substrai-guardrailgraph 0.1.0__tar.gz

substrai_guardrailgraph-0.1.0/.gitignore

@@ -0,0 +1,45 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+*.egg
+
+# Virtual environments
+.venv/
+venv/
+ENV/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+.mypy_cache/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Audit logs (generated)
+*.jsonl
+reports/

substrai_guardrailgraph-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Gaurav Kumar Sinha / SubstrAI
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

substrai_guardrailgraph-0.1.0/PKG-INFO

@@ -0,0 +1,244 @@
+Metadata-Version: 2.4
+Name: substrai-guardrailgraph
+Version: 0.1.0
+Summary: Composable AI safety pipeline framework with industry compliance packs
+Project-URL: Homepage, https://github.com/substrai/guardrailgraph
+Project-URL: Documentation, https://substrai.github.io/guardrailgraph
+Project-URL: Repository, https://github.com/substrai/guardrailgraph
+Project-URL: Issues, https://github.com/substrai/guardrailgraph/issues
+Author-email: Gaurav Kumar Sinha <gaurav@substrai.dev>
+License-Expression: MIT
+License-File: LICENSE
+Keywords: ai-safety,aws-lambda,compliance,dag,guardrails,hipaa,llm,pipeline,serverless
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
+Classifier: Topic :: Security
+Requires-Python: >=3.9
+Requires-Dist: pyyaml>=6.0
+Provides-Extra: all
+Requires-Dist: boto3>=1.28.0; extra == 'all'
+Provides-Extra: aws
+Requires-Dist: boto3>=1.28.0; extra == 'aws'
+Provides-Extra: dev
+Requires-Dist: mypy>=1.0; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.21; extra == 'dev'
+Requires-Dist: pytest-cov>=4.0; extra == 'dev'
+Requires-Dist: pytest>=7.0; extra == 'dev'
+Requires-Dist: ruff>=0.1.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# GuardrailGraph
+
+> **Composable AI safety pipeline framework** — define guardrails as a DAG of checks that work across any LLM provider, with industry-specific compliance packs for HIPAA, SOX, GDPR, and FedRAMP.
+
+[![PyPI](https://img.shields.io/pypi/v/substrai-guardrailgraph)](https://pypi.org/project/substrai-guardrailgraph/)
+[![npm](https://img.shields.io/npm/v/@substrai/guardrailgraph)](https://www.npmjs.com/package/@substrai/guardrailgraph)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Why GuardrailGraph?
+
+Every enterprise deploying LLMs needs guardrails. Current options are either provider-locked (Bedrock Guardrails), complex (NeMo Guardrails), or limited (Guardrails AI). GuardrailGraph is the first framework that combines:
+
+- **Composable DAG execution** — checks run in parallel for low latency
+- **Provider agnostic** — works with Bedrock, OpenAI, Anthropic, or any LLM
+- **Industry compliance packs** — HIPAA, SOX, GDPR out of the box
+- **Serverless-native** — designed for AWS Lambda from day one
+- **Simple API** — `@check` decorator + `pipeline()` builder
+
+## Installation
+
+```bash
+# Python
+pip install substrai-guardrailgraph
+
+# npm (TypeScript/JavaScript)
+npm install @substrai/guardrailgraph
+```
+
+## Quick Start
+
+### 5-Minute Setup
+
+```python
+from guardrailgraph import pipeline, check, Action
+from guardrailgraph.checks import pii_check, toxicity_check, injection_check
+
+# Create a pipeline with built-in checks
+my_pipeline = pipeline(
+    name="my-app",
+    checks=[
+        pii_check(action=Action.REDACT),
+        toxicity_check(threshold=0.7),
+        injection_check(),
+    ],
+    mode="fail-closed",
+)
+
+# Run guardrails on any text
+result = my_pipeline.run("User input here")
+
+if result.allowed:
+    # Safe to forward to LLM
+    text = result.modified_text or "User input here"
+else:
+    # Content blocked
+    print(f"Blocked: {result.action.value}")
+```
+
+### Custom Checks
+
+```python
+from guardrailgraph import check, Action
