  468. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_cli_compliance_module.py +0 -0
  469. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_cli_cost_module.py +0 -0
  470. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_cli_ops_module.py +0 -0
  471. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_cli_phase11_module.py +0 -0
  472. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_compliance.py +0 -0
  473. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_config_interpolate.py +0 -0
  474. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_consent.py +0 -0
  475. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_consumer.py +0 -0
  476. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_cost_event_emission.py +0 -0
  477. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_cost_tracker.py +0 -0
  478. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_costguard_gaps.py +0 -0
  479. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_coverage_gaps.py +0 -0
  480. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_deprecations.py +0 -0
  481. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_drift.py +0 -0
  482. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_egress_and_normalizer.py +0 -0
  483. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_eval_behaviour_scorer.py +0 -0
  484. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_event.py +0 -0
  485. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_exceptions.py +0 -0
  486. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_explain.py +0 -0
  487. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_export_cloud.py +0 -0
  488. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_export_datadog.py +0 -0
  489. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_export_grafana.py +0 -0
  490. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_export_jsonl.py +0 -0
  491. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_export_otel_bridge.py +0 -0
  492. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_export_otlp.py +0 -0
  493. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_export_redis_backend.py +0 -0
  494. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_export_siem_splunk.py +0 -0
  495. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_export_siem_syslog.py +0 -0
  496. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_export_webhook.py +0 -0
  497. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_feedback.py +0 -0
  498. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_gate_deep.py +0 -0
  499. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_governance.py +0 -0
  500. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_hitl.py +0 -0
  501. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_http.py +0 -0
  502. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_inspect.py +0 -0
  503. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_integration.py +0 -0
  504. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_integrations.py +0 -0
  505. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_io.py +0 -0
  506. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_lint.py +0 -0
  507. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_migrate.py +0 -0
  508. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_model_registry.py +0 -0
  509. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_models.py +0 -0
  510. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_namespaces.py +0 -0
  511. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_otlp_bridge.py +0 -0
  512. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase10_features.py +0 -0
  513. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase10_trust.py +0 -0
  514. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase11_enterprise.py +0 -0
  515. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase11_security.py +0 -0
  516. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase12_dx.py +0 -0
  517. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase1_context_trace.py +0 -0
  518. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase2_observability.py +0 -0
  519. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase3_debug_sampling.py +0 -0
  520. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase4_agent_instrumentation.py +0 -0
  521. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase4_metrics_store.py +0 -0
  522. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase5_console_exporter.py +0 -0
  523. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase5_coverage.py +0 -0
  524. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase5_enterprise_integrations.py +0 -0
  525. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase5_hooks_crewai.py +0 -0
  526. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase6_enterprise_deployment_packaging.py +0 -0
  527. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase6_openai_integration.py +0 -0
  528. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_phase8_release_hardening.py +0 -0
  529. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_plugins.py +0 -0
  530. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_processor_coverage.py +0 -0
  531. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_prompt_registry.py +0 -0
  532. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_properties.py +0 -0
  533. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_public_root_lazy_imports.py +0 -0
  534. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_rag.py +0 -0
  535. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_redact.py +0 -0
  536. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_regression.py +0 -0
  537. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_repo_guardrails.py +0 -0
  538. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_rfc_namespaces.py +0 -0
  539. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_runtime_governance_phase0.py +0 -0
  540. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sampling_coverage.py +0 -0
  541. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_schema.py +0 -0
  542. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_config.py +0 -0
  543. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_coverage_boost.py +0 -0
  544. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_exporters.py +0 -0
  545. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_final_coverage.py +0 -0
  546. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_gap_filler.py +0 -0
  547. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_openai_integration.py +0 -0
  548. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_phase7_integrations.py +0 -0
  549. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_pipelines_deep.py +0 -0
  550. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_precision_coverage.py +0 -0
  551. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_span.py +0 -0
  552. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_stream.py +0 -0
  553. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_tracer.py +0 -0
  554. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sdk_validation_coverage.py +0 -0
  555. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_server.py +0 -0
  556. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf11.py +0 -0
  557. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf12.py +0 -0
  558. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf13.py +0 -0
  559. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf14.py +0 -0
  560. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf15.py +0 -0
  561. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf16.py +0 -0
  562. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf9_config.py +0 -0
  563. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_alert.py +0 -0
  564. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_audit.py +0 -0
  565. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_cec.py +0 -0
  566. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_gate.py +0 -0
  567. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_identity.py +0 -0
  568. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_lineage.py +0 -0
  569. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_observe.py +0 -0
  570. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_operator.py +0 -0
  571. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_pii.py +0 -0
  572. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_policy.py +0 -0
  573. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_policy_integration.py +0 -0
  574. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_policy_phase3.py +0 -0
  575. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_rag.py +0 -0
  576. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_sf_secrets.py +0 -0
  577. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_signing.py +0 -0
  578. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_stats.py +0 -0
  579. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_stream.py +0 -0
  580. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_trace_decorator.py +0 -0
  581. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_trace_pytest_fixtures.py +0 -0
  582. {spanforge-1.0.0 → spanforge-1.0.2}/tests/test_ulid.py +0 -0
{spanforge-1.0.0 → spanforge-1.0.2}/.gitignore RENAMED
@@ -40,6 +40,7 @@ pip-delete-this-directory.txt
40
40
  ROADMAP_CHECKLIST.md
41
41
  FOUNDER_PREP_GUIDE.md
42
42
  FOUNDER_PREP_GUIDE.pdf
43
+ PHASE_1_COMPLETE_SPRINT_PLAN.md
43
44
 
