yui-agent-policy 0.1.0__tar.gz

yui_agent_policy-0.1.0/.gitignore

@@ -0,0 +1,13 @@
+# Where: .gitignore
+# What: keep build/test artefacts and the local venv out of version control.
+# Why: agent-policy is a tiny pure-python package; nothing generated belongs in git.
+
+.venv/
+__pycache__/
+*.py[cod]
+*.egg-info/
+build/
+dist/
+.pytest_cache/
+.coverage
+htmlcov/

yui_agent_policy-0.1.0/.serena/.gitignore

@@ -0,0 +1,2 @@
+/cache
+/project.local.yml

yui_agent_policy-0.1.0/.serena/project.local.yml

@@ -0,0 +1,5 @@
+# This file allows you to locally override settings in project.yml for development purposes.
+#
+# Use the same keys as in project.yml here. Any setting you specify will override the corresponding
+# setting in project.yml, allowing you to customise the configuration for your local development environment
+# without affecting the project configuration in project.yml (which is intended to be versioned).

yui_agent_policy-0.1.0/.serena/project.yml

@@ -0,0 +1,152 @@
+# the name by which the project can be referenced within Serena
+project_name: "agent-policy"
+
+
+# list of languages for which language servers are started; choose from:
+#   al                  bash                clojure             cpp                 csharp
+#   csharp_omnisharp    dart                elixir              elm                 erlang
+#   fortran             fsharp              go                  groovy              haskell
+#   java                julia               kotlin              lua                 markdown
+#   matlab              nix                 pascal              perl                php
+#   php_phpactor        powershell          python              python_jedi         r
+#   rego                ruby                ruby_solargraph     rust                scala
+#   swift               terraform           toml                typescript          typescript_vts
+#   vue                 yaml                zig
+#   (This list may be outdated. For the current list, see values of Language enum here:
+#   https://github.com/oraios/serena/blob/main/src/solidlsp/ls_config.py
+#   For some languages, there are alternative language servers, e.g. csharp_omnisharp, ruby_solargraph.)
+# Note:
+#   - For C, use cpp
+#   - For JavaScript, use typescript
+#   - For Free Pascal/Lazarus, use pascal
+# Special requirements:
+#   Some languages require additional setup/installations.
+#   See here for details: https://oraios.github.io/serena/01-about/020_programming-languages.html#language-servers
+# When using multiple languages, the first language server that supports a given file will be used for that file.
+# The first language is the default language and the respective language server will be used as a fallback.
+# Note that when using the JetBrains backend, language servers are not used and this list is correspondingly ignored.
+languages:
+- python
+
+# the encoding used by text files in the project
+# For a list of possible encodings, see https://docs.python.org/3.11/library/codecs.html#standard-encodings
+encoding: "utf-8"
+
+# line ending convention to use when writing source files.
+# Possible values: unset (use global setting), "lf", "crlf", or "native" (platform default)
+# This does not affect Serena's own files (e.g. memories and configuration files), which always use native line endings.
+line_ending:
+
+# The language backend to use for this project.
+# If not set, the global setting from serena_config.yml is used.
+# Valid values: LSP, JetBrains
+# Note: the backend is fixed at startup. If a project with a different backend
+# is activated post-init, an error will be returned.
+language_backend:
+
+# whether to use project's .gitignore files to ignore files
+ignore_all_files_in_gitignore: true
+
+# advanced configuration option allowing to configure language server-specific options.
+# Maps the language key to the options.
+# Have a look at the docstring of the constructors of the LS implementations within solidlsp (e.g., for C# or PHP) to see which options are available.
+# No documentation on options means no options are available.
+ls_specific_settings: {}
+
+# list of additional paths to ignore in this project.
+# Same syntax as gitignore, so you can use * and **.
+# Note: global ignored_paths from serena_config.yml are also applied additively.
+ignored_paths: []
+
+# whether the project is in read-only mode
+# If set to true, all editing tools will be disabled and attempts to use them will result in an error
+# Added on 2025-04-18
+read_only: false
+
+# list of tool names to exclude.
+# This extends the existing exclusions (e.g. from the global configuration)
+#
+# Below is the complete list of tools for convenience.
+# To make sure you have the latest list of tools, and to view their descriptions, 
+# execute `uv run scripts/print_tool_overview.py`.
+#
+#  * `activate_project`: Activates a project by name.
+#  * `check_onboarding_performed`: Checks whether project onboarding was already performed.
+#  * `create_text_file`: Creates/overwrites a file in the project directory.
+#  * `delete_lines`: Deletes a range of lines within a file.
+#  * `delete_memory`: Deletes a memory from Serena's project-specific memory store.
+#  * `execute_shell_command`: Executes a shell command.
