Skip to main content

Governed, Observable & Declarative Machine Learning Framework

Project description

PyPI Python CI Supply Chain SLSA L3 Sigstore OpenSSF Scorecard MIT

GODML

Governed, Observable & Declarative Machine Learning Framework

Production-grade MLOps for teams that need traceability, compliance, and a verified supply chain — without the infrastructure overhead.


Quick start

pip install godml
godml init my-project
godml run -f godml.yml

That's it. No cloud account required for local training.


What is GODML?

GODML is a Python framework that wraps the full ML lifecycle — data prep, training, evaluation, monitoring, and deployment — behind a single declarative YAML config. Every run produces a signed, auditable artifact trail.

Raw data → Compliance check → Train → Evaluate → Registry → Deploy → Monitor
               (PII/GDPR)    (XGB/RF/LR)  (cross-val)  (MLflow)  (Docker)  (drift)

Why GODML over plain sklearn + MLflow?

Problem Without GODML With GODML
Reproducibility Manual notebooks Declarative YAML, locked hashes
Compliance Ad-hoc checks Built-in PCI-DSS, GDPR, HIPAA
Supply chain No SBOM SLSA L3 provenance + signed SBOM
Audit trail Scattered logs Unified lineage per run
Multi-model Custom glue code Registry + notebook_api

Installation

Core (no optional deps)

pip install godml

With extras

pip install "godml[advisor]"   # LLM-powered recommendations (gpt4all)
pip install "godml[deep]"      # LSTM forecasting (tensorflow + keras)
pip install "godml[aws]"       # SageMaker deployment
pip install "godml[api]"       # REST inference server (fastapi + uvicorn)
pip install "godml[dev]"       # Full dev suite (tests, lint, coverage)

Configuration

A minimal godml.yml:

name: customer-churn
version: 1.0.0
provider: mlflow

dataset:
  uri: ./data/churn.csv
  hash: auto

model:
  type: xgboost
  hyperparameters:
    max_depth: 6
    learning_rate: 0.1
    n_estimators: 300

metrics:
  - name: auc
    threshold: 0.85
  - name: accuracy
    threshold: 0.80

governance:
  owner: ml-team@company.com
  tags:
    - compliance: gdpr
    - environment: production

deploy:
  realtime: true
  batch_output: ./outputs/predictions.csv

Run it:

godml run -f godml.yml

Notebook API

For interactive work in Jupyter:

from godml import GodmlNotebook

nb = GodmlNotebook()
nb.load_data("./data/churn.csv", target="churn")
nb.train_model("xgboost", {"max_depth": 6, "n_estimators": 300})
nb.evaluate(["auc", "accuracy", "f1"])
nb.save_model("churn_v1")

AI-powered advisor

from godml.notebook_api import advisor_full_report, tune_model

# Get model + metric recommendations for your dataset
report = advisor_full_report(df, target="churn")
print(report["recommended_models"])   # ['xgboost', 'random_forest']
print(report["data_quality"])         # quality score + issues

# Auto-tune with Optuna
result = tune_model(
    model_type="xgboost",
    X=X_train, y=y_train,
    max_trials=50,
    metric="auc",
)
print(f"Best AUC: {result['best_score']:.4f}")

Supported model types

Key Algorithm
xgboost / xgb XGBoost
random_forest / rf scikit-learn RandomForest
logistic_regression / logreg scikit-learn LogisticRegression
lstm LSTM forecasting (requires [deep])

Compliance

from godml.compliance_service import PciDssCompliance, GdprCompliance

compliance = PciDssCompliance()
clean_df = compliance.apply(df)          # masks PAN, CVV, account numbers

gdpr = GdprCompliance()
report = gdpr.apply(df)                  # anonymizes PII per GDPR rules

Built-in compliance modules: PCI-DSS, GDPR, HIPAA, SOX.
Custom rules: subclass BaseCompliance and implement apply(df).


