Production-grade Python bindings for the Calybris deterministic decision and audit core
Project description
Calybris Core
Deterministic, auditable decision primitive for high-stakes routing & guardrails.
Given a frozen catalog, a policy snapshot, and a typed request, Calybris returns one action plus an audit bundle that replays to the same answer.
catalog + policy + request -> decision + audit bundle
Integer-only Rust hot path. No hosted dependency. No unsafe in project code.
What is this?
Calybris is a proof-carrying decision kernel: not an OMS, not an LLM gateway, not a matching engine. You bring the catalog (suppliers, models, venues); the kernel evaluates hard constraints, picks the best eligible candidate, and emits digests you can replay and verify offline.
Same primitive, different adapters: supplier routing, model routing, and pre-trade admission are reference mappings onto one API, not three products.
When to use / when not to
| Use Calybris when... | Do not use it for... |
|---|---|
| Decisions must be deterministic and replay-auditable | Inventory, WMS, label printing, carrier booking |
| You need hard gates (budget, risk, latency, region, capability) in your control plane | A hosted routing API or managed decision service |
| Post-mortems and compliance need proof bundles, not log grep | Live market data, order matching, exchange connectivity |
Stability model
| Layer | Status | Notes |
|---|---|---|
calybris-core (Rust) |
Stable | crates.io: this is the contract |
calybris (Python) |
Production-capable / pre-1.0 API | First-class PyO3 surface for decisions, signed policy provenance, state proofs, receipts, keyed WAL, anchors, and replay |
calybris_commerce (Python) |
Experimental / pre-1.0 | Thicker adapter (orders, suppliers, batch routing), still calls the same Rust kernel; API may change |
Rust still owns correctness and replay semantics; Python calls those exact Rust implementations rather than reimplementing security-sensitive logic. Starting with 0.5.5, the core Python package exposes the production trust boundary and is tested as an installed abi3 wheel. The Python API remains pre-1.0, so pin minor versions even though its runtime integrity guarantees match the Rust core.
Quickstart (~5 minutes)
git clone https://github.com/emirhuseynrmx/calybris-core.git
cd calybris-core
cargo run --example quickstart
That example builds a two-model policy, prescribes one request, verifies replay, and prints an audit bundle. For Python:
pip install maturin pydantic
maturin develop --release
python bindings/python/examples/quickstart.py
What gets proved
Calybris can bind the full decision path:
policy digest + input digest + decision digest + replay result
Since 0.5.0 the proof format is a written contract, not an implementation
detail: docs/CALY_PROOF.md specifies every digest and
chain byte-exactly, golden vectors pin them across versions and platforms, and
the bundled calybris-verify CLI lets an auditor check a decision trail:
chain integrity, digests, and full kernel replay against a policy artifact
without running your engine.
cargo install calybris-core # ships the calybris-verify binary
calybris-verify chain decisions.wal.jsonl
calybris-verify chain decisions.wal.jsonl --anchor trusted-head.json
calybris-verify audit decisions.wal.jsonl --policy policy.json
0.5.5 hardens the production trust boundary:
receiptbinds the decision, state evidence, WAL position, and optional Ed25519 receipt signer into one canonical claims digest.WalAnchordetects clean suffix truncation when the trusted head is stored outside the WAL file.- Sync and async WAL writers enforce one active writer per file.
- Keyed WAL APIs reject HMAC keys shorter than 32 bytes.
prescribe_checkedand checked batch/trace APIs validate untrusted Rust inputs.- Python exposes the same signed policies, state-chain transitions, decision receipts, keyed audited WAL, durable anchors, and replay verification.
0.5.0 adds:
state— recordstate_digest_before/afterper decision;verify_trajectoryrejects dropped, reordered, or forged transitions in a sequence.provenance(feature) — bind a policy digest to an Ed25519 signer and timestamp, non-transferable across policies.certificate— bind the audit bundle, state trajectory, WAL position, and signer into one fail-closed envelope.- Golden and conformance vectors pin the byte-exact contract, so an independent reimplementation can prove itself against a fixed reference.