+#  * `find_referencing_code_snippets`: Finds code snippets in which the symbol at the given location is referenced.
+#  * `find_referencing_symbols`: Finds symbols that reference the symbol at the given location (optionally filtered by type).
+#  * `find_symbol`: Performs a global (or local) search for symbols with/containing a given name/substring (optionally filtered by type).
+#  * `get_current_config`: Prints the current configuration of the agent, including the active and available projects, tools, contexts, and modes.
+#  * `get_symbols_overview`: Gets an overview of the top-level symbols defined in a given file.
+#  * `initial_instructions`: Gets the initial instructions for the current project.
+#     Should only be used in settings where the system prompt cannot be set,
+#     e.g. in clients you have no control over, like Claude Desktop.
+#  * `insert_after_symbol`: Inserts content after the end of the definition of a given symbol.
+#  * `insert_at_line`: Inserts content at a given line in a file.
+#  * `insert_before_symbol`: Inserts content before the beginning of the definition of a given symbol.
+#  * `list_dir`: Lists files and directories in the given directory (optionally with recursion).
+#  * `list_memories`: Lists memories in Serena's project-specific memory store.
+#  * `onboarding`: Performs onboarding (identifying the project structure and essential tasks, e.g. for testing or building).
+#  * `prepare_for_new_conversation`: Provides instructions for preparing for a new conversation (in order to continue with the necessary context).
+#  * `read_file`: Reads a file within the project directory.
+#  * `read_memory`: Reads the memory with the given name from Serena's project-specific memory store.
+#  * `remove_project`: Removes a project from the Serena configuration.
+#  * `replace_lines`: Replaces a range of lines within a file with new content.
+#  * `replace_symbol_body`: Replaces the full definition of a symbol.
+#  * `restart_language_server`: Restarts the language server, may be necessary when edits not through Serena happen.
+#  * `search_for_pattern`: Performs a search for a pattern in the project.
+#  * `summarize_changes`: Provides instructions for summarizing the changes made to the codebase.
+#  * `switch_modes`: Activates modes by providing a list of their names
+#  * `think_about_collected_information`: Thinking tool for pondering the completeness of collected information.
+#  * `think_about_task_adherence`: Thinking tool for determining whether the agent is still on track with the current task.
+#  * `think_about_whether_you_are_done`: Thinking tool for determining whether the task is truly completed.
+#  * `write_memory`: Writes a named memory (for future reference) to Serena's project-specific memory store.
+excluded_tools: []
+
+# list of tools to include that would otherwise be disabled (particularly optional tools that are disabled by default).
+# This extends the existing inclusions (e.g. from the global configuration).
+included_optional_tools: []
+
+# fixed set of tools to use as the base tool set (if non-empty), replacing Serena's default set of tools.
+# This cannot be combined with non-empty excluded_tools or included_optional_tools.
+fixed_tools: []
+
+# list of mode names to that are always to be included in the set of active modes
+# The full set of modes to be activated is base_modes + default_modes.
+# If the setting is undefined, the base_modes from the global configuration (serena_config.yml) apply.
+# Otherwise, this setting overrides the global configuration.
+# Set this to [] to disable base modes for this project.
+# Set this to a list of mode names to always include the respective modes for this project.
+base_modes:
+
+# list of mode names that are to be activated by default.
+# The full set of modes to be activated is base_modes + default_modes.
+# If the setting is undefined, the default_modes from the global configuration (serena_config.yml) apply.
+# Otherwise, this overrides the setting from the global configuration (serena_config.yml).
+# This setting can, in turn, be overridden by CLI parameters (--mode).
+default_modes:
+
+# initial prompt for the project. It will always be given to the LLM upon activating the project
+# (contrary to the memories, which are loaded on demand).
+initial_prompt: ""
+
+# time budget (seconds) per tool call for the retrieval of additional symbol information
+# such as docstrings or parameter information.
+# This overrides the corresponding setting in the global configuration; see the documentation there.
+# If null or missing, use the setting from the global configuration.
+symbol_info_budget:
+
+# list of regex patterns which, when matched, mark a memory entry as read‑only.
+# Extends the list from the global configuration, merging the two lists.
+read_only_memory_patterns: []
+
+# list of regex patterns for memories to completely ignore.
+# Matching memories will not appear in list_memories or activate_project output
+# and cannot be accessed via read_memory or write_memory.
+# To access ignored memory files, use the read_file tool on the raw file path.
+# Extends the list from the global configuration, merging the two lists.
+# Example: ["_archive/.*", "_episodes/.*"]
+ignored_memory_patterns: []

