waveframe-guard 0.1.0__tar.gz

waveframe_guard-0.1.0/LICENSE

@@ -0,0 +1,7 @@
+Copyright (c) 2026 Waveframe Labs
+
+All rights reserved.
+
+This software is proprietary and confidential.
+
+No part of this software may be used, copied, modified, distributed, or sublicensed without explicit permission from Waveframe Labs.

waveframe_guard-0.1.0/PKG-INFO

@@ -0,0 +1,190 @@
+Metadata-Version: 2.4
+Name: waveframe-guard
+Version: 0.1.0
+Summary: Stop unsafe AI actions before they execute
+Author-email: Shawn Wright <swright@waveframelabs.org>
+License: Proprietary
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cricore
+Dynamic: license-file
+
+# Waveframe Guard
+
+Deterministic execution control for AI agents.
+
+Stop unauthorized AI actions—from rogue financial transfers to unapproved budget reallocations—in a single function call.
+
+Prevent costly mistakes before they hit production systems.
+
+---
+
+## The execution boundary
+
+Most AI governance tools act as monitors: they log, flag, and alert after a mistake has already happened.
+
+Waveframe Guard sits directly at the execution boundary. It evaluates every proposed action before it ever reaches your backend or mutates state.
+
+The evaluation is deterministic and the result is binary:
+
+- **Allowed** → execution proceeds seamlessly  
+- **Blocked** → execution is stopped before it reaches your system  
+
+No warnings. No post-hoc analysis. The action either happens, or it doesn’t.
+
+---
+
+## A drop-in execution gate
+
+Integrate Waveframe Guard into your workflow in minutes.
+
+Initialize the SDK with your compiled governance policy, pass the proposed AI action, and let Guard handle the evaluation.
+
+```python
+from waveframe_guard import WaveframeGuard
+
+guard = WaveframeGuard(policy="finance-policy.json")
+
+
+def execute_transfer(action):
+    return {
+        "status": "executed",
+        "details": action
+    }
+
+
+def process_ai_action(action, actor, context=None):
+    decision = guard.execute(
+        action=action,
+        actor=actor,
+        context=context
+    )
+
+    if decision["allowed"]:
+        return execute_transfer(action)
+    else:
+        return {
+            "status": "blocked",
+            "reason": decision["reason"]
+        }
+
+
+result = process_ai_action(
+    action={"type": "transfer", "amount": 5000},
+    actor="ai-agent",
+    context={"approved_by": "human-123"}
+)
+
+print(result)
+````
+
+Waveframe Guard does not execute actions.
+
+It decides whether execution is allowed.
+
+---
+
+## Predictable, standardized outputs
+
+Guard returns a strict, predictable response so your application can route logic deterministically.
+
+**Authorized attempt:**
+
+```json
+{
+  "allowed": true,
+  "reason": "Allowed: execution permitted"
+}
+```
+
+---
+
+**Unauthorized attempt (missing approval):**
+
+```json
+{
+  "allowed": false,
+  "reason": "Blocked: approval required (no approver provided)"
+}
+```
+
+---
+
+## Built for financial-grade governance
+
+Waveframe Guard is designed for high-stakes autonomous systems.
+
+* **Separation of duties**
+  The actor proposing an action cannot approve it.
+
+* **Approval requirements**
+  Human authorization is required for sensitive actions.
+
+* **Action-level constraints**
+  Define exactly what an agent is allowed to do.
+
+* **No state stored**
+  Your system remains in full control.
+
+---
+
+## Clear boundaries
+
+Waveframe Guard focuses on one responsibility:
+
+👉 deciding whether an action can execute
+
+It does not:
+
+* run workflows
+* manage approvals
+* store policies
+* maintain system state
+
+---
+
+## Getting started
+
+Waveframe Guard is in active development, focused on financial governance and autonomous agent control.
+
+### Local installation
+
+```bash
+pip install -e .
+```
+
+*(PyPI release coming soon)*
+
+---
+
+### Run the example
+
+```bash
+python examples/finance_usage.py
+```
+
+---
+
+## Policy
+
+Policies represent compiled governance rules.
+
+```python
+guard = WaveframeGuard(policy="finance-policy.json")
+```
+
+These rules define:
+
+* who can approve actions
+* what actions require approval
+* role separation requirements
+
+---
+
+<div align="center">
+  <sub><b>Proprietary / Commercial License (Pending)</b></sub>
+  <br>
+  <sub>© 2026 Waveframe Labs</sub>
+</div>
+