+
+@check(name="profanity", action=Action.BLOCK, threshold=0.7)
+def check_profanity(text: str) -> dict:
+    """Custom profanity detection."""
+    bad_words = ["badword1", "badword2"]
+    found = [w for w in bad_words if w in text.lower()]
+    return {
+        "detected": len(found) > 0,
+        "confidence": min(len(found) / 2.0, 1.0),
+        "matched": found,
+    }
+```
+
+### Industry Compliance Packs
+
+```python
+from guardrailgraph import pipeline
+from guardrailgraph.packs import hipaa, financial
+
+# HIPAA-compliant healthcare chatbot
+healthcare = pipeline(
+    name="patient-assistant",
+    packs=[hipaa.full()],
+)
+
+# SOX-compliant financial advisor
+finance = pipeline(
+    name="investment-advisor",
+    packs=[financial.sox()],
+    mode="fail-closed",
+)
+```
+
+### Middleware Integration
+
+```python
+from guardrailgraph.middleware import guardrail
+
+@guardrail(pipeline=my_pipeline)
+def call_llm(prompt: str) -> str:
+    """Your LLM call — automatically wrapped with guardrails."""
+    import boto3
+    client = boto3.client("bedrock-runtime")
+    # ... invoke model ...
+    return response
+```
+
+## YAML Configuration
+
+```yaml
+# guardrailgraph.yaml
+project:
+  name: "my-app-guardrails"
+  version: "1.0.0"
+
+pipeline:
+  mode: fail-closed
+  timeout_ms: 500
+  parallel: true
+
+checks:
+  - name: pii-detection
+    type: builtin/pii
+    action: redact
+    config:
+      entity_types: [SSN, PHONE, EMAIL, CREDIT_CARD]
+
+  - name: toxicity
+    type: builtin/toxicity
+    action: block
+    config:
+      threshold: 0.7
+
+  - name: prompt-injection
+    type: builtin/injection
+    action: block
+    config:
+      sensitivity: high
+```
+
+## CLI
+
+```bash
+# Scaffold a new project
+guardrailgraph init my-project
+guardrailgraph init my-project --pack hipaa
+
+# Development
+guardrailgraph dev          # Interactive testing
+guardrailgraph test         # Run tests
+guardrailgraph test --adversarial  # Adversarial suite
+guardrailgraph validate     # Validate config
+```
+
+## Built-in Checks
+
+| Check | Description | Default Action |
+|-------|-------------|----------------|
+| `pii_check()` | Detects SSN, phone, email, credit card, IP | REDACT |
+| `toxicity_check()` | Scores hate, violence, sexual, self-harm | BLOCK |
+| `topic_check()` | Block/allow specific topics | BLOCK |
+| `injection_check()` | Prompt injection defense | BLOCK |
+| `cost_check()` | Token/cost limits per request | BLOCK |
+
+## Architecture
+
+```
+Input → [Check 1] ──→ [Check 2] ──→ [Check 3]
+         (parallel)    (parallel)    (parallel)
+              ↓              ↓              ↓
+         [PASS/BLOCK/REDACT/FLAG_FOR_REVIEW]
+              ↓
+         [Final Decision + Audit Log]
+```
+
+Checks execute as a **DAG** (directed acyclic graph). Independent checks run in parallel for minimum latency. Dependent checks run sequentially.
+
+## Integration with LambdaLLM
+
+```python
+from lambdallm import handler, Model
+from guardrailgraph import pipeline
+from guardrailgraph.packs import hipaa
+
+@handler(
+    model=Model.CLAUDE_3_SONNET,
+    guardrails=pipeline(packs=[hipaa.full()]),
+)
+def lambda_handler(event, context):
+    return context.invoke("Answer: {q}", q=event["body"]["question"])
+```
+
+## Comparison
+
+| Feature | Bedrock Guardrails | NeMo | Guardrails AI | **GuardrailGraph** |
+|---------|-------------------|------|---------------|-------------------|
+| Provider agnostic | ❌ | ❌ | Partial | ✅ |
+| Composable DAG | ❌ | ❌ | ❌ | ✅ |
+| Industry packs | ❌ | ❌ | ❌ | ✅ |
+| Serverless-native | Managed | ❌ | ❌ | ✅ |
+| Custom checks | Limited | Complex | Yes | ✅ Simple |
+| Open source | ❌ | ✅ | ✅ | ✅ MIT |
+
+## License
+
+MIT © [Gaurav Kumar Sinha](https://github.com/substrai)