yui_agent_policy-0.1.0/PKG-INFO

@@ -0,0 +1,202 @@
+Metadata-Version: 2.4
+Name: yui-agent-policy
+Version: 0.1.0
+Summary: Pure-function policy matrix evaluator for AI coding agents (repo x capability x context -> deny/require_approval/auto_allow).
+Project-URL: Repository, https://github.com/yui-stingray/agent-policy
+Project-URL: Issues, https://github.com/yui-stingray/agent-policy/issues
+Author: yui-stingray
+License-Expression: MIT
+Keywords: agent,ai-agents,governance,guardrails,policy
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Typing :: Typed
+Requires-Python: >=3.11
+Requires-Dist: pydantic>=2.0
+Provides-Extra: dev
+Requires-Dist: pytest-cov>=4; extra == 'dev'
+Requires-Dist: pytest<9,>=7; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# agent-policy
+
+> Pure-function policy matrix for AI coding agents.
+> Maps `(repo, capability, context)` to one of three modes:
+> `deny` / `require_approval` / `auto_allow`.
+
+**Status**: `0.1.0` alpha. The public API is frozen for v0.1; examples and
+hook/wrapper recipes will grow in v0.2.
+
+## Why
+
+AI coding agents (Claude Code, Codex, Aider, and friends) need a single
+place to answer one question, the same way, every time:
+
+> "The agent wants to do X in repo Y — should I let it?"
+
+`agent-policy` is that single place. It is deliberately tiny:
+
+- **One pure function** — `evaluate(policy, repo, capability, context)`.
+- **No I/O, no logging, no global state.** The evaluator does not touch
+  disk, network, or clocks. It is safe to call from a hook, a test, or a
+  long-running daemon.
+- **Fail-closed defaults.** A missing `default_mode` is `require_approval`,
+  unknown fields in policy files are rejected, and hard guardrails cannot
+  be overridden by repo policy.
+
+It does **not** parse shell commands, manage state, or send messages.
+Those belong in the wrapper layer that calls `evaluate`.
+
+## Install
+
+```bash
+pip install yui-agent-policy  # once published to PyPI
+```
+
+From a source checkout (until the PyPI release is live), install the
+package in editable mode so both the library and `examples/check.py` can
+resolve `import agent_policy`:
+
+```bash
+pip install -e .
+```
+
+Requires Python 3.11+ (uses stdlib `tomllib`). The only runtime dependency
+is `pydantic >= 2`.
+
+## Quick start
+
+```python
+from agent_policy import evaluate, PolicyMatrix, RepoPolicy
+
+policy = PolicyMatrix(
+    default_mode="require_approval",
+    repo_policy=[
+        RepoPolicy(
+            repo="acme/app",
+            ownership_class="internal",
+            capabilities={
+                "read": "auto_allow",
+                "commit": "auto_allow",
+                "push": "auto_allow",
+                "shell": "require_approval",
+            },
+        ),
+    ],
+)
+
+decision = evaluate(
+    policy,
+    repo="acme/app",
+    capability="commit",
+    context={"ownership_class": "internal"},
+)
+
+print(decision.mode)         # "auto_allow"
+print(decision.reason)       # "repo_policy"
+print(decision.matched_repo) # "acme/app"
+```
+
+Load the same policy from a TOML file:
+
+```python
+from agent_policy import evaluate, load_policy_file
+
+policy = load_policy_file("policy.toml")
+decision = evaluate(policy, repo="acme/app", capability="commit")
+```
+