waveframe_guard-0.1.0/README.md

@@ -0,0 +1,178 @@
+# Waveframe Guard
+
+Deterministic execution control for AI agents.
+
+Stop unauthorized AI actions—from rogue financial transfers to unapproved budget reallocations—in a single function call.
+
+Prevent costly mistakes before they hit production systems.
+
+---
+
+## The execution boundary
+
+Most AI governance tools act as monitors: they log, flag, and alert after a mistake has already happened.
+
+Waveframe Guard sits directly at the execution boundary. It evaluates every proposed action before it ever reaches your backend or mutates state.
+
+The evaluation is deterministic and the result is binary:
+
+- **Allowed** → execution proceeds seamlessly  
+- **Blocked** → execution is stopped before it reaches your system  
+
+No warnings. No post-hoc analysis. The action either happens, or it doesn’t.
+
+---
+
+## A drop-in execution gate
+
+Integrate Waveframe Guard into your workflow in minutes.
+
+Initialize the SDK with your compiled governance policy, pass the proposed AI action, and let Guard handle the evaluation.
+
+```python
+from waveframe_guard import WaveframeGuard
+
+guard = WaveframeGuard(policy="finance-policy.json")
+
+
+def execute_transfer(action):
+    return {
+        "status": "executed",
+        "details": action
+    }
+
+
+def process_ai_action(action, actor, context=None):
+    decision = guard.execute(
+        action=action,
+        actor=actor,
+        context=context
+    )
+
+    if decision["allowed"]:
+        return execute_transfer(action)
+    else:
+        return {
+            "status": "blocked",
+            "reason": decision["reason"]
+        }
+
+
+result = process_ai_action(
+    action={"type": "transfer", "amount": 5000},
+    actor="ai-agent",
+    context={"approved_by": "human-123"}
+)
+
+print(result)
+````
+
+Waveframe Guard does not execute actions.
+
+It decides whether execution is allowed.
+
+---
+
+## Predictable, standardized outputs
+
+Guard returns a strict, predictable response so your application can route logic deterministically.
+
+**Authorized attempt:**
+
+```json
+{
+  "allowed": true,
+  "reason": "Allowed: execution permitted"
+}
+```
+
+---
+
+**Unauthorized attempt (missing approval):**
+
+```json
+{
+  "allowed": false,
+  "reason": "Blocked: approval required (no approver provided)"
+}
+```
+
+---
+
+## Built for financial-grade governance
+
+Waveframe Guard is designed for high-stakes autonomous systems.
+
+* **Separation of duties**
+  The actor proposing an action cannot approve it.
+
+* **Approval requirements**
+  Human authorization is required for sensitive actions.
+
+* **Action-level constraints**
+  Define exactly what an agent is allowed to do.
+
+* **No state stored**
+  Your system remains in full control.
+
+---
+
+## Clear boundaries
+
+Waveframe Guard focuses on one responsibility:
+
+👉 deciding whether an action can execute
+
+It does not:
+
+* run workflows
+* manage approvals
+* store policies
+* maintain system state
+
+---
+
+## Getting started
+
+Waveframe Guard is in active development, focused on financial governance and autonomous agent control.
+
+### Local installation
+
+```bash
+pip install -e .
+```
+
+*(PyPI release coming soon)*
+
+---
+
+### Run the example
+
+```bash
+python examples/finance_usage.py
+```
+
+---
+
+## Policy
+
+Policies represent compiled governance rules.
+
+```python
+guard = WaveframeGuard(policy="finance-policy.json")
+```
+
+These rules define:
+
+* who can approve actions
+* what actions require approval
+* role separation requirements
+
+---
+
+<div align="center">
+  <sub><b>Proprietary / Commercial License (Pending)</b></sub>
+  <br>
+  <sub>© 2026 Waveframe Labs</sub>
+</div>
+