44
45
  # Unit test / coverage reports
45
46
  htmlcov/
@@ -196,4 +197,6 @@ cython_debug/
196
197
  /spanforge-ts-migration.md
197
198
  /SpanForge_Build_Plan_v1.0.md
198
199
  /HallucCheck_Product_Spec_v6.0.updated.md
199
- PRICING.pdf
200
+ PRICING.pdf
201
+ /CARD_1A1_GitHub_Marketplace_App.md
202
+ /NEXT_SDK_FEATURES.md
spanforge-1.0.2/.sf-gate/artifacts/g1_result.json ADDED
@@ -0,0 +1,11 @@
1
+ {
2
+ "gate_id": "g1",
3
+ "verdict": "PASS",
4
+ "metrics": {
5
+ "score": 0.8
6
+ },
7
+ "timestamp": "2026-05-10T04:00:30.112436+00:00",
8
+ "duration_ms": 0,
9
+ "project_id": "",
10
+ "pipeline_id": "c864b0c2-a124-4b5b-bd30-ceeeecea2ec6"
11
+ }
spanforge-1.0.2/.sf-gate/artifacts/gate5_governance_result.json ADDED
@@ -0,0 +1,11 @@
1
+ {
2
+ "gate_id": "gate5_governance",
3
+ "prri_score": 75,
4
+ "verdict": "RED",
5
+ "dimension_breakdown": {},
6
+ "framework": "",
7
+ "policy_file": "",
8
+ "timestamp": "2026-05-10T04:00:30.120052+00:00",
9
+ "allow": false,
10
+ "project_id": "proj-1"
11
+ }
{spanforge-1.0.0 → spanforge-1.0.2}/.sf-gate/artifacts/gate6_trust_result.json RENAMED
@@ -8,7 +8,7 @@
8
8
  "secrets_detected": false,
9
9
  "secrets_detections_24h": 0,
10
10
  "failures": [],
11
- "timestamp": "2026-04-25T09:20:21.395550+00:00",
12
- "pipeline_id": "d9785537-9590-4b31-b967-40362a0b7fc9",
13
- "project_id": "integration-test"
11
+ "timestamp": "2026-05-10T04:04:09.036213+00:00",
12
+ "pipeline_id": "d306e1c3-c437-4317-9c71-6532e5cac4a4",
13
+ "project_id": ""
14
14
  }
{spanforge-1.0.0 → spanforge-1.0.2}/.sf-gate/artifacts/test-gate_result.json RENAMED
@@ -4,8 +4,8 @@
4
4
  "metrics": {
5
5
  "score": 0.95
6
6
  },
7
- "timestamp": "2026-04-25T09:20:21.389605+00:00",
7
+ "timestamp": "2026-05-10T04:03:48.163107+00:00",
8
8
  "duration_ms": 0,
9
9
  "project_id": "",
10
- "pipeline_id": "ec56fdcc-2e2b-48b0-a7b2-d5a0b06eb70e"
10
+ "pipeline_id": "91e805b8-09a4-498e-bdde-f3b64e272e54"
11
11
  }
{spanforge-1.0.0 → spanforge-1.0.2}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: spanforge
3
- Version: 1.0.0
3
+ Version: 1.0.2
4
4
  Summary: SpanForge — AI lifecycle and governance platform (RFC-0001 SPANFORGE)
5
5
  Project-URL: Homepage, https://github.com/veerarag1973/spanforge
6
6
  Project-URL: Documentation, https://github.com/veerarag1973/spanforge/blob/main/docs/index.md
@@ -117,9 +117,9 @@ Description-Content-Type: text/markdown
117
117
  <img src="https://img.shields.io/badge/python-3.9%2B-4c8cbf?logo=python&logoColor=white" alt="Python 3.9+"/>
118
118
  <a href="https://pypi.org/project/spanforge/"><img src="https://img.shields.io/pypi/v/spanforge?color=4c8cbf&logo=pypi&logoColor=white" alt="PyPI"/></a>
119
119
  <a href="https://www.getspanforge.com/standard"><img src="https://img.shields.io/badge/standard-SpanForge_RFC--0001-4c8cbf" alt="spanforge RFC-0001"/></a>
120
- <img src="https://img.shields.io/badge/coverage-90.96%25-brightgreen" alt="90.96% test coverage"/>
121
- <img src="https://img.shields.io/badge/tests-6138%20passing-brightgreen" alt="6138 tests"/>
122
- <img src="https://img.shields.io/badge/version-1.0.0-4c8cbf" alt="Version 1.0.0"/>
120
+ <img src="https://img.shields.io/badge/coverage-91%25-brightgreen" alt="91% test coverage"/>
121
+ <img src="https://img.shields.io/badge/tests-7049%20passing-brightgreen" alt="7049 tests"/>
122
+ <img src="https://img.shields.io/badge/version-1.0.2-4c8cbf" alt="Version 1.0.2"/>
123
123
  <img src="https://img.shields.io/badge/dependencies-zero-brightgreen" alt="Zero dependencies"/>
124
124
  <a href="docs/index.md"><img src="https://img.shields.io/badge/docs-local-4c8cbf" alt="Documentation"/></a>
125
125
  <a href="LICENSE"><img src="https://img.shields.io/badge/license-PolyForm%20NC%201.0-blue" alt="PolyForm Noncommercial 1.0"/></a>
@@ -170,7 +170,8 @@ spanforge.configure() # that's it — you're now compliant-by-default
170
170
  - Generate HMAC-signed **evidence packages** with gap analysis
171
171
  - Track **consent boundaries**, **HITL oversight**, **model registry** governance, and **explainability** coverage
172
172
  - Produce audit-ready attestations with model owner, risk tier, and status metadata
173
- - **Compliance Evidence Chain (sf-cec)** — signed ZIP bundles with regulatory clause maps, DPA generation, and RFC 3161 timestamps for auditor hand-off
173
+ - **Compliance Evidence Chain (sf-cec)** — signed ZIP bundles with regulatory clause maps, DPA generation, and RFC 3161 timestamps for auditor hand-off; `spanforge audit cec generate` CLI generates CEC bundles without Python code
174
+ - **Human-in-the-Loop Workflow Engine (`spanforge.workflow`)** — approval workflows for gate reviews, policy sign-offs, and escalations; full state machine (PENDING → APPROVED / REJECTED → CLOSED) with SLA auto-escalation and role-based action matrix
174
175
  - **Observability SDK (sf-observe)** — span export (OTLP/Datadog/Grafana/Splunk/Elastic), W3C TraceContext, OTel GenAI attrs, sampling strategies, annotation store, and health probes
175
176
  - **CI/CD Gate Pipeline (sf-gate)** — evaluate release quality gates (schema, secrets, performance, PRRI, trust), YAML pipeline engine, artifact store, and blocking trust gate to prevent unsafe releases
176
177
  - **T.R.U.S.T. Scorecard (sf-trust)** — five-pillar trust dimensions (Transparency · Reliability · UserTrust · Security · Traceability), configurable weights, SVG badge, history time-series, and 5 HallucCheck pipeline integrations (score, bias, monitor, risk, benchmark)
@@ -180,8 +181,12 @@ spanforge.configure() # that's it — you're now compliant-by-default
180
181
  </td>
181
182
  <td width="50%">
182
183
 
183
- ### Privacy & Audit Infrastructure- **Secrets scanning** — 20-pattern registry detects API keys, tokens, private keys; SARIF output; pre-commit hook- **PII redaction** — detect and strip sensitive data before it leaves your app. Includes a Presidio NLP backend (`spanforge[presidio]`) covering 15 entity types (SSN, email, phone, AADHAAR, PAN, UK NI, credit card, IBAN, and more) with ≥ 95% true-positive rate and < 0.5% false-positive rate verified at GA
184
- - **HMAC audit chains** — tamper-evident, blockchain-style event signing- **Audit SDK (`sf-audit`)** — `sf_audit.append()`, schema key registry, T.R.U.S.T. scorecard, GDPR Article 30 RoPA, BYOS cloud routing- **GDPR subject erasure** — right-to-erasure with tombstone events that preserve chain integrity
184
+ ### Privacy & Audit Infrastructure
185
+ - **Secrets scanning** — 20-pattern registry detects API keys, tokens, private keys; SARIF output; pre-commit hook
186
+ - **PII redaction** — detect and strip sensitive data before it leaves your app. Includes a Presidio NLP backend (`spanforge[presidio]`) covering 15 entity types (SSN, email, phone, AADHAAR, PAN, UK NI, credit card, IBAN, and more) with ≥ 95% true-positive rate and < 0.5% false-positive rate verified at GA
187
+ - **HMAC audit chains** — tamper-evident, blockchain-style event signing
188
+ - **Audit SDK (`sf-audit`)** — `sf_audit.append()`, schema key registry, T.R.U.S.T. scorecard, GDPR Article 30 RoPA, BYOS cloud routing
189
+ - **GDPR subject erasure** — right-to-erasure with tombstone events that preserve chain integrity
185
190
  - **Air-gapped deployment** — runs fully offline with zero egress
186
191
 
187
192
  </td>
@@ -193,7 +198,7 @@ spanforge.configure() # that's it — you're now compliant-by-default
193
198
  - **Consent boundary monitoring** — `consent.granted`, `consent.revoked`, `consent.violation` events
194
199
  - **Human-in-the-loop hooks** — `hitl.queued`, `hitl.reviewed`, `hitl.escalated`, `hitl.timeout` events
195
200
  - **Model registry** — register, deprecate, retire models; attestations auto-warn on ungoverned models
196
- - **Explainability tracking** — measure what % of AI decisions have explanations attached
201
+ - **Explainability tracking** — `sf_explain.explain(response, context)` returns a signed `ExplainRecord` with EU AI Act Article 13/14 clause mapping, `decision_drivers`, and HMAC-signed audit entry on every call. `@spanforge.governed` wraps any callable to auto-explain every model response with zero extra code.
197
202
 