The verification path builds for wasm32-unknown-unknown
(--no-default-features).
docs/THREAT_MODEL.md is explicit about scope: the system proves trail integrity, not confidentiality, policy quality, or input truth.
Architecture at a glance
| Module | Role |
|---|---|
kernel |
Integer-only decision kernel (~115 ns/decision); prescribe, prescribe_with_trace for per-constraint rejection counts |
digest |
Canonical tagged byte digests — policy / input / decision / ledger / state |
verify |
Full replay verification and audit bundles; fail-closed verified_audit_bundle |
certificate |
Compatibility envelope for 0.5.0 certificate artifacts |
receipt |
Canonical claims digest + optional signature binding decision, state, and WAL evidence (0.5.5) |
state |
Domain-state digest trajectories; verify_trajectory rejects dropped/reordered/forged steps (0.5.0) |
provenance |
Ed25519-signed policies, domain-separated (0.5.0, feature) |
wal |
Hash-chained WAL; keyed HMAC, trusted head anchors, and single-writer enforcement |
budget |
CAS reserve/commit/release; remaining + reserved + committed == initial (Loom + Miri) |
finance |
Ledger digests, conservation proofs and certificates |
proof |
ProofEnvelope: policy + input + decision digests + WAL position + budget proof |
builder / config |
Hard-to-misuse constructors with validation |
persistence |
fsync-backed snapshot save/load, crash recovery_plan |
async_wal / instrument |
Tokio WAL (feature async), tracing spans (feature observability) |
Ships a calybris-verify auditor CLI (chain / audit / policy, --json) so a
third party can verify a decision trail without running your engine.
Install
# Rust (stable surface)
cargo add calybris-core
# Python (production-capable core binding; pre-1.0 API)
pip install calybris
Local Python build: maturin develop --release or see docs/PYTHON.md.
Examples & adapters
Reference integrations that map domain objects onto the kernel:
| Question | Rust | Python |
|---|---|---|
| Which model/provider? | cargo run --example llm_routing |
quickstart.py, batch_routing.py |
| Which venue admits an order? | cargo run --example pretrade_guard |
pretrade_budget_guard.py |
| Which supplier fulfills? | - | orion_market.py, novamart_benchmark.py |
Full command list and code samples: docs/ADAPTERS.md
Performance
CodSpeed CI (Linux x86_64, release): ~8.6M prescribe/sec, ~115 ns/decision,
22-model synthetic catalog. Hardware and workload dependent — provenance and a
reproduction recipe are in docs/BENCHMARKS.md; run
cargo bench --bench kernel_bench on your own hardware.
0.5.5 also carries a release-blocking production torture suite covering a 64-model checked kernel, state trajectories, signed receipts, keyed audited WAL, suffix-truncation detection, contended budgets, and a 25,000-tenant ledger.
Security posture
#![forbid(unsafe_code)]— nounsafein project code.- Fail-closed audit boundaries:
verified_audit_bundle/append_verified_auditedrefuse to emit or log a decision that does not replay exactly. - Tamper-evident WAL: SHA-256 hash chain, optional HMAC-SHA256 with constant-time
comparison (
subtle). - Trusted
WalAnchorverification detects a cleanly removed WAL suffix; the hash chain alone validates only the records still present. - Anchored recovery APIs refuse to build a recovery plan from a valid but incomplete WAL prefix.
visit_verified_wal*streams verified entries, so CLI audit and recovery planning do not retain the complete log in memory.- Signed decision receipts bind optional state and WAL evidence to the exact replay-verified decision.
- Ed25519-signed policy provenance, domain-separated so a signature is non-transferable across policies, signers, and timestamps (0.5.0).
- Byte-exact proof contract (docs/CALY_PROOF.md) locked by golden + conformance vectors and cross-checked in Rust and Python (0.5.0).
- Concurrency and UB: 7 Loom exhaustive interleavings on budget ops; Miri on nightly for the library tests.
- Security CI: Semgrep Rust/Python/secrets/security-audit,
cargo-audit, andcargo-deny; feature matrix covers default / no-default / async / full. - Documented boundaries: docs/THREAT_MODEL.md (what it does not guarantee) and docs/KEY_MANAGEMENT.md (key custody and rotation).