Architecture

┌──────────────────────────────────────────────────────┐
│                    GODML Framework                   │
├────────────────┬─────────────┬───────────────────────┤
│  Interfaces    │  Notebook   │  CLI  │  REST API      │
├────────────────┴─────────────┴───────────────────────┤
│  Core Services                                       │
│  ┌───────────┐ ┌───────────┐ ┌──────────────────────┐│
│  │ Advisor   │ │ Config    │ │ Pipeline Engine      ││
│  └───────────┘ └───────────┘ └──────────────────────┘│
├──────────────────────────────────────────────────────┤
│  ML Services                                         │
│  ┌───────────┐ ┌───────────┐ ┌──────────────────────┐│
│  │ DataPrep  │ │ Model     │ │ Monitoring           ││
│  │ +PII scan │ │ Registry  │ │ +Drift detection     ││
│  └───────────┘ └───────────┘ └──────────────────────┘│
├──────────────────────────────────────────────────────┤
│  Providers:  MLflow │ SageMaker │ Docker │ Local      │
└──────────────────────────────────────────────────────┘

Supply chain & security

GODML ships with a SLSA Level 3 supply chain — every release is built in an isolated GitHub Actions environment with unforgeable provenance.

Artifact Standard Signature Transparency
sbom.spdx.json SPDX 2.3 Cosign OIDC (keyless) Rekor log
sbom.cyclonedx.json CycloneDX 1.6 SLSA provenance GitHub Release assets
provenance.intoto.jsonl SLSA v1 / in-toto slsa-github-generator Rekor log

Verify the SBOM yourself

# Download from GitHub Releases
cosign verify-blob \
  --bundle sbom.spdx.bundle \
  --certificate-identity-regexp "https://github.com/DAGMALIA/godml/.github/workflows/safety_scan.yml" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  sbom.spdx.json

Verify SLSA provenance

slsa-verifier verify-artifact dist/godml-*.whl \
  --provenance-path provenance.intoto.jsonl \
  --source-uri github.com/DAGMALIA/godml \
  --source-tag v1.1.0

CI security controls

Control Tool Status
SAST Bandit ✅ Blocks on HIGH/CRITICAL
Dependency CVEs pip-audit + Safety ✅ Weekly + per PR
SHA-pinned actions Dependabot ✅ Auto-pinned
PyPI publish OIDC Trusted Publisher ✅ No API tokens
Branch protection GitHub Ruleset ✅ PR + status checks
Tag protection GitHub Ruleset v* immutable
Score OpenSSF Scorecard ✅ Published weekly

CLI reference

godml init <project>         # scaffold new project
godml run -f godml.yml       # execute pipeline from config
godml deploy <project> <env> # deploy model to environment
godml --version              # print version

Roadmap

v1.2.0 — Q3 2026

  • Interactive drift dashboard (Streamlit)
  • A/B testing framework
  • Optuna distributed tuning

v1.3.0 — Q4 2026

  • Kubernetes operator
  • Real-time streaming inference
  • Multi-tenant model registry

v2.0.0 — 2027

  • Multi-cloud provider abstraction (Vertex AI, Azure ML)
  • Federated learning support
  • SOC2 / ISO27001 documentation kit

Contributing

git clone https://github.com/DAGMALIA/godml.git
cd godml
pip install -e ".[dev]"
pytest tests/ --cov=godml

See CONTRIBUTING.md for branch conventions and PR checklist.


License

MIT — see LICENSE.


Built by DAGMALIA · PyPI · Support

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

godml-1.2.1.tar.gz (91.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

godml-1.2.1-py3-none-any.whl (122.1 kB view details)

Uploaded Python 3

File details

Details for the file godml-1.2.1.tar.gz.

File metadata

  • Download URL: godml-1.2.1.tar.gz
  • Upload date:
  • Size: 91.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for godml-1.2.1.tar.gz
Algorithm Hash digest
SHA256 9d8220187d03dc756fdf646652a739b1680b98ac722ea09b23287166f374008e
MD5 c2b0f39d2bae846f4bbe2f99be663d88
BLAKE2b-256 d52a342cd1aadd040c0cea5c1be76f03dd408d0bd327cfd282a49e4095e16e55

See more details on using hashes here.

Provenance

The following attestation bundles were made for godml-1.2.1.tar.gz:

Publisher: release.yml on DAGMALIA/godml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file godml-1.2.1-py3-none-any.whl.

File metadata

  • Download URL: godml-1.2.1-py3-none-any.whl
  • Upload date:
  • Size: 122.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for godml-1.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 4795afeb707d46656b1c26f1f7987ed6935ac9e20541ce18371b57ea068edeab
MD5 1a2ff753a78785d767a6b59d48079c16
BLAKE2b-256 578b6cfab887a1a97cab3c38717b4d731871c5108b6d1988d7e47744ca6da40a

See more details on using hashes here.

Provenance

The following attestation bundles were made for godml-1.2.1-py3-none-any.whl:

Publisher: release.yml on DAGMALIA/godml

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page