198
203
  </td>
199
204
  <td>
@@ -209,7 +214,10 @@ spanforge.configure() # that's it — you're now compliant-by-default
209
214
  - **Auto-instrumentation** — patch OpenAI, Anthropic, LangChain, CrewAI, and more; `@trace_rag` decorator and automatic LlamaIndex/LangChain retriever instrumentation for zero-change RAG tracing
210
215
  - **Async SDK** — every major SDK method now has a non-blocking `*_async()` variant (`scan_async`, `evaluate_async`, `build_bundle_async`, `get_scorecard_async`, `sso_delegate_session_async`) for seamless use in async frameworks
211
216
  - **User feedback REST endpoint** — `POST /v1/feedback` accepts star/thumbs/Likert ratings and free-text comments (SHA-256 hashed); links to T.R.U.S.T. dimensions
212
- - **33 CLI commands** — compliance checks, PII scans, secrets scanning, audit-chain verification, CI/CD gate pipelines, trust scorecards, config validation, enterprise health, security scanning, doctor diagnostics, all CI-ready
217
+ - **`spanforge config init / validate`** interactive config wizard, schema validation, and connectivity probe for `~/.spanforge/config.yaml`
218
+ - **`spanforge export siem`** — stream CEF or LEEF lines from a JSONL events file to any SIEM via `--format cef|leef`; reads stdin or `--input FILE`
219
+ - **`SpanForgeLangGraphCallback`** — LangChain-compatible callback (`on_chain_start/end`, `on_tool_start/end`, `on_agent_action`) that emits typed SpanForge events; no LangGraph runtime required
220
+ - **39 CLI commands** — compliance checks, PII scans, secrets scanning, audit-chain verification, event generation, audit log extraction, CEC bundle generation, gap detection, gate policy audit, CI/CD gate pipelines, trust scorecards, config validation, enterprise health, security scanning, doctor diagnostics, all CI-ready
213
221
 
214
222
  </td>
215
223
  </tr>
@@ -279,9 +287,9 @@ pip install "spanforge[all]" # everything above
279
287
 
280
288
  The GA implementation spine is the runtime-governance control plane:
281
289
 
282
- - `sf_explain` for signed runtime explanations
283
- - `sf_scope` for agent capability enforcement
284
- - `sf_rbac` for role enforcement on sensitive actions
290
+ - `sf_explain` for signed runtime explanations — now with `ExplainModelType` classification (LLM, RAG, MULTI_AGENT, CLASSIFIER, EMBEDDING), configurable retry, and fail-safe emit
291
+ - `sf_scope` for agent capability enforcement — now with circuit-breaker fail-secure mode and `ACTION_CATEGORIES` dictionary
292
+ - `sf_rbac` for role enforcement on sensitive actions — now with `STANDARD_ROLE_MATRIX` (10 canonical actor types), YAML manifest loading, and JWT claim extraction
285
293
  - `sf_rag` for grounding evidence and thresholds
286
294
  - `sf_lineage` for provenance capture
287
295
  - `sf_policy` for policy activation, replay, simulation, and review
@@ -521,7 +529,7 @@ verdict = sf_gate.evaluate("schema-validation", event.to_dict())
521
529
  print(verdict.verdict) # GateVerdict.PASS
522
530
 
523
531
  # Standalone PRRI evaluation
524
- prri = sf_gate.evaluate_prri(prri_score=28.5)
532
+ prri = sf_gate.evaluate_prri("my-agent", prri_score=28)
525
533
  print(prri.verdict) # PRRIVerdict.GREEN
526
534
 
527
535
  # Composite trust gate — checks HRI rate, PII, and secrets windows
@@ -685,8 +693,8 @@ from spanforge.sdk.pipelines import (
685
693
  result = score_pipeline("The model output to check", model="gpt-4o")
686
694
  print(result.audit_id, result.details)
687
695
 
688
- # Risk pipeline: PRRI evaluation → alert if RED → gate block → CEC bundle
689
- result = risk_pipeline(prri_score=75.0, project_id="my-agent")
696
+ # Risk pipeline: audit PRRI record → alert if RED → optional gate → optional CEC bundle
697
+ result = risk_pipeline({"verdict": "RED", "prri_score": 75.0}, project_id="my-agent")
690
698
  print(result.details["verdict"]) # "RED"
691
699
  ```
692
700
 
@@ -723,7 +731,7 @@ with mock_all_services():
723
731
  sf_audit.append({"score": 0.92}, schema_key="halluccheck.score.v1")
724
732
  assert len(sf_audit.calls) == 1 # inspect recorded calls
725
733
 
726
- prri = sf_gate.evaluate_prri(prri_score=28.5)
734
+ prri = sf_gate.evaluate_prri("my-agent", prri_score=28)
727
735
  assert prri.allow # GREEN by default
728
736
  ```
729
737
 
@@ -921,6 +929,15 @@ await stream.drain(GrafanaLokiExporter(url="http://loki:3100")) # Grafana Lo
921
929
  await stream.drain(CloudExporter(api_key="sf_live_xxx")) # spanforge Cloud
922
930
  await stream.drain(SplunkHECExporter()) # Splunk HEC (env-var config)
923
931
  await stream.drain(SyslogExporter()) # Syslog/CEF (env-var config)
932
+
933
+ # Lightweight CEF/LEEF string formatter (no network, no dependencies)
934
+ from spanforge.export.siem import SIEMExporter
935
+ exporter = SIEMExporter(format="cef")
936
+ for event in events:
937
+ print(exporter.export(event)) # one CEF line per event
938
+
939
+ # Or via CLI
940
+ # spanforge export siem --format leef --input audit.jsonl | logger -n siem.corp.example -P 514
924
941
  ```
925
942
 
926
943
  Fan-out routing for compliance alerting:
@@ -939,7 +956,7 @@ await stream.route(
939
956
 
940
957
  ## CLI
941
958
 
942
- 32 commands — all CI-pipeline ready:
959
+ 38 commands — all CI-pipeline ready:
943
960
 
944
961
  ```bash
945
962
  # Compliance
@@ -955,25 +972,50 @@ spanforge audit-chain events.jsonl # verify chain integrity
955
972
  spanforge audit erase events.jsonl --subject-id user123 # GDPR erasure
956
973
  spanforge audit rotate-key events.jsonl # key rotation
957
974
  spanforge audit verify --input events.jsonl # verify integrity
975
+ spanforge audit extract events.jsonl --type llm.trace.span.completed --since 2026-01-01 # filter & extract
976
+ spanforge audit cec generate --project-id my-agent --sign # CEC compliance bundle ZIP
977
+ spanforge audit gap-finder events.jsonl --threshold-minutes 30 # detect time gaps + missing fields
958
978
 
959
979
  # Privacy & Secrets
960
980
  spanforge scan events.jsonl --fail-on-match # CI-gate PII scan
961
981
  spanforge secrets scan <file> # scan file for secrets (exit 0=clean, 1=found)
962
982
  spanforge secrets scan <file> --format sarif # SARIF output for GitHub Code Scanning
963
983
  spanforge secrets scan <file> --redact # print redacted version to stdout
984
+ spanforge secrets set KEY VALUE # store a secret in local secrets store
985
+ spanforge secrets get KEY # retrieve a stored secret
986
+ spanforge secrets list # list stored secret key names
987
+ spanforge secrets delete KEY # remove a stored secret
988
+
989
+ # Event generation
990
+ spanforge event create --type llm.trace.span.completed --count 10 --format jsonl # generate test events
964
991
 
