Skip to main content

Governed, Observable & Declarative Machine Learning Framework

Project description

PyPI version Python versions MIT License

CI Coverage Docs

SLSA Level 3 Sigstore OpenSSF Scorecard Supply Chain

GODML

Governed, Observable & Declarative Machine Learning Framework

Production-grade MLOps for teams that need traceability, compliance, and a verified supply chain — without the infrastructure overhead.


Quick start

pip install godml
godml init my-project
godml run -f godml.yml

That's it. No cloud account required for local training.


What is GODML?

GODML is a Python framework that wraps the full ML lifecycle — data prep, training, evaluation, monitoring, and deployment — behind a single declarative YAML config. Every run produces a signed, auditable artifact trail.

Raw data → Compliance check → Train → Evaluate → Registry → Deploy → Monitor
               (PII/GDPR)    (XGB/RF/LR)  (cross-val)  (MLflow)  (Docker)  (drift)

Why GODML over plain sklearn + MLflow?

Problem Without GODML With GODML
Reproducibility Manual notebooks Declarative YAML, locked hashes
Compliance Ad-hoc checks Built-in PCI-DSS, GDPR, HIPAA
Supply chain No SBOM SLSA L3 provenance + signed SBOM
Audit trail Scattered logs Unified lineage per run
Multi-model Custom glue code Registry + notebook_api

Installation

Core (no optional deps)

pip install godml

With extras

pip install "godml[advisor]"   # LLM-powered recommendations (gpt4all)
pip install "godml[deep]"      # LSTM forecasting (tensorflow + keras)
pip install "godml[aws]"       # SageMaker deployment
pip install "godml[api]"       # REST inference server (fastapi + uvicorn)
pip install "godml[dev]"       # Full dev suite (tests, lint, coverage)

Configuration

A minimal godml.yml:

name: customer-churn
version: 1.0.0
provider: mlflow

dataset:
  uri: ./data/churn.csv
  hash: auto

model:
  type: xgboost
  hyperparameters:
    max_depth: 6
    learning_rate: 0.1
    n_estimators: 300

metrics:
  - name: auc
    threshold: 0.85
  - name: accuracy
    threshold: 0.80

governance:
  owner: ml-team@company.com
  tags:
    - compliance: gdpr
    - environment: production

deploy:
  realtime: true
  batch_output: ./outputs/predictions.csv

Run it:

godml run -f godml.yml

Notebook API

For interactive work in Jupyter:

from godml import GodmlNotebook

nb = GodmlNotebook()
nb.load_data("./data/churn.csv", target="churn")
nb.train_model("xgboost", {"max_depth": 6, "n_estimators": 300})
nb.evaluate(["auc", "accuracy", "f1"])
nb.save_model("churn_v1")

AI-powered advisor

from godml.notebook_api import advisor_full_report, tune_model

# Get model + metric recommendations for your dataset
report = advisor_full_report(df, target="churn")
print(report["recommended_models"])   # ['xgboost', 'random_forest']
print(report["data_quality"])         # quality score + issues

# Auto-tune with Optuna
result = tune_model(
    model_type="xgboost",
    X=X_train, y=y_train,
    max_trials=50,
    metric="auc",
)
print(f"Best AUC: {result['best_score']:.4f}")

Supported model types

Key Algorithm
xgboost / xgb XGBoost
random_forest / rf scikit-learn RandomForest
logistic_regression / logreg scikit-learn LogisticRegression
lstm LSTM forecasting (requires [deep])

Compliance

from godml.compliance_service import PciDssCompliance, GdprCompliance

compliance = PciDssCompliance()
clean_df = compliance.apply(df)          # masks PAN, CVV, account numbers

gdpr = GdprCompliance()
report = gdpr.apply(df)                  # anonymizes PII per GDPR rules

Built-in compliance modules: PCI-DSS, GDPR, HIPAA, SOX.
Custom rules: subclass BaseCompliance and implement apply(df).