+`evaluate` also accepts a plain `dict` in the same shape as `PolicyMatrix`,
+which is convenient for tests and one-off scripts.
+
+## Decision model
+
+Every call returns a frozen `PolicyDecision` with three fields:
+
+| Field          | Type                                       | Meaning                                      |
+|----------------|--------------------------------------------|----------------------------------------------|
+| `mode`         | `"deny" \| "require_approval" \| "auto_allow"` | What the caller should do.              |
+| `reason`       | `"hard_guardrail" \| "repo_policy" \| "default_mode" \| ...` | Which rule produced the decision. |
+| `matched_repo` | `str \| None`                              | The repo string that matched, or `None`.     |
+
+Decisions are evaluated in this order:
+
+1. **Hard guardrails** — cannot be overridden by repo policy.
+   - `push.force` → always `deny`.
+   - `merge.pr` → always `require_approval`.
+   - External `first_write_to_repo` on a **mutating** capability →
+     `require_approval`. Read is not blocked.
+2. **Repo policy match** — every `[[repo_policy]]` entry for the requested
+   repo is scanned (optionally gated by `ownership_class`). The first
+   entry that declares the capability wins. Splitting a repo's policy
+   across multiple entries is supported.
+3. **`default_mode` fallback** — used when no repo policy declares the
+   capability. Defaults to `require_approval` if unset.
+
+`HARD_GUARDRAILS` is exported as a constant so tooling can assert against
+it without importing private symbols.
+
+## Policy file format
+
+```toml
+# policy.toml
+default_mode = "require_approval"
+
+[[repo_policy]]
+repo = "acme/app"
+ownership_class = "internal"
+
+[repo_policy.capabilities]
+read = "auto_allow"
+commit = "auto_allow"
+push = "auto_allow"
+
+[[repo_policy]]
+repo = "acme/app"                # same repo, extra constraint
+[repo_policy.capabilities]
+shell = "require_approval"
+```
+
+Unknown top-level fields or typos inside `[[repo_policy]]` fail loudly
+with a `pydantic.ValidationError` — there is no silent degradation.
+
+## Wrapper pattern
+
+`agent-policy` deliberately does not know how to parse `git push --force`
+or a shell command line. The intended shape is:
+
+```
+           ┌────────────────────────┐
+agent ───▶ │ wrapper (hook / CLI)   │ ──▶ agent-policy.evaluate()
+           │  - normalize capability│         │
+           │  - build context       │         ▼
+           │  - act on decision     │   PolicyDecision
+           └────────────────────────┘
+```
+
+The wrapper owns: parsing the agent's intent, mapping it to one of the
+MVP capabilities (`read`, `write`, `commit`, `push`, `push.force`,
+`merge.pr`, `shell`), and executing whatever side effect the decision
+implies (block, prompt for approval, log and allow).
+
+A runnable minimal wrapper lives in [`examples/check.py`](examples/check.py).
+
+## Examples
+
+See [`examples/`](examples/). Runnable after installing the package
+(`pip install yui-agent-policy`, or `pip install -e .` from a source checkout):
+
+- `policy.toml` — a minimal fail-closed policy with two repos.
+- `check.py` — a tiny CLI wrapper that maps `PolicyDecision` to JSON on
+  stdout and a process exit code, suitable for PreToolUse hooks.
+
+## License
+
+MIT.