965
992
  # Validation
966
- spanforge check # end-to-end health check
993
+ spanforge check # 9-step end-to-end health check (--verbose for timing)
967
994
  spanforge check-compat events.json # v2.0 compatibility
968
995
  spanforge validate events.jsonl # JSON Schema validation
996
+ spanforge validate events.jsonl --report detailed --format json # detailed report
997
+ spanforge validate --dataset training.jsonl # Article 10 compliance scan; exits 1 if any clause fails
998
+ spanforge validate --dataset training.jsonl --output json # machine-readable JSON report
999
+ spanforge validate --dataset training.jsonl --output pdf # PDF report (requires pip install spanforge[compliance])
969
1000
 
970
1001
  # Configuration
971
- spanforge config validate # validate .halluccheck.toml (auto-discover)
972
- spanforge config validate --file path/to.toml # validate specific config file
1002
+ spanforge config init # interactive wizard → ~/.spanforge/config.yaml
1003
+ spanforge config init --non-interactive # write defaults immediately
1004
+ spanforge config init --force # overwrite existing config
1005
+ spanforge config validate # validate ~/.spanforge/config.yaml
1006
+ spanforge config validate --config path/to.yaml --check-connectivity # validate + probe OTLP
1007
+ spanforge config validate --file path/to.toml # validate .halluccheck.toml (legacy)
1008
+
1009
+ # Development
1010
+ spanforge dev reset # wipe local dev state (trace store, audit chain)
1011
+ spanforge dev reset --hard # also delete ~/.spanforge/config.yaml
1012
+ spanforge dev reset --dry-run # list files that would be removed
973
1013
 
974
1014
  # Analysis
975
1015
  spanforge stats events.jsonl # counts, tokens, cost
1016
+ spanforge stats events.jsonl --group-by model --format json # grouped stats, JSON output
976
1017
  spanforge inspect <EVENT_ID> events.jsonl # pretty-print one event
1018
+ spanforge inspect <EVENT_ID> events.jsonl --format csv # CSV export
977
1019
  spanforge cost events.jsonl # token spend report
978
1020
  spanforge cost run --run-id <id> --input events.jsonl # per-run cost report
979
1021
 
@@ -993,6 +1035,7 @@ spanforge gate run gates/ci-pipeline.yaml # run YAML gate pipeline
993
1035
  spanforge gate run gates/ci-pipeline.yaml --format json # JSON output for CI dashboards
994
1036
  spanforge gate evaluate schema-validation --payload event.json # evaluate single gate
995
1037
  spanforge gate trust-gate --project-id my-agent # composite trust gate check
1038
+ spanforge gate audit events.jsonl --fail-on-violation # policy audit of gate records (CI gate)
996
1039
 
997
1040
  # T.R.U.S.T. Scorecard
998
1041
  spanforge trust scorecard --project-id my-agent # five-pillar trust scorecard (text table)
@@ -1067,7 +1110,8 @@ spanforge/
1067
1110
  +-- _store.py — TraceStore ring buffer
1068
1111
  +-- _hooks.py — HookRegistry (lifecycle hooks)
1069
1112
  +-- _server.py — HTTP server (/traces, /compliance/summary)
1070
- +-- _cli.py ← 25 CLI sub-commands
1113
+ +-- _cli.py ← 39 CLI sub-commands
1114
+ +-- workflow.py — Human-in-the-Loop Workflow Engine (CORE-15); WorkflowEngine, WorkflowType, state machine, SLA escalation
1071
1115
  +-- cost.py — CostTracker, BudgetMonitor, @budget_alert
1072
1116
  +-- cache.py — SemanticCache, @cached decorator
1073
1117
  +-- retry.py — @retry, FallbackChain, CircuitBreaker
@@ -1086,6 +1130,9 @@ spanforge/
1086
1130
  +-- namespaces/ — Typed payload dataclasses
1087
1131
  +-- gate.py — GateRunner YAML pipeline engine, 6 gate executors, artifact store (Phase 8)
1088
1132
  +-- sdk/ — Service SDK clients (sf-identity, sf-pii, sf-secrets, sf-audit, sf-cec, sf-observe, sf-alert, sf-gate, sf-trust, sf-enterprise, sf-security)
1133
+ │ +-- explain.py — SFExplainClient – ExplainModelType enum (LLM/RAG/MULTI_AGENT/CLASSIFIER/EMBEDDING), signed explanations, retry+timeout emit (Phase 1B)
1134
+ │ +-- scope.py — SFScopeClient – ACTION_CATEGORIES (5 categories), circuit-breaker fail-secure, resolve_action_category() (Phase 1B)
1135
+ │ +-- rbac.py — SFRBACClient – STANDARD_ROLE_MATRIX (10 actor types), register_actor_from_yaml(), register_actor_from_jwt() (Phase 1C)
1089
1136
  │ +-- identity.py — SFIdentityClient – keys, JWT, TOTP, MFA, magic-link
1090
1137
  │ +-- pii.py — SFPIIClient – scan, redact, anonymize
1091
1138
  │ +-- secrets.py — SFSecretsClient – 20-pattern secret scanning, SARIF output
@@ -1192,6 +1239,11 @@ spanforge/
1192
1239
  <td><code>SyslogExporter</code> — RFC 5424 and ArcSight CEF exporter over UDP or TCP; severity derived from event type; CEF extension values properly escaped; <code>SyslogExporterError</code> on socket failure</td>
1193
1240
  <td>Security / compliance teams</td>
1194
1241
  </tr>
1242
+ <tr>
1243
+ <td><code>spanforge.export.siem</code></td>
1244
+ <td><code>SIEMExporter</code> — lightweight, network-free CEF v0 and IBM LEEF 2.0 string formatter; flattens envelope + payload fields into extension KV pairs; wired to <code>spanforge export siem</code> CLI</td>
1245
+ <td>Security / compliance teams</td>
1246
+ </tr>
1195
1247
  <tr>
1196
1248
  <td><code>spanforge.stream</code></td>
1197
1249
  <td>Fan-out router — one <code>drain()</code> call reaches multiple backends; Kafka source</td>
@@ -1199,7 +1251,7 @@ spanforge/
1199
1251
  </tr>
1200
1252
  <tr>
1201
1253
  <td><code>spanforge.integrations</code></td>
1202
- <td>Auto-instrumentation for OpenAI, Anthropic, LangChain, LlamaIndex, CrewAI, Groq, Ollama, Together</td>
1254
+ <td>Auto-instrumentation for OpenAI, Anthropic, LangChain, LlamaIndex, CrewAI, Groq, Ollama, Together; <code>SpanForgeLangGraphCallback</code> — 5-hook LangChain-compatible callback for LangGraph workflows</td>
1203
1255
  <td>App developers</td>
1204
1256
  </tr>
1205
1257
  <tr>
@@ -1373,7 +1425,7 @@ spanforge/
1373
1425
  </tr>
1374
1426
  <tr>
1375
1427
  <td><code>spanforge.sdk.gate</code></td>
1376
- <td><code>SFGateClient</code> — <code>evaluate(gate_id, payload) → GateEvaluationResult</code>, <code>evaluate_prri(prri_score) → PRRIResult</code>, <code>run_pipeline(gate_config_path) → GateRunResult</code>, <code>get_artifact(gate_id)</code>, <code>list_artifacts()</code>, <code>purge_artifacts(older_than_days)</code>, <code>get_status() → GateStatusInfo</code>, <code>configure(config)</code>. Six built-in gate executors: <code>schema_validation</code>, <code>dependency_security</code>, <code>secrets_scan</code>, <code>performance_regression</code>, <code>halluccheck_prri</code>, <code>halluccheck_trust</code>. PRRI three-tier verdict (<code>GREEN</code>/<code>AMBER</code>/<code>RED</code>), <code>GateArtifact</code> store with configurable retention, composite trust gate (HRI rate + PII window + secrets window), five exception types. 174 tests, mypy strict + bandit clean. <em>(Phase 8, v2.0.7+)</em></td>
1428
+ <td><code>SFGateClient</code> — <code>evaluate(gate_id, payload) → GateEvaluationResult</code>, <code>evaluate_prri(project_id, *, prri_score) → PRRIResult</code>, <code>run_pipeline(gate_config_path) → GateRunResult</code>, <code>get_artifact(gate_id)</code>, <code>list_artifacts()</code>, <code>purge_artifacts(older_than_days)</code>, <code>get_status() → GateStatusInfo</code>, <code>configure(config)</code>. Six built-in gate executors: <code>schema_validation</code>, <code>dependency_security</code>, <code>secrets_scan</code>, <code>performance_regression</code>, <code>halluccheck_prri</code>, <code>halluccheck_trust</code>. PRRI three-tier verdict (<code>GREEN</code>/<code>AMBER</code>/<code>RED</code>), <code>GateArtifact</code> store with configurable retention, composite trust gate (HRI rate + PII window + secrets window), five exception types. 174 tests, mypy strict + bandit clean. <em>(Phase 8, v2.0.7+)</em></td>
1377
1429
  <td>DevOps / CI / platform teams</td>
1378
1430
  </tr>
1379
1431
  <tr>
@@ -1398,7 +1450,7 @@ spanforge/
1398
1450
  </tr>
1399
1451
  <tr>
1400
1452
  <td><code>spanforge.sdk.pipelines</code></td>
1401
- <td>5 HallucCheck ↔ SpanForge pipeline integrations: <code>score_pipeline(text)</code> (PII → secrets → observe → audit), <code>bias_pipeline(report)</code> (PII → audit → alert → anonymise), <code>monitor_pipeline(event)</code> (observe → alert → OTel export), <code>risk_pipeline(prri_score)</code> (PRRI → alert → gate → CEC), <code>benchmark_pipeline(results)</code> (audit → alert → anonymise). Each returns <code>PipelineResult</code> with audit trail. <em>(Phase 10, v2.0.9+)</em></td>
1453
+ <td>5 HallucCheck ↔ SpanForge pipeline integrations: <code>score_pipeline(text)</code> (PII → secrets → observe → audit), <code>bias_pipeline(bias_report)</code> (PII → audit → alert → anonymise), <code>monitor_pipeline(event)</code> (annotate → alert → OTel export), <code>risk_pipeline(prri_record)</code> (audit → alert if RED optional gate → optional CEC), <code>benchmark_pipeline(run_result)</code> (audit → F1 regression alert → anonymise). Each returns <code>PipelineResult</code> with audit trail. <em>(Phase 10, v2.0.9+)</em></td>
1402
1454
  <td>ML / eval / platform teams</td>
1403
1455
  </tr>
1404
1456
  <td><code>SFCECClient</code> — <code>build_bundle(project_id, date_range, frameworks)</code> assembles a signed ZIP with <code>manifest.json</code>, <code>clause_map.json</code>, <code>chain_proof.json</code>, <code>attestation.json</code>, <code>rfc3161_timestamp.tsr</code>, and 6 NDJSON evidence directories. HMAC-SHA256 manifest signing, BYOS detection. <code>verify_bundle(zip_path)</code> re-verifies HMAC + chain + timestamp. <code>generate_dpa(project_id, controller_details, processor_details)</code> produces a GDPR Article 28 Data Processing Agreement. <code>get_status()</code> returns bundle count, BYOS provider, and last bundle timestamp. Supports all 5 frameworks: <code>eu_ai_act</code>, <code>iso_42001</code>, <code>nist_ai_rmf</code>, <code>iso27001</code>, <code>soc2</code>. 148 tests, 87% coverage, mypy strict + bandit clean. <em>(Phase 5, v2.0.4+)</em></td>
@@ -1416,7 +1468,7 @@ spanforge/
1416
1468
 