substrai_guardrailgraph-0.1.0/README.md

@@ -0,0 +1,208 @@
+# GuardrailGraph
+
+> **Composable AI safety pipeline framework** — define guardrails as a DAG of checks that work across any LLM provider, with industry-specific compliance packs for HIPAA, SOX, GDPR, and FedRAMP.
+
+[![PyPI](https://img.shields.io/pypi/v/substrai-guardrailgraph)](https://pypi.org/project/substrai-guardrailgraph/)
+[![npm](https://img.shields.io/npm/v/@substrai/guardrailgraph)](https://www.npmjs.com/package/@substrai/guardrailgraph)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Why GuardrailGraph?
+
+Every enterprise deploying LLMs needs guardrails. Current options are either provider-locked (Bedrock Guardrails), complex (NeMo Guardrails), or limited (Guardrails AI). GuardrailGraph is the first framework that combines:
+
+- **Composable DAG execution** — checks run in parallel for low latency
+- **Provider agnostic** — works with Bedrock, OpenAI, Anthropic, or any LLM
+- **Industry compliance packs** — HIPAA, SOX, GDPR out of the box
+- **Serverless-native** — designed for AWS Lambda from day one
+- **Simple API** — `@check` decorator + `pipeline()` builder
+
+## Installation
+
+```bash
+# Python
+pip install substrai-guardrailgraph
+
+# npm (TypeScript/JavaScript)
+npm install @substrai/guardrailgraph
+```
+
+## Quick Start
+
+### 5-Minute Setup
+
+```python
+from guardrailgraph import pipeline, check, Action
+from guardrailgraph.checks import pii_check, toxicity_check, injection_check
+
+# Create a pipeline with built-in checks
+my_pipeline = pipeline(
+    name="my-app",
+    checks=[
+        pii_check(action=Action.REDACT),
+        toxicity_check(threshold=0.7),
+        injection_check(),
+    ],
+    mode="fail-closed",
+)
+
+# Run guardrails on any text
+result = my_pipeline.run("User input here")
+
+if result.allowed:
+    # Safe to forward to LLM
+    text = result.modified_text or "User input here"
+else:
+    # Content blocked
+    print(f"Blocked: {result.action.value}")
+```
+
+### Custom Checks
+
+```python
+from guardrailgraph import check, Action
+
+@check(name="profanity", action=Action.BLOCK, threshold=0.7)
+def check_profanity(text: str) -> dict:
+    """Custom profanity detection."""
+    bad_words = ["badword1", "badword2"]
+    found = [w for w in bad_words if w in text.lower()]
+    return {
+        "detected": len(found) > 0,
+        "confidence": min(len(found) / 2.0, 1.0),
+        "matched": found,
+    }
+```
+
+### Industry Compliance Packs
+
+```python
+from guardrailgraph import pipeline
+from guardrailgraph.packs import hipaa, financial
+
+# HIPAA-compliant healthcare chatbot
+healthcare = pipeline(
+    name="patient-assistant",
+    packs=[hipaa.full()],
+)
+
+# SOX-compliant financial advisor
+finance = pipeline(
+    name="investment-advisor",
+    packs=[financial.sox()],
+    mode="fail-closed",
+)
+```
+
+### Middleware Integration
+
+```python
+from guardrailgraph.middleware import guardrail
+
+@guardrail(pipeline=my_pipeline)
+def call_llm(prompt: str) -> str:
+    """Your LLM call — automatically wrapped with guardrails."""
+    import boto3
+    client = boto3.client("bedrock-runtime")
+    # ... invoke model ...
+    return response
+```
+
+## YAML Configuration
+
+```yaml
+# guardrailgraph.yaml
+project:
+  name: "my-app-guardrails"
+  version: "1.0.0"
+
+pipeline:
+  mode: fail-closed
+  timeout_ms: 500
+  parallel: true
+
+checks:
+  - name: pii-detection
+    type: builtin/pii
+    action: redact
+    config:
+      entity_types: [SSN, PHONE, EMAIL, CREDIT_CARD]
+
+  - name: toxicity
+    type: builtin/toxicity
+    action: block
+    config:
+      threshold: 0.7
+
+  - name: prompt-injection
+    type: builtin/injection
+    action: block
+    config:
+      sensitivity: high
+```
+
+## CLI
+
+```bash
+# Scaffold a new project
+guardrailgraph init my-project
+guardrailgraph init my-project --pack hipaa
+
+# Development
+guardrailgraph dev          # Interactive testing
+guardrailgraph test         # Run tests
+guardrailgraph test --adversarial  # Adversarial suite
+guardrailgraph validate     # Validate config
+```
+
+## Built-in Checks
+
+| Check | Description | Default Action |
+|-------|-------------|----------------|
+| `pii_check()` | Detects SSN, phone, email, credit card, IP | REDACT |
+| `toxicity_check()` | Scores hate, violence, sexual, self-harm | BLOCK |
+| `topic_check()` | Block/allow specific topics | BLOCK |
+| `injection_check()` | Prompt injection defense | BLOCK |
+| `cost_check()` | Token/cost limits per request | BLOCK |
+
+## Architecture
+
+```
+Input → [Check 1] ──→ [Check 2] ──→ [Check 3]
+         (parallel)    (parallel)    (parallel)
+              ↓              ↓              ↓
+         [PASS/BLOCK/REDACT/FLAG_FOR_REVIEW]
+              ↓
+         [Final Decision + Audit Log]
+```
+
+Checks execute as a **DAG** (directed acyclic graph). Independent checks run in parallel for minimum latency. Dependent checks run sequentially.
+
+## Integration with LambdaLLM
+
+```python
+from lambdallm import handler, Model
+from guardrailgraph import pipeline
+from guardrailgraph.packs import hipaa
+
+@handler(
+    model=Model.CLAUDE_3_SONNET,
+    guardrails=pipeline(packs=[hipaa.full()]),
+)
+def lambda_handler(event, context):
+    return context.invoke("Answer: {q}", q=event["body"]["question"])
+```
+
+## Comparison
+
+| Feature | Bedrock Guardrails | NeMo | Guardrails AI | **GuardrailGraph** |
+|---------|-------------------|------|---------------|-------------------|
+| Provider agnostic | ❌ | ❌ | Partial | ✅ |
+| Composable DAG | ❌ | ❌ | ❌ | ✅ |
+| Industry packs | ❌ | ❌ | ❌ | ✅ |
+| Serverless-native | Managed | ❌ | ❌ | ✅ |
+| Custom checks | Limited | Complex | Yes | ✅ Simple |
+| Open source | ❌ | ✅ | ✅ | ✅ MIT |
+
+## License
+
+MIT © [Gaurav Kumar Sinha](https://github.com/substrai)

