Skip to main content

Governance-as-Code SDK for AI compliance: local SHA-256 hashing + tamper-evident audit telemetry, with zero raw-text exfiltration.

Project description

foxy-audit (SDK)

Governance-as-Code for AI. One decorator → a tamper-evident, privacy-preserving audit trail.

The SDK hashes your LLM prompt + response locally (SHA-256), throws the raw text away, and streams only metadata to the Foxy Audit backend. It also fires a best-effort local UDP ping so the desktop "fox" companion reacts in real time (green on every logged call, red on a policy breach).

Install

pip install -e .            # from this sdk/ folder, for local development

Runtime dependency: requests only.

Use

import os
from foxy_audit import FoxyClient

foxy = FoxyClient(api_key=os.getenv("FOXY_API_KEY"))   # or just rely on the env var

@foxy.audit(policy="hipaa_basic")
def ask_model(prompt: str) -> str:
    return llm_client.generate(prompt)     # your existing code — unchanged

Every call to ask_model is now hashed, logged, and graded. Or use the module-level decorator, which builds a client from the environment:

from foxy_audit import audit

@audit(policy="soc2")
def summarize(text: str) -> str:
    ...

Attributing the model (agent)

Pass agent= to record which model produced the interaction. The backend folds it into the tamper-evident hash chain, so the attribution can't be altered after the fact:

@foxy.audit(policy="soc2", agent="gpt-4o")
def ask_model(prompt: str) -> str:
    ...

agent is optional — rows logged without it hash exactly as before, so existing chains keep verifying.

Configuration

Setting Kwarg Env var Default
API key api_key FOXY_API_KEY (none → HTTP disabled)
Backend URL endpoint FOXY_BACKEND_URL http://127.0.0.1:8000
Desktop ping desktop_ping True (127.0.0.1:9999)

With no API key the SDK is a graceful no-op for the cloud path: it still runs your function and still pings the desktop fox, but skips the HTTP upload — so you can see the fox react before any backend exists.

Guarantees

  • Never blocks your function — the HTTP upload runs on a background daemon thread.
  • Never raises its own errors into your app — all telemetry failures are swallowed.
  • Never sees raw text server-side — only SHA-256 digests + token count + policy tag leave the host.
  • Works with both sync and async functions; the return value is always passed through unchanged.

What gets sent

To the backend (POST /v1/logs, Authorization: Bearer <key>):

{"prompt_hash": "<64 hex>", "response_hash": "<64 hex>", "token_count": 123, "policy_tag": "hipaa_basic"}

To the desktop fox (UDP 127.0.0.1:9999):

{"event": "hash_ok", "policy": "hipaa_basic", "tokens": 123, "ts": 1719300000}
{"event": "policy_breach", "reason": "...", "risk_score": 87, "policy": "hipaa_basic", "ts": ...}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

foxy_audit-1.0.0.tar.gz (13.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

foxy_audit-1.0.0-py3-none-any.whl (13.7 kB view details)

Uploaded Python 3

File details

Details for the file foxy_audit-1.0.0.tar.gz.

File metadata

  • Download URL: foxy_audit-1.0.0.tar.gz
  • Upload date:
  • Size: 13.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for foxy_audit-1.0.0.tar.gz
Algorithm Hash digest
SHA256 95ce6b3e3e0ddd25db958c967503abbff5c4218116a9b12e0f77590ad47a0fdb
MD5 4fc1c0fd4d015007e2e73e4f3caf1092
BLAKE2b-256 5c7c090f39417330161dc7b94c394c93bd86a4d4ed0de7112a725ce9301e4742

See more details on using hashes here.

File details

Details for the file foxy_audit-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: foxy_audit-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 13.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for foxy_audit-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 4eef864bf7788bc74d7f51fa195d91153853345e47d259626b847e34572db422
MD5 0a6f6a5ef9f9d19014fc46ad4e34357a
BLAKE2b-256 0792936e0fc118c8e3e7dbecff2e188e832dd2fbc4ac5615c24c739e2e37b913

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page