1417
1469
  ## Quality
1418
1470
 
1419
- - **5 863 tests** passing (14 skipped) — unit, integration, property-based (Hypothesis), performance benchmarks
1471
+ - **7 049 tests** passing (7 skipped) — unit, integration, property-based (Hypothesis), performance benchmarks
1420
1472
  - **≥ 91% line and branch coverage** — 90% minimum enforced in CI
1421
1473
  - **Zero required dependencies** — entire core runs on Python stdlib
1422
1474
  - **Typed** — full `py.typed` marker; mypy + pyright clean
@@ -1432,7 +1484,7 @@ git clone https://github.com/veerarag1973/spanforge.git
1432
1484
  cd spanforge
1433
1485
  python -m venv .venv && .venv\Scripts\activate
1434
1486
  pip install -e ".[dev]"
1435
- pytest # 5 351 tests
1487
+ pytest # 7 049 tests
1436
1488
  ```
1437
1489
 
1438
1490
  <details>
{spanforge-1.0.0 → spanforge-1.0.2}/README.md RENAMED
@@ -13,9 +13,9 @@
13
13
  <img src="https://img.shields.io/badge/python-3.9%2B-4c8cbf?logo=python&logoColor=white" alt="Python 3.9+"/>
14
14
  <a href="https://pypi.org/project/spanforge/"><img src="https://img.shields.io/pypi/v/spanforge?color=4c8cbf&logo=pypi&logoColor=white" alt="PyPI"/></a>
15
15
  <a href="https://www.getspanforge.com/standard"><img src="https://img.shields.io/badge/standard-SpanForge_RFC--0001-4c8cbf" alt="spanforge RFC-0001"/></a>
16
- <img src="https://img.shields.io/badge/coverage-90.96%25-brightgreen" alt="90.96% test coverage"/>
17
- <img src="https://img.shields.io/badge/tests-6138%20passing-brightgreen" alt="6138 tests"/>
18
- <img src="https://img.shields.io/badge/version-1.0.0-4c8cbf" alt="Version 1.0.0"/>
16
+ <img src="https://img.shields.io/badge/coverage-91%25-brightgreen" alt="91% test coverage"/>
17
+ <img src="https://img.shields.io/badge/tests-7049%20passing-brightgreen" alt="7049 tests"/>
18
+ <img src="https://img.shields.io/badge/version-1.0.2-4c8cbf" alt="Version 1.0.2"/>
19
19
  <img src="https://img.shields.io/badge/dependencies-zero-brightgreen" alt="Zero dependencies"/>
20
20
  <a href="docs/index.md"><img src="https://img.shields.io/badge/docs-local-4c8cbf" alt="Documentation"/></a>
21
21
  <a href="LICENSE"><img src="https://img.shields.io/badge/license-PolyForm%20NC%201.0-blue" alt="PolyForm Noncommercial 1.0"/></a>
@@ -66,7 +66,8 @@ spanforge.configure() # that's it — you're now compliant-by-default
66
66
  - Generate HMAC-signed **evidence packages** with gap analysis
67
67
  - Track **consent boundaries**, **HITL oversight**, **model registry** governance, and **explainability** coverage
68
68
  - Produce audit-ready attestations with model owner, risk tier, and status metadata
69
- - **Compliance Evidence Chain (sf-cec)** — signed ZIP bundles with regulatory clause maps, DPA generation, and RFC 3161 timestamps for auditor hand-off
69
+ - **Compliance Evidence Chain (sf-cec)** — signed ZIP bundles with regulatory clause maps, DPA generation, and RFC 3161 timestamps for auditor hand-off; `spanforge audit cec generate` CLI generates CEC bundles without Python code
70
+ - **Human-in-the-Loop Workflow Engine (`spanforge.workflow`)** — approval workflows for gate reviews, policy sign-offs, and escalations; full state machine (PENDING → APPROVED / REJECTED → CLOSED) with SLA auto-escalation and role-based action matrix
70
71
  - **Observability SDK (sf-observe)** — span export (OTLP/Datadog/Grafana/Splunk/Elastic), W3C TraceContext, OTel GenAI attrs, sampling strategies, annotation store, and health probes
71
72
  - **CI/CD Gate Pipeline (sf-gate)** — evaluate release quality gates (schema, secrets, performance, PRRI, trust), YAML pipeline engine, artifact store, and blocking trust gate to prevent unsafe releases
72
73
  - **T.R.U.S.T. Scorecard (sf-trust)** — five-pillar trust dimensions (Transparency · Reliability · UserTrust · Security · Traceability), configurable weights, SVG badge, history time-series, and 5 HallucCheck pipeline integrations (score, bias, monitor, risk, benchmark)
@@ -76,8 +77,12 @@ spanforge.configure() # that's it — you're now compliant-by-default
76
77
  </td>
77
78
  <td width="50%">
78
79
 
79
- ### Privacy & Audit Infrastructure- **Secrets scanning** — 20-pattern registry detects API keys, tokens, private keys; SARIF output; pre-commit hook- **PII redaction** — detect and strip sensitive data before it leaves your app. Includes a Presidio NLP backend (`spanforge[presidio]`) covering 15 entity types (SSN, email, phone, AADHAAR, PAN, UK NI, credit card, IBAN, and more) with ≥ 95% true-positive rate and < 0.5% false-positive rate verified at GA
80
- - **HMAC audit chains** — tamper-evident, blockchain-style event signing- **Audit SDK (`sf-audit`)** — `sf_audit.append()`, schema key registry, T.R.U.S.T. scorecard, GDPR Article 30 RoPA, BYOS cloud routing- **GDPR subject erasure** — right-to-erasure with tombstone events that preserve chain integrity
80
+ ### Privacy & Audit Infrastructure
81
+ - **Secrets scanning** — 20-pattern registry detects API keys, tokens, private keys; SARIF output; pre-commit hook
82
+ - **PII redaction** — detect and strip sensitive data before it leaves your app. Includes a Presidio NLP backend (`spanforge[presidio]`) covering 15 entity types (SSN, email, phone, AADHAAR, PAN, UK NI, credit card, IBAN, and more) with ≥ 95% true-positive rate and < 0.5% false-positive rate verified at GA
83
+ - **HMAC audit chains** — tamper-evident, blockchain-style event signing
84
+ - **Audit SDK (`sf-audit`)** — `sf_audit.append()`, schema key registry, T.R.U.S.T. scorecard, GDPR Article 30 RoPA, BYOS cloud routing
85
+ - **GDPR subject erasure** — right-to-erasure with tombstone events that preserve chain integrity
81
86
  - **Air-gapped deployment** — runs fully offline with zero egress
82
87
 
83
88
  </td>
@@ -89,7 +94,7 @@ spanforge.configure() # that's it — you're now compliant-by-default
89
94
  - **Consent boundary monitoring** — `consent.granted`, `consent.revoked`, `consent.violation` events
90
95
  - **Human-in-the-loop hooks** — `hitl.queued`, `hitl.reviewed`, `hitl.escalated`, `hitl.timeout` events
91
96
  - **Model registry** — register, deprecate, retire models; attestations auto-warn on ungoverned models
92
- - **Explainability tracking** — measure what % of AI decisions have explanations attached
97
+ - **Explainability tracking** — `sf_explain.explain(response, context)` returns a signed `ExplainRecord` with EU AI Act Article 13/14 clause mapping, `decision_drivers`, and HMAC-signed audit entry on every call. `@spanforge.governed` wraps any callable to auto-explain every model response with zero extra code.
93
98
 
94
99
  </td>
95
100
  <td>
@@ -105,7 +110,10 @@ spanforge.configure() # that's it — you're now compliant-by-default
105
110
  - **Auto-instrumentation** — patch OpenAI, Anthropic, LangChain, CrewAI, and more; `@trace_rag` decorator and automatic LlamaIndex/LangChain retriever instrumentation for zero-change RAG tracing
106
111
  - **Async SDK** — every major SDK method now has a non-blocking `*_async()` variant (`scan_async`, `evaluate_async`, `build_bundle_async`, `get_scorecard_async`, `sso_delegate_session_async`) for seamless use in async frameworks
107
112
  - **User feedback REST endpoint** — `POST /v1/feedback` accepts star/thumbs/Likert ratings and free-text comments (SHA-256 hashed); links to T.R.U.S.T. dimensions
108
- - **33 CLI commands** — compliance checks, PII scans, secrets scanning, audit-chain verification, CI/CD gate pipelines, trust scorecards, config validation, enterprise health, security scanning, doctor diagnostics, all CI-ready
113
+ - **`spanforge config init / validate`** interactive config wizard, schema validation, and connectivity probe for `~/.spanforge/config.yaml`
114
+ - **`spanforge export siem`** — stream CEF or LEEF lines from a JSONL events file to any SIEM via `--format cef|leef`; reads stdin or `--input FILE`
115
+ - **`SpanForgeLangGraphCallback`** — LangChain-compatible callback (`on_chain_start/end`, `on_tool_start/end`, `on_agent_action`) that emits typed SpanForge events; no LangGraph runtime required
116
+ - **39 CLI commands** — compliance checks, PII scans, secrets scanning, audit-chain verification, event generation, audit log extraction, CEC bundle generation, gap detection, gate policy audit, CI/CD gate pipelines, trust scorecards, config validation, enterprise health, security scanning, doctor diagnostics, all CI-ready
109
117
 
110
118
  </td>
111
119
  </tr>
@@ -175,9 +183,9 @@ pip install "spanforge[all]" # everything above
175
183
 
176
184
  The GA implementation spine is the runtime-governance control plane:
177
185
 
178
- - `sf_explain` for signed runtime explanations
179
- - `sf_scope` for agent capability enforcement
180
- - `sf_rbac` for role enforcement on sensitive actions
186
+ - `sf_explain` for signed runtime explanations — now with `ExplainModelType` classification (LLM, RAG, MULTI_AGENT, CLASSIFIER, EMBEDDING), configurable retry, and fail-safe emit
187
+ - `sf_scope` for agent capability enforcement — now with circuit-breaker fail-secure mode and `ACTION_CATEGORIES` dictionary
188
+ - `sf_rbac` for role enforcement on sensitive actions — now with `STANDARD_ROLE_MATRIX` (10 canonical actor types), YAML manifest loading, and JWT claim extraction
181
189
  - `sf_rag` for grounding evidence and thresholds
182
190
  - `sf_lineage` for provenance capture
183
191
  - `sf_policy` for policy activation, replay, simulation, and review
@@ -417,7 +425,7 @@ verdict = sf_gate.evaluate("schema-validation", event.to_dict())
417
425
  print(verdict.verdict) # GateVerdict.PASS
418
426
 
419
427
  # Standalone PRRI evaluation
420
- prri = sf_gate.evaluate_prri(prri_score=28.5)
428
+ prri = sf_gate.evaluate_prri("my-agent", prri_score=28)
421
429
  print(prri.verdict) # PRRIVerdict.GREEN
422
430
 
423
431
  # Composite trust gate — checks HRI rate, PII, and secrets windows
@@ -581,8 +589,8 @@ from spanforge.sdk.pipelines import (
581
589
  result = score_pipeline("The model output to check", model="gpt-4o")
582
590
  print(result.audit_id, result.details)
583
591
 
584
- # Risk pipeline: PRRI evaluation → alert if RED → gate block → CEC bundle
585
- result = risk_pipeline(prri_score=75.0, project_id="my-agent")
592
+ # Risk pipeline: audit PRRI record → alert if RED → optional gate → optional CEC bundle
593
+ result = risk_pipeline({"verdict": "RED", "prri_score": 75.0}, project_id="my-agent")
586
594
  print(result.details["verdict"]) # "RED"
587
595
  ```
588
596
 
@@ -619,7 +627,7 @@ with mock_all_services():
619
627
  sf_audit.append({"score": 0.92}, schema_key="halluccheck.score.v1")
620
628
  assert len(sf_audit.calls) == 1 # inspect recorded calls
621
629
 