substrai_guardrailgraph-0.1.0/pyproject.toml

@@ -0,0 +1,75 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "substrai-guardrailgraph"
+version = "0.1.0"
+description = "Composable AI safety pipeline framework with industry compliance packs"
+readme = "README.md"
+license = "MIT"
+requires-python = ">=3.9"
+authors = [
+    { name = "Gaurav Kumar Sinha", email = "gaurav@substrai.dev" },
+]
+keywords = [
+    "ai-safety",
+    "guardrails",
+    "llm",
+    "compliance",
+    "hipaa",
+    "serverless",
+    "aws-lambda",
+    "dag",
+    "pipeline",
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Scientific/Engineering :: Artificial Intelligence",
+    "Topic :: Security",
+]
+dependencies = [
+    "pyyaml>=6.0",
+]
+
+[project.optional-dependencies]
+aws = ["boto3>=1.28.0"]
+all = ["boto3>=1.28.0"]
+dev = [
+    "pytest>=7.0",
+    "pytest-asyncio>=0.21",
+    "pytest-cov>=4.0",
+    "ruff>=0.1.0",
+    "mypy>=1.0",
+]
+
+[project.urls]
+Homepage = "https://github.com/substrai/guardrailgraph"
+Documentation = "https://substrai.github.io/guardrailgraph"
+Repository = "https://github.com/substrai/guardrailgraph"
+Issues = "https://github.com/substrai/guardrailgraph/issues"
+
+[project.scripts]
+guardrailgraph = "guardrailgraph.cli.main:main"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/guardrailgraph"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+asyncio_mode = "auto"
+
+[tool.ruff]
+target-version = "py39"
+line-length = 100
+
+[tool.mypy]
+python_version = "3.9"
+strict = true

substrai_guardrailgraph-0.1.0/src/guardrailgraph/__init__.py

@@ -0,0 +1,19 @@
+"""GuardrailGraph — Composable AI safety pipeline framework."""
+
+from guardrailgraph.core.actions import Action
+from guardrailgraph.core.check import check, Check
+from guardrailgraph.core.pipeline import pipeline, Pipeline
+from guardrailgraph.core.result import CheckResult, PipelineResult
+from guardrailgraph.core.context import CheckContext
+
+__version__ = "0.1.0"
+__all__ = [
+    "Action",
+    "check",
+    "Check",
+    "pipeline",
+    "Pipeline",
+    "CheckResult",
+    "PipelineResult",
+    "CheckContext",
+]

substrai_guardrailgraph-0.1.0/src/guardrailgraph/checks/__init__.py

@@ -0,0 +1,20 @@
+"""Built-in guardrail checks — PII, toxicity, topic restriction, and more."""
+
+from guardrailgraph.checks.pii import pii_check, PiiDetector
+from guardrailgraph.checks.toxicity import toxicity_check, ToxicityScorer
+from guardrailgraph.checks.topics import topic_check, TopicRestrictor
+from guardrailgraph.checks.injection import injection_check, InjectionDetector
+from guardrailgraph.checks.cost import cost_check, CostLimiter
+
+__all__ = [
+    "pii_check",
+    "PiiDetector",
+    "toxicity_check",
+    "ToxicityScorer",
+    "topic_check",
+    "TopicRestrictor",
+    "injection_check",
+    "InjectionDetector",
+    "cost_check",
+    "CostLimiter",
+]