waveframe_guard-0.1.0/examples/finance_usage.py

@@ -0,0 +1,121 @@
+"""
+Waveframe Guard — Production Usage Example
+
+This shows how a backend service would use Waveframe Guard
+to evaluate AI-generated financial actions BEFORE execution.
+
+Run:
+    python examples/finance_usage.py
+"""
+
+from waveframe_guard import WaveframeGuard
+
+
+# --------------------------------------------------
+# Load compiled governance policy
+# --------------------------------------------------
+
+# In production, this would come from a file or config system
+policy = "finance-policy.json"
+
+guard = WaveframeGuard(policy=policy)
+
+
+# --------------------------------------------------
+# Simulated execution layer (your actual system)
+# --------------------------------------------------
+
+def execute_transfer(action: dict):
+    """
+    This represents your real system performing the action.
+    Only called if guard allows execution.
+    """
+    return {
+        "status": "executed",
+        "details": action
+    }
+
+
+# --------------------------------------------------
+# Core evaluation wrapper
+# --------------------------------------------------
+
+def process_action(action: dict, actor: str, context: dict | None = None):
+    """
+    Standard pattern:
+
+    1. Evaluate with Waveframe Guard
+    2. If allowed → execute
+    3. If blocked → stop
+    """
+
+    decision = guard.execute(
+        action=action,
+        actor=actor,
+        context=context
+    )
+
+    if not decision["allowed"]:
+        return {
+            "status": "blocked",
+            "reason": decision["reason"]
+        }
+
+    result = execute_transfer(action)
+
+    return {
+        "status": "executed",
+        "result": result
+    }
+
+
+# --------------------------------------------------
+# Example scenarios (real-world style)
+# --------------------------------------------------
+
+def main():
+
+    print("\n--- Scenario 1: Missing approval ---")
+
+    result_1 = process_action(
+        action={"type": "transfer", "amount": 5000},
+        actor="ai-agent"
+    )
+
+    print(result_1)
+
+
+    print("\n--- Scenario 2: Invalid approval (same actor) ---")
+
+    result_2 = process_action(
+        action={"type": "transfer", "amount": 5000},
+        actor="ai-agent",
+        context={"approved_by": "ai-agent"}
+    )
+
+    print(result_2)
+
+
+    print("\n--- Scenario 3: Valid approval ---")
+
+    result_3 = process_action(
+        action={"type": "transfer", "amount": 5000},
+        actor="ai-agent",
+        context={"approved_by": "human-123"}
+    )
+
+    print(result_3)
+
+
+    print("\n--- Scenario 4: Read-only action ---")
+
+    result_4 = process_action(
+        action={"type": "get_balance"},
+        actor="ai-agent"
+    )
+
+    print(result_4)
+
+
+if __name__ == "__main__":
+    main()

waveframe_guard-0.1.0/pyproject.toml

@@ -0,0 +1,23 @@
+[build-system]
+requires = ["setuptools>=61.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "waveframe-guard"
+version = "0.1.0"
+description = "Stop unsafe AI actions before they execute"
+authors = [
+    { name = "Shawn Wright", email = "swright@waveframelabs.org" }
+]
+readme = "README.md"
+requires-python = ">=3.10"
+
+# 🔒 Proprietary license
+license = { text = "Proprietary" }
+
+dependencies = [
+    "cricore"
+]
+
+[tool.setuptools.packages.find]
+where = ["."]

waveframe_guard-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

waveframe_guard-0.1.0/waveframe_guard/__init__.py

@@ -0,0 +1,13 @@
+"""
+Waveframe Guard — Public API
+
+This module exposes the primary SDK interface.
+
+Users should only need to import from here:
+
+    from waveframe_guard import WaveframeGuard
+"""
+
+from .client import WaveframeGuard
+
+__all__ = ["WaveframeGuard"]