Architecture

┌──────────────────────────────────────────────────────┐
│                    GODML Framework                   │
├────────────────┬─────────────┬───────────────────────┤
│  Interfaces    │  Notebook   │  CLI  │  REST API      │
├────────────────┴─────────────┴───────────────────────┤
│  Core Services                                       │
│  ┌───────────┐ ┌───────────┐ ┌──────────────────────┐│
│  │ Advisor   │ │ Config    │ │ Pipeline Engine      ││
│  └───────────┘ └───────────┘ └──────────────────────┘│
├──────────────────────────────────────────────────────┤
│  ML Services                                         │
│  ┌───────────┐ ┌───────────┐ ┌──────────────────────┐│
│  │ DataPrep  │ │ Model     │ │ Monitoring           ││
│  │ +PII scan │ │ Registry  │ │ +Drift detection     ││
│  └───────────┘ └───────────┘ └──────────────────────┘│
├──────────────────────────────────────────────────────┤
│  Providers:  MLflow │ SageMaker │ Docker │ Local      │
└──────────────────────────────────────────────────────┘

Supply chain & security

GODML ships with a SLSA Level 3 supply chain — every release is built in an isolated GitHub Actions environment with unforgeable provenance.

Artifact Standard Signature Transparency
sbom.spdx.json SPDX 2.3 Cosign OIDC (keyless) Rekor log
sbom.cyclonedx.json CycloneDX 1.6 SLSA provenance GitHub Release assets
provenance.intoto.jsonl SLSA v1 / in-toto slsa-github-generator Rekor log

Verify the SBOM yourself

# Download from GitHub Releases
cosign verify-blob \
  --bundle sbom.spdx.bundle \
  --certificate-identity-regexp "https://github.com/DAGMALIA/godml/.github/workflows/safety_scan.yml" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  sbom.spdx.json

Verify SLSA provenance

slsa-verifier verify-artifact dist/godml-*.whl \
  --provenance-path provenance.intoto.jsonl \
  --source-uri github.com/DAGMALIA/godml \
  --source-tag v1.1.0

CI security controls

Control Tool Status
SAST Bandit ✅ Blocks on HIGH/CRITICAL
Dependency CVEs pip-audit + Safety ✅ Weekly + per PR
SHA-pinned actions Dependabot ✅ Auto-pinned
PyPI publish OIDC Trusted Publisher ✅ No API tokens
Branch protection GitHub Ruleset ✅ PR + status checks
Tag protection GitHub Ruleset v* immutable
Score OpenSSF Scorecard ✅ Published weekly

CLI reference

godml init <project>         # scaffold new project
godml run -f godml.yml       # execute pipeline from config
godml deploy <project> <env> # deploy model to environment
godml --version              # print version

Roadmap

v1.2.0 — Q3 2026

  • Interactive drift dashboard (Streamlit)
  • A/B testing framework
  • Optuna distributed tuning

v1.3.0 — Q4 2026

  • Kubernetes operator
  • Real-time streaming inference
  • Multi-tenant model registry

v2.0.0 — 2027

  • Multi-cloud provider abstraction (Vertex AI, Azure ML)
  • Federated learning support
  • SOC2 / ISO27001 documentation kit

Contributing

git clone https://github.com/DAGMALIA/godml.git
cd godml
pip install -e ".[dev]"
pytest tests/ --cov=godml

See CONTRIBUTING.md for branch conventions and PR checklist.


License

MIT — see LICENSE.


Built by DAGMALIA · PyPI · Support

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

godml-1.1.2.tar.gz (91.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

godml-1.1.2-py3-none-any.whl (121.9 kB view details)

Uploaded Python 3

File details

Details for the file godml-1.1.2.tar.gz.

File metadata

  • Download URL: godml-1.1.2.tar.gz
  • Upload date:
  • Size: 91.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for godml-1.1.2.tar.gz
Algorithm Hash digest
SHA256 4c724da6299a0a8a13faee93fc7fc4bb918f6f81574ba0bcb9f2267cbc9a4aba
MD5 cc6403a4681a659cc7b198f7fb0c6155
BLAKE2b-256 f6fab7f86aaf74fd5d8ad1c9397a00f91a0d80d918f556d91ba3e3f02b21146a

See more details on using hashes here.

Provenance

The following attestation bundles were made for godml-1.1.2.tar.gz:

Publisher: release.yml on DAGMALIA/godml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file godml-1.1.2-py3-none-any.whl.

File metadata

  • Download URL: godml-1.1.2-py3-none-any.whl
  • Upload date:
  • Size: 121.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for godml-1.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 c28ecd6532e5db51139523bbc79115a2f8a2ade808bb74f5d9b40c1c97b74292
MD5 61bd7afd05de51f978b7fb1257cb9f64
BLAKE2b-256 5313ee3bf84ae5d93cbc18fa1d09ccf9501e4198d47876423cf411c5bb14fa0b

See more details on using hashes here.

Provenance

The following attestation bundles were made for godml-1.1.2-py3-none-any.whl:

Publisher: release.yml on DAGMALIA/godml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page