Deterministic Boundary Layer - policies, pipelines, bindings on dbl-core
Project description
DBL Main
Deterministic Boundary Layer - policies, pipelines, bindings on dbl-core.
DBL Main configures and orchestrates boundary evaluation for real applications. dbl-core stays the minimal deterministic engine.
Architecture
┌──────────────────────────────────────────────┐
│ Application / Product / Gateway │
│ (HTTP API, CLI, Service, Agent, ...) │
├──────────────────────────────────────────────┤
│ DBL Main (this repo) │
│ - Policy registry │
│ - Pipelines │
│ - Bindings / adapters │
│ - Config, tenants, audit │
├──────────────────────────────────────────────┤
│ dbl-core │
│ - deterministic boundary engine │
├──────────────────────────────────────────────┤
│ kl-kernel-logic │
│ - execution substrate (Δ, V, t) │
└──────────────────────────────────────────────┘
kl-kernel-logic- deterministic execution substratedbl-core- minimal boundary evaluation enginedbl-main(this repo) - policies, pipelines, bindings
This structure follows KL Execution Theory.
Pipelines in DBL Main orchestrate policies and produce a BoundaryResult (from dbl-core) used to decide whether the kernel is called.
Install
pip install dbl-main
Requires dbl-core>=0.2.0, kl-kernel-logic>=0.4.0, Python 3.11+.
Configuration
DBL Main loads policies and pipelines from external configuration.
config/
pipelines.yaml
policies.yaml
tenants/
tenant-1.yaml
tenant-2.yaml
Example:
# config/pipelines.yaml
pipelines:
default:
policies:
- rate-limit
- content-safety
# config/policies.yaml
policies:
rate-limit:
max_requests: 100
content-safety:
blocked_patterns:
- "forbidden"
Loading:
from dbl_main.config import load_config, build_pipeline_for
cfg = load_config("config")
pipeline = build_pipeline_for(cfg, tenant_id="tenant-1", use_case="llm-generate")
result = pipeline.evaluate(ctx)
Configuration is external, versionable, and auditable.
Usage
from kl_kernel_logic import PsiDefinition, Kernel
from dbl_core import BoundaryContext
from dbl_main import Pipeline
from dbl_main.policies import RateLimitPolicy, ContentSafetyPolicy
# Build context
psi = PsiDefinition(psi_type="llm", name="generate")
ctx = BoundaryContext(
psi=psi,
caller_id="user-1",
tenant_id="tenant-1",
metadata={"prompt": "Hello world"},
)
# Build pipeline
pipeline = Pipeline(
name="default",
policies=[
RateLimitPolicy(max_requests=100),
ContentSafetyPolicy(blocked_patterns=["forbidden"]),
],
)
# Evaluate boundaries
result = pipeline.evaluate(ctx)
if result.is_allowed():
# Proceed with kernel execution
kernel = Kernel()
trace = kernel.execute(
psi=result.effective_psi,
task=my_task_fn,
**result.effective_metadata,
)
else:
print(result.final_outcome, result.decisions[-1].reason)
Note: The Kernel.execute() call above is illustrative. See kl-kernel-logic for the actual API.
Components
Pipeline
Ordered sequence of policies. Evaluates each policy, aggregates decisions, stops on block. Returns a BoundaryResult from dbl-core.
Policies
RateLimitPolicy- request rate limitingContentSafetyPolicy- content pattern blocking
Implement Policy base class for custom policies:
from dbl_main.policies.base import Policy
from dbl_core import BoundaryContext, PolicyDecision
class MyPolicy(Policy):
@property
def name(self) -> str:
return "my-policy"
def evaluate(self, context: BoundaryContext) -> PolicyDecision:
return PolicyDecision(outcome="allow", reason="passed")
Registries
PolicyRegistry- register policy classes by namePipelineRegistry- register pipelines by tenant/channel
Audit
AuditLogger- log boundary evaluation results
Design
- Pipelines are deterministic for the same config and input
- Policies are side-effect free with respect to
BoundaryContext - Registries and loaders are pure configuration, no hardcoded rules
- External config enables versioning and audit trails
Guarantees
- No mutation of
BoundaryContextby policies - All decisions flow through
PolicyDecisionandBoundaryResult - Configuration is file-based, versionable, and auditable
- Pipeline evaluation is deterministic
These guarantees are enforced by executable tests. See docs/testing.md for details.
Testing
# Install with test dependencies
pip install -e .[test]
# Run tests
pytest
# With property-based tests (hypothesis)
pip install -e .[test-fuzz]
pytest
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dbl_main-0.1.0.tar.gz.
File metadata
- Download URL: dbl_main-0.1.0.tar.gz
- Upload date:
- Size: 25.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ef8a96316390a82a8d23a06f23169e8fb735af0aecb01a133dcf5a04c161b924
|
|
| MD5 |
caee70355582d9fe6422f4ba1ac33452
|
|
| BLAKE2b-256 |
29acb85b023f4d091c5d05f4bc457116a9860adbedee564018e5b4890da10f0d
|
File details
Details for the file dbl_main-0.1.0-py3-none-any.whl.
File metadata
- Download URL: dbl_main-0.1.0-py3-none-any.whl
- Upload date:
- Size: 12.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9492c68f08a3a6345c648aae685e96ae205d49c2238e98ac77b17b7fc5450438
|
|
| MD5 |
f79af9d660591a4c2d14b6108271beb5
|
|
| BLAKE2b-256 |
92e95e91524f720c8e269bc42279e2d727127bc7c5a8172fb1ae0941765b45d6
|