622
- prri = sf_gate.evaluate_prri(prri_score=28.5)
630
+ prri = sf_gate.evaluate_prri("my-agent", prri_score=28)
623
631
  assert prri.allow # GREEN by default
624
632
  ```
625
633
 
@@ -817,6 +825,15 @@ await stream.drain(GrafanaLokiExporter(url="http://loki:3100")) # Grafana Lo
817
825
  await stream.drain(CloudExporter(api_key="sf_live_xxx")) # spanforge Cloud
818
826
  await stream.drain(SplunkHECExporter()) # Splunk HEC (env-var config)
819
827
  await stream.drain(SyslogExporter()) # Syslog/CEF (env-var config)
828
+
829
+ # Lightweight CEF/LEEF string formatter (no network, no dependencies)
830
+ from spanforge.export.siem import SIEMExporter
831
+ exporter = SIEMExporter(format="cef")
832
+ for event in events:
833
+ print(exporter.export(event)) # one CEF line per event
834
+
835
+ # Or via CLI
836
+ # spanforge export siem --format leef --input audit.jsonl | logger -n siem.corp.example -P 514
820
837
  ```
821
838
 
822
839
  Fan-out routing for compliance alerting:
@@ -835,7 +852,7 @@ await stream.route(
835
852
 
836
853
  ## CLI
837
854
 
838
- 32 commands — all CI-pipeline ready:
855
+ 38 commands — all CI-pipeline ready:
839
856
 
