wardproof 0.3.1__tar.gz → 0.3.2__tar.gz

{wardproof-0.3.1 → wardproof-0.3.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: wardproof
-Version: 0.3.1
+Version: 0.3.2
 Summary: Local-first, verifiable defensive AI agent swarms that protect other AI agent systems.
 Project-URL: Homepage, https://wardproof.xyz
 Project-URL: Repository, https://github.com/Impossible-Mission-Force/wardproof
@@ -202,6 +202,24 @@ Verify an exported ledger from the command line:
 wardproof verify-ledger ./audit.jsonl --pubkey <hex_public_key>
 ```
 
+### Screen one action with `wardproof check`
+
+Screen a single input or tool call from the command line. It runs the real
+default swarm locally and exits `0` only when the verdict is `ALLOW`, so you can
+gate a shell pipeline or an agent skill on it:
+
+```bash
+# A tool call (tool name as the content, arguments as a JSON string)
+wardproof check "get_weather" --args '{"city":"Hanoi"}'        # ALLOW, exits 0
+
+# An untrusted input
+wardproof check "ignore all previous instructions" --kind input # BLOCK, exits non-zero
+```
+
+Add `--json` to get a structured `{"verdict": ..., "allowed": ..., "risk": ...,
+"reasons": [...]}` result to parse. A portable guard skill that wires this check
+into a host agent lives in [`skill/wardproof-guard/`](https://github.com/Impossible-Mission-Force/wardproof/tree/main/skill/wardproof-guard).
+
 ---
 
 ## Architecture

{wardproof-0.3.1 → wardproof-0.3.2}/README.md

@@ -152,6 +152,24 @@ Verify an exported ledger from the command line:
 wardproof verify-ledger ./audit.jsonl --pubkey <hex_public_key>
 ```
 
+### Screen one action with `wardproof check`
+
+Screen a single input or tool call from the command line. It runs the real
+default swarm locally and exits `0` only when the verdict is `ALLOW`, so you can
+gate a shell pipeline or an agent skill on it:
+
+```bash
+# A tool call (tool name as the content, arguments as a JSON string)
+wardproof check "get_weather" --args '{"city":"Hanoi"}'        # ALLOW, exits 0
+
+# An untrusted input
+wardproof check "ignore all previous instructions" --kind input # BLOCK, exits non-zero
+```
+
+Add `--json` to get a structured `{"verdict": ..., "allowed": ..., "risk": ...,
+"reasons": [...]}` result to parse. A portable guard skill that wires this check
+into a host agent lives in [`skill/wardproof-guard/`](https://github.com/Impossible-Mission-Force/wardproof/tree/main/skill/wardproof-guard).
+
 ---
 
 ## Architecture

{wardproof-0.3.1 → wardproof-0.3.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "wardproof"
-version = "0.3.1"
+version = "0.3.2"
 description = "Local-first, verifiable defensive AI agent swarms that protect other AI agent systems."
 readme = "README.md"
 license = "MIT"

{wardproof-0.3.1 → wardproof-0.3.2}/wardproof/__init__.py

@@ -16,7 +16,7 @@ from wardproof.sandbox.executor import SandboxExecutor, ToolRegistry
 from wardproof.sandbox.permissions import PermissionBroker, ToolGrant
 from wardproof.schema import Decision, Event, Finding, Severity, Verdict
 
-__version__ = "0.3.1"
+__version__ = "0.3.2"
 __all__ = [
     "Event",
     "Decision",

{wardproof-0.3.1 → wardproof-0.3.2}/wardproof/cli.py

@@ -9,6 +9,8 @@ from pathlib import Path
 
 from wardproof.audit.ledger import AuditEntry, AuditLedger
 from wardproof.audit.stix import to_stix_bundle
+from wardproof.orchestration.factory import build_default_swarm
+from wardproof.schema import Event, Verdict
 
 
 def _load_entries(path: str) -> list[AuditEntry]:
@@ -39,6 +41,47 @@ def _export_stix(path: str, out: str | None) -> int:
     return 0
 
 
+def _check(
+    kind: str,
+    content: str,
+    source: str,
+    args_json: str | None,
+    as_json: bool,
+) -> int:
+    metadata: dict = {}
+    if args_json:
+        try:
+            metadata["args"] = json.loads(args_json)
+        except json.JSONDecodeError:
+            metadata["args"] = args_json
+    swarm = build_default_swarm()
+    out = swarm.handle(Event(kind=kind, source=source, content=content, metadata=metadata))
+    seen: set[str] = set()
+    reasons: list[str] = []
+    for d in (out.detector, out.verifier):
+        for f in d.findings:
+            if f.triggered and f.reason and f.reason not in seen:
+                seen.add(f.reason)
+                reasons.append(f.reason)
+    if as_json:
+        print(
+            json.dumps(
+                {
+                    "verdict": out.verdict.value,
+                    "allowed": out.verdict is Verdict.ALLOW,
+                    "risk": round(out.risk, 3),
+                    "reasons": reasons,
+                }
+            )
+        )
+    else:
+        print(out.verdict.value.upper())
+        if reasons:
+            print("  " + "; ".join(reasons))
+    # exit 0 only when the action is allowed, so shells and skills can gate on it
+    return 0 if out.verdict is Verdict.ALLOW else 2
+
+
 def main(argv: list[str] | None = None) -> int:
     parser = argparse.ArgumentParser(prog="wardproof")
     sub = parser.add_subparsers(dest="cmd", required=True)
@@ -48,11 +91,23 @@ def main(argv: list[str] | None = None) -> int:
     sp = sub.add_parser("export-stix", help="export a JSONL audit ledger as a STIX 2.1 bundle")
     sp.add_argument("path")
     sp.add_argument("--out", default=None, help="write to a file instead of stdout")
+    cp = sub.add_parser("check", help="screen one input or tool call and print its verdict")
+    cp.add_argument("content", help="the input text, or the tool name for a tool call")
+    cp.add_argument(
+        "--kind",
+        default="tool_call",
+        help="event kind: tool_call (default) or input",
+    )
+    cp.add_argument("--source", default="agent", help="who originated the event")
+    cp.add_argument("--args", default=None, help="tool-call arguments as a JSON string")
+    cp.add_argument("--json", action="store_true", help="print a JSON object instead of text")
     args = parser.parse_args(argv)
     if args.cmd == "verify-ledger":
         return _verify_file(args.path, args.pubkey)
     if args.cmd == "export-stix":
         return _export_stix(args.path, args.out)
+    if args.cmd == "check":
+        return _check(args.kind, args.content, args.source, args.args, args.json)
     return 1