waveframe_guard-0.1.0/waveframe_guard/client.py

@@ -0,0 +1,279 @@
+from __future__ import annotations
+
+from pathlib import Path
+from typing import Any, Dict, Optional
+import json
+import tempfile
+import uuid
+
+from compiler.compile_policy_file import compile_policy_file
+from proposal_normalizer import build_proposal
+from cricore.interface.evaluate_proposal import evaluate_proposal
+
+
+class WaveframeGuard:
+    """
+    Waveframe Guard
+
+    Product-facing SDK that evaluates whether an AI-generated action
+    is allowed to execute using CRI-CORE enforcement.
+    """
+
+    def __init__(self, policy: Any):
+        self.policy_path = self._resolve_policy_path(policy)
+        self.raw_policy = self._load_policy_json(self.policy_path)
+        self.compiled_contract = self._compile_policy(self.policy_path)
+
+    # --------------------------------------------------
+    # Public API
+    # --------------------------------------------------
+
+    def execute(
+        self,
+        action: Dict[str, Any],
+        actor: str,
+        context: Optional[Dict[str, Any]] = None,
+    ) -> Dict[str, Any]:
+
+        # -----------------------------
+        # Input validation
+        # -----------------------------
+
+        if not isinstance(action, dict):
+            return {
+                "allowed": False,
+                "reason": "Invalid request: action must be a dictionary",
+            }
+
+        if "type" not in action:
+            return {
+                "allowed": False,
+                "reason": "Invalid request: action must include a 'type' field",
+            }
+
+        if context is not None and not isinstance(context, dict):
+            return {
+                "allowed": False,
+                "reason": "Invalid request: context must be a dictionary",
+            }
+
+        context = context or {}
+        action_type = action["type"]
+        approved_by = context.get("approved_by")
+
+        # -----------------------------
+        # Read policy rules
+        # -----------------------------
+
+        rules = self.raw_policy.get("rules", {})
+        action_rules = rules.get(action_type, {})
+
+        requires_approval = action_rules.get("requires_approval", False)
+        read_only = action_rules.get("read_only", False)
+
+        # -----------------------------
+        # Read-only shortcut
+        # -----------------------------
+
+        if read_only:
+            return {
+                "allowed": True,
+                "reason": "Allowed: read-only action",
+            }
+
+        # -----------------------------
+        # Approval enforcement
+        # -----------------------------
+
+        if requires_approval:
+
+            if not approved_by:
+                return {
+                    "allowed": False,
+                    "reason": "Blocked: approval required (no approver provided)",
+                }
+
+            if approved_by == actor:
+                return {
+                    "allowed": False,
+                    "reason": "Blocked: separation of duties violated (proposer cannot approve)",
+                }
+
+        # -----------------------------
+        # Normalize action → mutation
+        # -----------------------------
+
+        mutation = self._normalize_action(action)
+
+        # -----------------------------
+        # Build run_context
+        # -----------------------------
+
+        run_context = self._build_run_context(
+            actor=actor,
+            approved_by=approved_by,
+        )
+
+        # -----------------------------
+        # Build proposal
+        # -----------------------------
+
+        try:
+            proposal = build_proposal(
+                proposal_id=str(uuid.uuid4()),
+                actor={"id": actor, "type": "agent"},
+                artifact_paths=[],
+                mutation=mutation,
+                contract=self._proposal_contract_binding(self.compiled_contract),
+                run_context=run_context,
+            )
+        except Exception:
+            return {
+                "allowed": False,
+                "reason": "Blocked: proposal construction failed",
+            }
+
+        # -----------------------------
+        # Evaluate with CRI-CORE
+        # -----------------------------
+
+        try:
+            result = evaluate_proposal(proposal, self.compiled_contract)
+        except Exception:
+            return {
+                "allowed": False,
+                "reason": "Blocked: enforcement execution failed",
+            }
+
+        # -----------------------------
+        # Translate result
+        # -----------------------------
+
+        if getattr(result, "commit_allowed", False):
+            return {
+                "allowed": True,
+                "reason": "Allowed: execution permitted",
+            }
+
+        return {
+            "allowed": False,
+            "reason": self._extract_reason(result),
+        }
+
+    # --------------------------------------------------
+    # Internal helpers
+    # --------------------------------------------------
+
+    def _resolve_policy_path(self, policy: Any) -> Path:
+        if isinstance(policy, str):
+            path = Path(policy)
+            if not path.exists():
+                raise FileNotFoundError(f"Policy file not found: {policy}")
+            return path
+
+        if isinstance(policy, dict):
+            temp_file = tempfile.NamedTemporaryFile(delete=False, suffix=".json")
+            temp_path = Path(temp_file.name)
+            temp_file.close()
+            temp_path.write_text(json.dumps(policy), encoding="utf-8")
+            return temp_path
+
+        raise ValueError("Policy must be a file path or dictionary")
+
+    def _load_policy_json(self, policy_path: Path) -> Dict[str, Any]:
+        with policy_path.open("r", encoding="utf-8") as f:
+            return json.load(f)
+
+    def _compile_policy(self, policy_path: Path) -> Dict[str, Any]:
+        temp_output = tempfile.NamedTemporaryFile(delete=False, suffix=".json")
+        output_path = Path(temp_output.name)
+        temp_output.close()
+
+        compiled_path = compile_policy_file(policy_path, output_path)
+
+        with Path(compiled_path).open("r", encoding="utf-8") as f:
+            return json.load(f)
+
+    def _proposal_contract_binding(self, compiled_contract: Dict[str, Any]) -> Dict[str, Any]:
+        return {
+            "id": compiled_contract["contract_id"],
+            "version": compiled_contract["contract_version"],
+            "hash": compiled_contract["contract_hash"],
+        }
+
+    def _normalize_action(self, action: Dict[str, Any]) -> Dict[str, Any]:
+        action_type = action["type"]
+
+        if action_type == "transfer":
+            return {
+                "domain": "finance",
+                "resource": "funds",
+                "action": "transfer",
+            }
+
+        if action_type == "get_balance":
+            return {
+                "domain": "finance",
+                "resource": "account",
+                "action": "read",
+            }
+
+        return {
+            "domain": "general",
+            "resource": "unknown",
+            "action": action_type,
+        }
+
+    def _build_run_context(
+        self,
+        actor: str,
+        approved_by: Optional[str],
+    ) -> Dict[str, Any]:
+
+        actors = [
+            {
+                "id": actor,
+                "type": "agent",
+                "role": "proposer",
+            }
+        ]
+
+        if approved_by:
+            actors.append(
+                {
+                    "id": approved_by,
+                    "type": "human",
+                    "role": "approver",
+                }
+            )
+
+        return {
+            "identities": {
+                "actors": actors,
+                "required_roles": ["proposer", "approver"],
+                "conflict_flags": {},
+            },
+            "integrity": {},
+            "publication": {},
+        }
+
+    def _extract_reason(self, result: Any) -> str:
+        failed_stages = getattr(result, "failed_stages", None)
+        summary = getattr(result, "summary", None)
+
+        if not failed_stages:
+            return summary or "Blocked: policy violation"
+
+        if "independence" in failed_stages:
+            return "Blocked: separation of duties violated (proposer cannot approve)"
+
+        if "publication-commit" in failed_stages:
+            return "Blocked: approval required (no approver provided)"
+
+        if "integrity" in failed_stages:
+            return "Blocked: required execution data missing"
+
+        if "publication" in failed_stages:
+            return "Blocked: execution context incomplete"
+
+        return summary or "Blocked: policy violation"