840
857
  ```bash
841
858
  # Compliance
@@ -851,25 +868,50 @@ spanforge audit-chain events.jsonl # verify chain integrity
851
868
  spanforge audit erase events.jsonl --subject-id user123 # GDPR erasure
852
869
  spanforge audit rotate-key events.jsonl # key rotation
853
870
  spanforge audit verify --input events.jsonl # verify integrity
871
+ spanforge audit extract events.jsonl --type llm.trace.span.completed --since 2026-01-01 # filter & extract
872
+ spanforge audit cec generate --project-id my-agent --sign # CEC compliance bundle ZIP
873
+ spanforge audit gap-finder events.jsonl --threshold-minutes 30 # detect time gaps + missing fields
854
874
 
855
875
  # Privacy & Secrets
856
876
  spanforge scan events.jsonl --fail-on-match # CI-gate PII scan
857
877
  spanforge secrets scan <file> # scan file for secrets (exit 0=clean, 1=found)
858
878
  spanforge secrets scan <file> --format sarif # SARIF output for GitHub Code Scanning
859
879
  spanforge secrets scan <file> --redact # print redacted version to stdout
880
+ spanforge secrets set KEY VALUE # store a secret in local secrets store
881
+ spanforge secrets get KEY # retrieve a stored secret
882
+ spanforge secrets list # list stored secret key names
883
+ spanforge secrets delete KEY # remove a stored secret
884
+
885
+ # Event generation
886
+ spanforge event create --type llm.trace.span.completed --count 10 --format jsonl # generate test events
860
887
 
861
888
  # Validation
862
- spanforge check # end-to-end health check
889
+ spanforge check # 9-step end-to-end health check (--verbose for timing)
863
890
  spanforge check-compat events.json # v2.0 compatibility
864
891
  spanforge validate events.jsonl # JSON Schema validation
892
+ spanforge validate events.jsonl --report detailed --format json # detailed report
893
+ spanforge validate --dataset training.jsonl # Article 10 compliance scan; exits 1 if any clause fails
894
+ spanforge validate --dataset training.jsonl --output json # machine-readable JSON report
895
+ spanforge validate --dataset training.jsonl --output pdf # PDF report (requires pip install spanforge[compliance])
865
896
 
866
897
  # Configuration
867
- spanforge config validate # validate .halluccheck.toml (auto-discover)
868
- spanforge config validate --file path/to.toml # validate specific config file
898
+ spanforge config init # interactive wizard → ~/.spanforge/config.yaml
899
+ spanforge config init --non-interactive # write defaults immediately
900
+ spanforge config init --force # overwrite existing config
901
+ spanforge config validate # validate ~/.spanforge/config.yaml
902
+ spanforge config validate --config path/to.yaml --check-connectivity # validate + probe OTLP
903
+ spanforge config validate --file path/to.toml # validate .halluccheck.toml (legacy)
904
+
905
+ # Development
906
+ spanforge dev reset # wipe local dev state (trace store, audit chain)
907
+ spanforge dev reset --hard # also delete ~/.spanforge/config.yaml
908
+ spanforge dev reset --dry-run # list files that would be removed
869
909
 
870
910
  # Analysis
871
911
  spanforge stats events.jsonl # counts, tokens, cost
912
+ spanforge stats events.jsonl --group-by model --format json # grouped stats, JSON output
872
913
  spanforge inspect <EVENT_ID> events.jsonl # pretty-print one event
914
+ spanforge inspect <EVENT_ID> events.jsonl --format csv # CSV export
873
915
  spanforge cost events.jsonl # token spend report
874
916
  spanforge cost run --run-id <id> --input events.jsonl # per-run cost report
875
917
 
@@ -889,6 +931,7 @@ spanforge gate run gates/ci-pipeline.yaml # run YAML gate pipeline
889
931
  spanforge gate run gates/ci-pipeline.yaml --format json # JSON output for CI dashboards
890
932
  spanforge gate evaluate schema-validation --payload event.json # evaluate single gate
891
933
  spanforge gate trust-gate --project-id my-agent # composite trust gate check
934
+ spanforge gate audit events.jsonl --fail-on-violation # policy audit of gate records (CI gate)
892
935
 
893
936
  # T.R.U.S.T. Scorecard
894
937
  spanforge trust scorecard --project-id my-agent # five-pillar trust scorecard (text table)
@@ -963,7 +1006,8 @@ spanforge/
963
1006
  +-- _store.py — TraceStore ring buffer
964
1007
  +-- _hooks.py — HookRegistry (lifecycle hooks)
965
1008
  +-- _server.py — HTTP server (/traces, /compliance/summary)
966
- +-- _cli.py ← 25 CLI sub-commands
1009
+ +-- _cli.py ← 39 CLI sub-commands
1010
+ +-- workflow.py — Human-in-the-Loop Workflow Engine (CORE-15); WorkflowEngine, WorkflowType, state machine, SLA escalation
967
1011
  +-- cost.py — CostTracker, BudgetMonitor, @budget_alert
968
1012
  +-- cache.py — SemanticCache, @cached decorator
969
1013
  +-- retry.py — @retry, FallbackChain, CircuitBreaker
@@ -982,6 +1026,9 @@ spanforge/
982
1026
  +-- namespaces/ — Typed payload dataclasses
983
1027
  +-- gate.py — GateRunner YAML pipeline engine, 6 gate executors, artifact store (Phase 8)
984
1028
  +-- sdk/ — Service SDK clients (sf-identity, sf-pii, sf-secrets, sf-audit, sf-cec, sf-observe, sf-alert, sf-gate, sf-trust, sf-enterprise, sf-security)
1029
+ │ +-- explain.py — SFExplainClient – ExplainModelType enum (LLM/RAG/MULTI_AGENT/CLASSIFIER/EMBEDDING), signed explanations, retry+timeout emit (Phase 1B)
1030
+ │ +-- scope.py — SFScopeClient – ACTION_CATEGORIES (5 categories), circuit-breaker fail-secure, resolve_action_category() (Phase 1B)
1031
+ │ +-- rbac.py — SFRBACClient – STANDARD_ROLE_MATRIX (10 actor types), register_actor_from_yaml(), register_actor_from_jwt() (Phase 1C)
985
1032
  │ +-- identity.py — SFIdentityClient – keys, JWT, TOTP, MFA, magic-link
986
1033
  │ +-- pii.py — SFPIIClient – scan, redact, anonymize
987
1034
  │ +-- secrets.py — SFSecretsClient – 20-pattern secret scanning, SARIF output
@@ -1088,6 +1135,11 @@ spanforge/
1088
1135
  <td><code>SyslogExporter</code> — RFC 5424 and ArcSight CEF exporter over UDP or TCP; severity derived from event type; CEF extension values properly escaped; <code>SyslogExporterError</code> on socket failure</td>
1089
1136
  <td>Security / compliance teams</td>
1090
1137