yui_agent_policy-0.1.0/README.md

@@ -0,0 +1,175 @@
+# agent-policy
+
+> Pure-function policy matrix for AI coding agents.
+> Maps `(repo, capability, context)` to one of three modes:
+> `deny` / `require_approval` / `auto_allow`.
+
+**Status**: `0.1.0` alpha. The public API is frozen for v0.1; examples and
+hook/wrapper recipes will grow in v0.2.
+
+## Why
+
+AI coding agents (Claude Code, Codex, Aider, and friends) need a single
+place to answer one question, the same way, every time:
+
+> "The agent wants to do X in repo Y — should I let it?"
+
+`agent-policy` is that single place. It is deliberately tiny:
+
+- **One pure function** — `evaluate(policy, repo, capability, context)`.
+- **No I/O, no logging, no global state.** The evaluator does not touch
+  disk, network, or clocks. It is safe to call from a hook, a test, or a
+  long-running daemon.
+- **Fail-closed defaults.** A missing `default_mode` is `require_approval`,
+  unknown fields in policy files are rejected, and hard guardrails cannot
+  be overridden by repo policy.
+
+It does **not** parse shell commands, manage state, or send messages.
+Those belong in the wrapper layer that calls `evaluate`.
+
+## Install
+
+```bash
+pip install yui-agent-policy  # once published to PyPI
+```
+
+From a source checkout (until the PyPI release is live), install the
+package in editable mode so both the library and `examples/check.py` can
+resolve `import agent_policy`:
+
+```bash
+pip install -e .
+```
+
+Requires Python 3.11+ (uses stdlib `tomllib`). The only runtime dependency
+is `pydantic >= 2`.
+
+## Quick start
+
+```python
+from agent_policy import evaluate, PolicyMatrix, RepoPolicy
+
+policy = PolicyMatrix(
+    default_mode="require_approval",
+    repo_policy=[
+        RepoPolicy(
+            repo="acme/app",
+            ownership_class="internal",
+            capabilities={
+                "read": "auto_allow",
+                "commit": "auto_allow",
+                "push": "auto_allow",
+                "shell": "require_approval",
+            },
+        ),
+    ],
+)
+
+decision = evaluate(
+    policy,
+    repo="acme/app",
+    capability="commit",
+    context={"ownership_class": "internal"},
+)
+
+print(decision.mode)         # "auto_allow"
+print(decision.reason)       # "repo_policy"
+print(decision.matched_repo) # "acme/app"
+```
+
+Load the same policy from a TOML file:
+
+```python
+from agent_policy import evaluate, load_policy_file
+
+policy = load_policy_file("policy.toml")
+decision = evaluate(policy, repo="acme/app", capability="commit")
+```
+
+`evaluate` also accepts a plain `dict` in the same shape as `PolicyMatrix`,
+which is convenient for tests and one-off scripts.
+
+## Decision model
+
+Every call returns a frozen `PolicyDecision` with three fields:
+
+| Field          | Type                                       | Meaning                                      |
+|----------------|--------------------------------------------|----------------------------------------------|
+| `mode`         | `"deny" \| "require_approval" \| "auto_allow"` | What the caller should do.              |
+| `reason`       | `"hard_guardrail" \| "repo_policy" \| "default_mode" \| ...` | Which rule produced the decision. |
+| `matched_repo` | `str \| None`                              | The repo string that matched, or `None`.     |
+
+Decisions are evaluated in this order:
+
+1. **Hard guardrails** — cannot be overridden by repo policy.
+   - `push.force` → always `deny`.
+   - `merge.pr` → always `require_approval`.
+   - External `first_write_to_repo` on a **mutating** capability →
+     `require_approval`. Read is not blocked.
+2. **Repo policy match** — every `[[repo_policy]]` entry for the requested
+   repo is scanned (optionally gated by `ownership_class`). The first
+   entry that declares the capability wins. Splitting a repo's policy
+   across multiple entries is supported.
+3. **`default_mode` fallback** — used when no repo policy declares the
+   capability. Defaults to `require_approval` if unset.
+
+`HARD_GUARDRAILS` is exported as a constant so tooling can assert against
+it without importing private symbols.
+
+## Policy file format
+
+```toml
+# policy.toml
+default_mode = "require_approval"
+
+[[repo_policy]]
+repo = "acme/app"
+ownership_class = "internal"
+
+[repo_policy.capabilities]
+read = "auto_allow"
+commit = "auto_allow"
+push = "auto_allow"
+
+[[repo_policy]]
+repo = "acme/app"                # same repo, extra constraint
+[repo_policy.capabilities]
+shell = "require_approval"
+```
+
+Unknown top-level fields or typos inside `[[repo_policy]]` fail loudly
+with a `pydantic.ValidationError` — there is no silent degradation.
+
+## Wrapper pattern
+
+`agent-policy` deliberately does not know how to parse `git push --force`
+or a shell command line. The intended shape is:
+
+```
+           ┌────────────────────────┐
+agent ───▶ │ wrapper (hook / CLI)   │ ──▶ agent-policy.evaluate()
+           │  - normalize capability│         │
+           │  - build context       │         ▼
+           │  - act on decision     │   PolicyDecision
+           └────────────────────────┘
+```
+
+The wrapper owns: parsing the agent's intent, mapping it to one of the
+MVP capabilities (`read`, `write`, `commit`, `push`, `push.force`,
+`merge.pr`, `shell`), and executing whatever side effect the decision
+implies (block, prompt for approval, log and allow).
+
+A runnable minimal wrapper lives in [`examples/check.py`](examples/check.py).
+
+## Examples
+
+See [`examples/`](examples/). Runnable after installing the package
+(`pip install yui-agent-policy`, or `pip install -e .` from a source checkout):
+
+- `policy.toml` — a minimal fail-closed policy with two repos.
+- `check.py` — a tiny CLI wrapper that maps `PolicyDecision` to JSON on
+  stdout and a process exit code, suitable for PreToolUse hooks.
+
+## License
+
+MIT.