waveframe_guard-0.1.0/waveframe_guard.egg-info/PKG-INFO

@@ -0,0 +1,190 @@
+Metadata-Version: 2.4
+Name: waveframe-guard
+Version: 0.1.0
+Summary: Stop unsafe AI actions before they execute
+Author-email: Shawn Wright <swright@waveframelabs.org>
+License: Proprietary
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cricore
+Dynamic: license-file
+
+# Waveframe Guard
+
+Deterministic execution control for AI agents.
+
+Stop unauthorized AI actions—from rogue financial transfers to unapproved budget reallocations—in a single function call.
+
+Prevent costly mistakes before they hit production systems.
+
+---
+
+## The execution boundary
+
+Most AI governance tools act as monitors: they log, flag, and alert after a mistake has already happened.
+
+Waveframe Guard sits directly at the execution boundary. It evaluates every proposed action before it ever reaches your backend or mutates state.
+
+The evaluation is deterministic and the result is binary:
+
+- **Allowed** → execution proceeds seamlessly  
+- **Blocked** → execution is stopped before it reaches your system  
+
+No warnings. No post-hoc analysis. The action either happens, or it doesn’t.
+
+---
+
+## A drop-in execution gate
+
+Integrate Waveframe Guard into your workflow in minutes.
+
+Initialize the SDK with your compiled governance policy, pass the proposed AI action, and let Guard handle the evaluation.
+
+```python
+from waveframe_guard import WaveframeGuard
+
+guard = WaveframeGuard(policy="finance-policy.json")
+
+
+def execute_transfer(action):
+    return {
+        "status": "executed",
+        "details": action
+    }
+
+
+def process_ai_action(action, actor, context=None):
+    decision = guard.execute(
+        action=action,
+        actor=actor,
+        context=context
+    )
+
+    if decision["allowed"]:
+        return execute_transfer(action)
+    else:
+        return {
+            "status": "blocked",
+            "reason": decision["reason"]
+        }
+
+
+result = process_ai_action(
+    action={"type": "transfer", "amount": 5000},
+    actor="ai-agent",
+    context={"approved_by": "human-123"}
+)
+
+print(result)
+````
+
+Waveframe Guard does not execute actions.
+
+It decides whether execution is allowed.
+
+---
+
+## Predictable, standardized outputs
+
+Guard returns a strict, predictable response so your application can route logic deterministically.
+
+**Authorized attempt:**
+
+```json
+{
+  "allowed": true,
+  "reason": "Allowed: execution permitted"
+}
+```
+
+---
+
+**Unauthorized attempt (missing approval):**
+
+```json
+{
+  "allowed": false,
+  "reason": "Blocked: approval required (no approver provided)"
+}
+```
+
+---
+
+## Built for financial-grade governance
+
+Waveframe Guard is designed for high-stakes autonomous systems.
+
+* **Separation of duties**
+  The actor proposing an action cannot approve it.
+
+* **Approval requirements**
+  Human authorization is required for sensitive actions.
+
+* **Action-level constraints**
+  Define exactly what an agent is allowed to do.
+
+* **No state stored**
+  Your system remains in full control.
+
+---
+
+## Clear boundaries
+
+Waveframe Guard focuses on one responsibility:
+
+👉 deciding whether an action can execute
+
+It does not:
+
+* run workflows
+* manage approvals
+* store policies
+* maintain system state
+
+---
+
+## Getting started
+
+Waveframe Guard is in active development, focused on financial governance and autonomous agent control.
+
+### Local installation
+
+```bash
+pip install -e .
+```
+
+*(PyPI release coming soon)*
+
+---
+
+### Run the example
+
+```bash
+python examples/finance_usage.py
+```
+
+---
+
+## Policy
+
+Policies represent compiled governance rules.
+
+```python
+guard = WaveframeGuard(policy="finance-policy.json")
+```
+
+These rules define:
+
+* who can approve actions
+* what actions require approval
+* role separation requirements
+
+---
+
+<div align="center">
+  <sub><b>Proprietary / Commercial License (Pending)</b></sub>
+  <br>
+  <sub>© 2026 Waveframe Labs</sub>
+</div>
+

waveframe_guard-0.1.0/waveframe_guard.egg-info/SOURCES.txt

@@ -0,0 +1,11 @@
+LICENSE
+README.md
+pyproject.toml
+examples/finance_usage.py
+waveframe_guard/__init__.py
+waveframe_guard/client.py
+waveframe_guard.egg-info/PKG-INFO
+waveframe_guard.egg-info/SOURCES.txt
+waveframe_guard.egg-info/dependency_links.txt
+waveframe_guard.egg-info/requires.txt
+waveframe_guard.egg-info/top_level.txt

waveframe_guard-0.1.0/waveframe_guard.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

waveframe_guard-0.1.0/waveframe_guard.egg-info/requires.txt

@@ -0,0 +1 @@
+cricore

waveframe_guard-0.1.0/waveframe_guard.egg-info/top_level.txt

@@ -0,0 +1,4 @@
+build
+dist
+examples
+waveframe_guard