  </tr>
1138
+ <tr>
1139
+ <td><code>spanforge.export.siem</code></td>
1140
+ <td><code>SIEMExporter</code> — lightweight, network-free CEF v0 and IBM LEEF 2.0 string formatter; flattens envelope + payload fields into extension KV pairs; wired to <code>spanforge export siem</code> CLI</td>
1141
+ <td>Security / compliance teams</td>
1142
+ </tr>
1091
1143
  <tr>
1092
1144
  <td><code>spanforge.stream</code></td>
1093
1145
  <td>Fan-out router — one <code>drain()</code> call reaches multiple backends; Kafka source</td>
@@ -1095,7 +1147,7 @@ spanforge/
1095
1147
  </tr>
1096
1148
  <tr>
1097
1149
  <td><code>spanforge.integrations</code></td>
1098
- <td>Auto-instrumentation for OpenAI, Anthropic, LangChain, LlamaIndex, CrewAI, Groq, Ollama, Together</td>
1150
+ <td>Auto-instrumentation for OpenAI, Anthropic, LangChain, LlamaIndex, CrewAI, Groq, Ollama, Together; <code>SpanForgeLangGraphCallback</code> — 5-hook LangChain-compatible callback for LangGraph workflows</td>
1099
1151
  <td>App developers</td>
1100
1152
  </tr>
1101
1153
  <tr>
@@ -1269,7 +1321,7 @@ spanforge/
1269
1321
  </tr>
1270
1322
  <tr>
1271
1323
  <td><code>spanforge.sdk.gate</code></td>
1272
- <td><code>SFGateClient</code> — <code>evaluate(gate_id, payload) → GateEvaluationResult</code>, <code>evaluate_prri(prri_score) → PRRIResult</code>, <code>run_pipeline(gate_config_path) → GateRunResult</code>, <code>get_artifact(gate_id)</code>, <code>list_artifacts()</code>, <code>purge_artifacts(older_than_days)</code>, <code>get_status() → GateStatusInfo</code>, <code>configure(config)</code>. Six built-in gate executors: <code>schema_validation</code>, <code>dependency_security</code>, <code>secrets_scan</code>, <code>performance_regression</code>, <code>halluccheck_prri</code>, <code>halluccheck_trust</code>. PRRI three-tier verdict (<code>GREEN</code>/<code>AMBER</code>/<code>RED</code>), <code>GateArtifact</code> store with configurable retention, composite trust gate (HRI rate + PII window + secrets window), five exception types. 174 tests, mypy strict + bandit clean. <em>(Phase 8, v2.0.7+)</em></td>
1324
+ <td><code>SFGateClient</code> — <code>evaluate(gate_id, payload) → GateEvaluationResult</code>, <code>evaluate_prri(project_id, *, prri_score) → PRRIResult</code>, <code>run_pipeline(gate_config_path) → GateRunResult</code>, <code>get_artifact(gate_id)</code>, <code>list_artifacts()</code>, <code>purge_artifacts(older_than_days)</code>, <code>get_status() → GateStatusInfo</code>, <code>configure(config)</code>. Six built-in gate executors: <code>schema_validation</code>, <code>dependency_security</code>, <code>secrets_scan</code>, <code>performance_regression</code>, <code>halluccheck_prri</code>, <code>halluccheck_trust</code>. PRRI three-tier verdict (<code>GREEN</code>/<code>AMBER</code>/<code>RED</code>), <code>GateArtifact</code> store with configurable retention, composite trust gate (HRI rate + PII window + secrets window), five exception types. 174 tests, mypy strict + bandit clean. <em>(Phase 8, v2.0.7+)</em></td>
1273
1325
  <td>DevOps / CI / platform teams</td>
1274
1326
  </tr>
1275
1327
  <tr>
@@ -1294,7 +1346,7 @@ spanforge/
1294
1346
  </tr>
1295
1347
  <tr>
1296
1348
  <td><code>spanforge.sdk.pipelines</code></td>
1297
- <td>5 HallucCheck ↔ SpanForge pipeline integrations: <code>score_pipeline(text)</code> (PII → secrets → observe → audit), <code>bias_pipeline(report)</code> (PII → audit → alert → anonymise), <code>monitor_pipeline(event)</code> (observe → alert → OTel export), <code>risk_pipeline(prri_score)</code> (PRRI → alert → gate → CEC), <code>benchmark_pipeline(results)</code> (audit → alert → anonymise). Each returns <code>PipelineResult</code> with audit trail. <em>(Phase 10, v2.0.9+)</em></td>
1349
+ <td>5 HallucCheck ↔ SpanForge pipeline integrations: <code>score_pipeline(text)</code> (PII → secrets → observe → audit), <code>bias_pipeline(bias_report)</code> (PII → audit → alert → anonymise), <code>monitor_pipeline(event)</code> (annotate → alert → OTel export), <code>risk_pipeline(prri_record)</code> (audit → alert if RED optional gate → optional CEC), <code>benchmark_pipeline(run_result)</code> (audit → F1 regression alert → anonymise). Each returns <code>PipelineResult</code> with audit trail. <em>(Phase 10, v2.0.9+)</em></td>
1298
1350
  <td>ML / eval / platform teams</td>
1299
1351
  </tr>
1300
1352
  <td><code>SFCECClient</code> — <code>build_bundle(project_id, date_range, frameworks)</code> assembles a signed ZIP with <code>manifest.json</code>, <code>clause_map.json</code>, <code>chain_proof.json</code>, <code>attestation.json</code>, <code>rfc3161_timestamp.tsr</code>, and 6 NDJSON evidence directories. HMAC-SHA256 manifest signing, BYOS detection. <code>verify_bundle(zip_path)</code> re-verifies HMAC + chain + timestamp. <code>generate_dpa(project_id, controller_details, processor_details)</code> produces a GDPR Article 28 Data Processing Agreement. <code>get_status()</code> returns bundle count, BYOS provider, and last bundle timestamp. Supports all 5 frameworks: <code>eu_ai_act</code>, <code>iso_42001</code>, <code>nist_ai_rmf</code>, <code>iso27001</code>, <code>soc2</code>. 148 tests, 87% coverage, mypy strict + bandit clean. <em>(Phase 5, v2.0.4+)</em></td>
@@ -1312,7 +1364,7 @@ spanforge/
1312
1364
 
1313
1365
  ## Quality
1314
1366
 
1315
- - **5 863 tests** passing (14 skipped) — unit, integration, property-based (Hypothesis), performance benchmarks
1367
+ - **7 049 tests** passing (7 skipped) — unit, integration, property-based (Hypothesis), performance benchmarks
1316
1368
  - **≥ 91% line and branch coverage** — 90% minimum enforced in CI
1317
1369
  - **Zero required dependencies** — entire core runs on Python stdlib
1318
1370
  - **Typed** — full `py.typed` marker; mypy + pyright clean
@@ -1328,7 +1380,7 @@ git clone https://github.com/veerarag1973/spanforge.git
1328
1380
  cd spanforge
1329
1381
  python -m venv .venv && .venv\Scripts\activate
1330
1382
  pip install -e ".[dev]"
1331
- pytest # 5 351 tests
1383
+ pytest # 7 049 tests
1332
1384
  ```
1333
1385
 
1334
1386
  <details>