Deployment security remains the caller's job: key storage, tenant isolation, inventory/capacity freshness, and an external audit.
Deep dive
| Doc | Contents |
|---|---|
| docs/AUDIT_GUIDE.md | Module map, audit commands, external review checklist |
| docs/CALY_PROOF.md | CALY-PROOF v1 digest and proof contract |
| docs/THREAT_MODEL.md | Assets, trust boundaries, attackers |
| docs/KEY_MANAGEMENT.md | HMAC / Ed25519 key custody and rotation |
| docs/BENCHMARKS.md | Throughput provenance and reproduction |
| docs/SECURITY_INVARIANTS.md | Invariants I1-I10 and test mapping |
| docs/MIRI.md | UB detection scope in CI |
| docs/PYTHON.md | Python wrappers vs Rust core, commerce API notes |
| SECURITY.md | Vulnerability reporting, supported versions |
| CONTRIBUTING.md | Dev setup, test gate, PR expectations |
License
Apache-2.0. See LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file calybris-0.5.5.tar.gz.
File metadata
- Download URL: calybris-0.5.5.tar.gz
- Upload date:
- Size: 198.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c248042f1e8d43d190e8160cdd0cb7c51bc78b05470a0ceb8ab225576b40deda
|
|
| MD5 |
4aa69a17220bbc6d2fcf09af3e9aee39
|
|
| BLAKE2b-256 |
d2dc59431d749f825110cbc4b51039b95b5b41ed69f77f0d2ded5aae051c988b
|
Provenance
The following attestation bundles were made for calybris-0.5.5.tar.gz:
Publisher:
release.yml on emirhuseynrmx/calybris-core
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
calybris-0.5.5.tar.gz -
Subject digest:
c248042f1e8d43d190e8160cdd0cb7c51bc78b05470a0ceb8ab225576b40deda - Sigstore transparency entry: 2187069692
- Sigstore integration time:
-
Permalink:
emirhuseynrmx/calybris-core@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Branch / Tag:
refs/tags/v0.5.5 - Owner: https://github.com/emirhuseynrmx
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file calybris-0.5.5-cp310-abi3-win_amd64.whl.
File metadata
- Download URL: calybris-0.5.5-cp310-abi3-win_amd64.whl
- Upload date:
- Size: 621.7 kB
- Tags: CPython 3.10+, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
69d6e7c42a9ed1241beb066b4afe88ec863239acf94503c11ed0e3fd529f6edd
|
|
| MD5 |
d9ae7e6502d285b77a06c2e235d255c9
|
|
| BLAKE2b-256 |
a31a738bb7d8f8b436dbe3a84c86605e3a75b7e5f7107c30f725163da990b057
|
Provenance
The following attestation bundles were made for calybris-0.5.5-cp310-abi3-win_amd64.whl:
Publisher:
release.yml on emirhuseynrmx/calybris-core
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
calybris-0.5.5-cp310-abi3-win_amd64.whl -
Subject digest:
69d6e7c42a9ed1241beb066b4afe88ec863239acf94503c11ed0e3fd529f6edd - Sigstore transparency entry: 2187069723
- Sigstore integration time:
-
Permalink:
emirhuseynrmx/calybris-core@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Branch / Tag:
refs/tags/v0.5.5 - Owner: https://github.com/emirhuseynrmx
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file calybris-0.5.5-cp310-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: calybris-0.5.5-cp310-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 727.5 kB
- Tags: CPython 3.10+, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
11330fd8ac6517a0df5a6f7cb68b2e564fd79a9c219bed298f3c6e83f3d23d5d
|
|
| MD5 |
1a366490047cd48127204b9a326b10db
|
|
| BLAKE2b-256 |
c155767c053d1beeba5544718a3816f12882b1ad11e5e86dd1dabed19c6a8039
|
Provenance
The following attestation bundles were made for calybris-0.5.5-cp310-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:
Publisher:
release.yml on emirhuseynrmx/calybris-core
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
calybris-0.5.5-cp310-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl -
Subject digest:
11330fd8ac6517a0df5a6f7cb68b2e564fd79a9c219bed298f3c6e83f3d23d5d - Sigstore transparency entry: 2187069708
- Sigstore integration time:
-
Permalink:
emirhuseynrmx/calybris-core@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Branch / Tag:
refs/tags/v0.5.5 - Owner: https://github.com/emirhuseynrmx
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file calybris-0.5.5-cp310-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.
