Enforcement gates for AI agents — five lines, in-process, just Postgres

These details have not been verified by PyPI

Project links

Project description

Code Atelier Governance SDK

Enforcement gates for AI agents — in-process, just Postgres.

Most LLM tools tell you what your agent did, after the fact. Code Atelier Governance gates decisions before the LLM call fires. Budget caps, scope checks, human-in-the-loop approvals, loop detection, behavioral contracts, and a tamper-evident audit trail — all from one pip install, all writing to the Postgres your application already has.

import os
from codeatelier_governance import GovernanceSDK, ScopePolicy, BudgetPolicy

async with GovernanceSDK(database_url=os.environ["DATABASE_URL"]) as sdk:
    sdk.scope.register(ScopePolicy(
        agent_id="billing-agent",
        allowed_tools=frozenset({"read_invoice", "send_email"}),
        hidden_tools=frozenset({"delete_all_data"}),
    ))
    sdk.cost.register(BudgetPolicy(
        agent_id="billing-agent",
        per_session_usd=0.50,
        per_agent_usd_daily=10.00,
        per_session_seconds=300,
    ))

    await sdk.scope.check("billing-agent", tool="read_invoice")  # PASS
    await sdk.cost.check_or_raise("billing-agent", session_id)   # PASS or BudgetExceeded
    await sdk.cost.track_usage("billing-agent", session_id,
        model="gpt-4o", input_tokens=1000, output_tokens=500)    # auto-USD from pricing table

Install

pip install codeatelier-governance                     # core SDK
pip install "codeatelier-governance[console]"          # + governance console GUI
pip install "codeatelier-governance[openai]"           # + OpenAI wrapper
pip install "codeatelier-governance[anthropic]"        # + Anthropic wrapper
pip install "codeatelier-governance[langchain]"        # + LangChain handler
pip install "codeatelier-governance[otel]"             # + OpenTelemetry export

Setup

# Apply DDL to your Postgres
governance migrate --database-url postgresql://user:pass@host/db

# Create a console user
governance console add-user --username admin --role admin

Eight enforcement modules

Module	What it does
Audit	HMAC-chained, append-only, tamper-evident event log with step-level provenance
Scope	Whitelist tools and APIs per agent. Hidden tools removed from agent context. Default deny.
Cost	Token + USD caps per session/day. Session time limits. Built-in pricing for 24 models.
Gates	Human-in-the-loop approval with HMAC-signed single-use tokens
Loop Detection	Sliding window detection of repeated tool calls. Auto-kill runaway agents.
Presence	Live/idle/unresponsive agent heartbeat tracking
Contracts	Pre/post conditions on tool calls. Built-in checks: hitl_approved, budget_available, scope_allowed.
Compliance	Auto-generate EU AI Act Article 12 reports from the audit trail

Framework adapters

# OpenAI — 1 line
from codeatelier_governance.integrations.openai_wrap import wrap_openai
client = wrap_openai(OpenAI(), sdk=sdk, agent_id="my-agent")

# Anthropic — 1 line
from codeatelier_governance.integrations.anthropic_wrap import wrap_anthropic
client = wrap_anthropic(Anthropic(), sdk=sdk, agent_id="my-agent")

# LangChain — 1 line
from codeatelier_governance.integrations.langchain_handler import GovernanceCallbackHandler
handler = GovernanceCallbackHandler(sdk=sdk, agent_id="my-agent", enforce=True)

Governance Console

A web dashboard for posture overview, event exploration, cost monitoring, gate approvals, and user management. Ships as a FastAPI backend + Next.js frontend.

# Start the console
GOVERNANCE_DATABASE_URL=postgresql://... uvicorn codeatelier_governance.console.app:app

CLI

governance migrate     # Apply DDL to Postgres
governance verify      # Walk HMAC chain, exit 0 (clean) or 1 (tampered)
governance tail        # Live-follow audit events
governance budget      # Show cost snapshot for an agent
governance report      # Generate EU AI Act Article 12 compliance report
governance console     # User management (add-user, list-users, disable-user, reset-password)

Resilience contract

Observation surfaces never break the host call. sdk.audit.log(), sdk.cost.track(), and sdk.gates.request() log a warning and continue if storage is unreachable.

Enforcement surfaces fail closed by default. sdk.cost.check_or_raise(), sdk.scope.check(), and sdk.gates.wait_for() raise by contract. On storage failure, the cost gate denies the call rather than allowing it.

Just Postgres

The only infrastructure dependency is a Postgres connection string. No ClickHouse, no Redis, no Kafka, no sidecar, no background worker. We use the database your application already has.

Security

HMAC-SHA256 chain on every audit event (tamper-evident)
13-point security checklist on every feature
PBKDF2-HMAC-SHA256 password hashing (600k iterations)
Pydantic strict models with size caps throughout
Login rate limiting (5 attempts/IP/60s)
Constant-time token comparison
All SQL parameterized (zero injection vectors)

Standards alignment

EU AI Act Article 12 (binding 2026-08-02) — automatic event logging with tamper-evidence
NIST CAISI AI Agent Standards (Feb 2026) — audit reconstructability
OWASP Top 10 for Agentic Applications 2026 — scope enforcement, least-agency
SOC 2 Type II — append-only, immutable logging patterns

Documentation

Full documentation, quickstart guide, API reference, and concepts:

codeatelier.tech/governance

License

MIT

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

0.6.0

Apr 16, 2026

0.5.4

Apr 15, 2026

0.5.3

Apr 13, 2026

0.5.2

Apr 12, 2026

0.5.1

Apr 12, 2026

0.5.0

Apr 12, 2026

This version

0.4.0

Apr 11, 2026

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

code_atelier_governance-0.4.0.tar.gz (88.6 kB view details)

Uploaded Apr 11, 2026 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

code_atelier_governance-0.4.0-py3-none-any.whl (116.3 kB view details)

Uploaded Apr 11, 2026 Python 3

File details

Details for the file code_atelier_governance-0.4.0.tar.gz.

File metadata

Download URL: code_atelier_governance-0.4.0.tar.gz
Upload date: Apr 11, 2026
Size: 88.6 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for code_atelier_governance-0.4.0.tar.gz
Algorithm	Hash digest
SHA256	`24134dfc4fc8715c6744d739786f7655b8e9d4d36f35ac6982807a67ae6b54a3`
MD5	`f8ba22bb1fb7d3dcd21a3c35838291c8`
BLAKE2b-256	`1df8ad216bd274e68c3650e8b2314cc2a294121d330df40d5b969f0259dd341e`

See more details on using hashes here.

File details

Details for the file code_atelier_governance-0.4.0-py3-none-any.whl.

File metadata

Download URL: code_atelier_governance-0.4.0-py3-none-any.whl
Upload date: Apr 11, 2026
Size: 116.3 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for code_atelier_governance-0.4.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`38d15079cd59cc01f5da2417c0760640e561c03b8d329f5a1628cc7aa699828c`
MD5	`0f0070859dbb53bb32793e5285fe51fe`
BLAKE2b-256	`41a43328463ff6eba3ddc896b841d526a2e1c93d6c89f25841a44b4197c30957`

See more details on using hashes here.

code-atelier-governance 0.4.0

Navigation

Verified details

Maintainers

Unverified details

Project links

Meta

Classifiers

Project description

Code Atelier Governance SDK

Install

Setup

Eight enforcement modules

Framework adapters

Governance Console

CLI

Resilience contract

Just Postgres

Security

Standards alignment

Documentation

License

Project details

Verified details

Maintainers

Unverified details

Project links

Meta

Classifiers

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

File details

File metadata

File hashes