File metadata
- Download URL: calybris-0.5.5-cp310-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
- Upload date:
- Size: 690.4 kB
- Tags: CPython 3.10+, manylinux: glibc 2.17+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
256e2263a9e19455cca7f309dee621168200efd4456783024e0ddd488f376eec
|
|
| MD5 |
cf9071f27210ed1a257fc8ba1853fd0f
|
|
| BLAKE2b-256 |
ec4c6c0a4e56274b01ad2e07748091a23556398425d09e51bc343a34a7304f2a
|
Provenance
The following attestation bundles were made for calybris-0.5.5-cp310-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl:
Publisher:
release.yml on emirhuseynrmx/calybris-core
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
calybris-0.5.5-cp310-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl -
Subject digest:
256e2263a9e19455cca7f309dee621168200efd4456783024e0ddd488f376eec - Sigstore transparency entry: 2187069715
- Sigstore integration time:
-
Permalink:
emirhuseynrmx/calybris-core@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Branch / Tag:
refs/tags/v0.5.5 - Owner: https://github.com/emirhuseynrmx
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file calybris-0.5.5-cp310-abi3-macosx_11_0_arm64.whl.
File metadata
- Download URL: calybris-0.5.5-cp310-abi3-macosx_11_0_arm64.whl
- Upload date:
- Size: 668.8 kB
- Tags: CPython 3.10+, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
40b4032165a955db47badf86c260558af7a81f885ce4bace15cc0a501e6b34f8
|
|
| MD5 |
6a0713ed52db75f4ca0bf4031fb26448
|
|
| BLAKE2b-256 |
c8cbc986e74103bbf99d2f12e6133bfb3b8205eaac719312fd74e208f7c562d6
|
Provenance
The following attestation bundles were made for calybris-0.5.5-cp310-abi3-macosx_11_0_arm64.whl:
Publisher:
release.yml on emirhuseynrmx/calybris-core
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
calybris-0.5.5-cp310-abi3-macosx_11_0_arm64.whl -
Subject digest:
40b4032165a955db47badf86c260558af7a81f885ce4bace15cc0a501e6b34f8 - Sigstore transparency entry: 2187069703
- Sigstore integration time:
-
Permalink:
emirhuseynrmx/calybris-core@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Branch / Tag:
refs/tags/v0.5.5 - Owner: https://github.com/emirhuseynrmx
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file calybris-0.5.5-cp310-abi3-macosx_10_12_x86_64.whl.
File metadata
- Download URL: calybris-0.5.5-cp310-abi3-macosx_10_12_x86_64.whl
- Upload date:
- Size: 690.2 kB
- Tags: CPython 3.10+, macOS 10.12+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b71d875018888f52483149c006bce370ce28f6488e2422b02ee9c3c13a5fc63e
|
|
| MD5 |
069e3b5dc4c60ac592c6a62f33fc265c
|
|
| BLAKE2b-256 |
03a6f720605fadddfa97b58163c03c7b3764ca2727d8881b780ef3b1157d7921
|
Provenance
The following attestation bundles were made for calybris-0.5.5-cp310-abi3-macosx_10_12_x86_64.whl:
Publisher:
release.yml on emirhuseynrmx/calybris-core
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
calybris-0.5.5-cp310-abi3-macosx_10_12_x86_64.whl -
Subject digest:
b71d875018888f52483149c006bce370ce28f6488e2422b02ee9c3c13a5fc63e - Sigstore transparency entry: 2187069698
- Sigstore integration time:
-
Permalink:
emirhuseynrmx/calybris-core@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Branch / Tag:
refs/tags/v0.5.5 - Owner: https://github.com/emirhuseynrmx
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@edaca7bfbbf72c16801407f2a7730acf1ea974f1 -
Trigger Event:
push
-
Statement type: