Skip to main content

Carrier-agnostic artifact governance and controlled-execution services that consume SCLite contract lifecycle artifacts.

Project description

GovEngine

CI: pytest Package: govengine 0.16.8 Python: 3.11+ Dependency: SCLite ==1.0.8 License: MIT

GovEngine is an alpha package 0.16.8 (0.16.8) source line for deterministic governance-kernel contracts.

It consumes SCLite as the lower truth layer and exposes reusable Python records, validators, and composition helpers for admission decisions, lifecycle gates, policy/trust summaries, receipt binding, evidence review, replay freshness, and profile conformance. It does not run jobs. It does not own host runtime behavior. Carrier adapters, concrete schedulers, credentials, domain semantics, and live execution remain outside the kernel.

Dependency Direction

Tecrax profile -> RExecOp runtime -> GovEngine governance -> SCLite truth
Other host runtimes ----------------> GovEngine governance -> SCLite truth
  • SCLite owns artifact lifecycle schemas, canonical descriptors, ordered hash-chain verification, guarded verification, tickets, receipts, and evidence truth records.
  • GovEngine owns deterministic governance contracts over those truth records: admission envelopes, policy/trust/replay decisions, lifecycle state mapping, receipt/evidence binding, review qualification, profile conformance, and public-safe contract fixtures.
  • RExecOp owns domain-neutral workflow interpretation, lifecycle, connector dispatch, execution mechanics, deterministic reaction mechanics, and runtime receipts.
  • Tecrax owns infrastructure intent, connector semantics, observations, findings, normalization, validation, and runbooks. GovEngine retains a synthetic Tecrax conformance fixture; the operational profile itself lives in Tecrax.
  • Ravenclaw is a legacy consumer outside the current RExecOp/Tecrax roadmap.

GovEngine is not SCLite, Ravenclaw, Tecrax, Logdash, an LLM loop, a scanner, a scheduler, a credential manager, a replay database, a PKI/KMS layer, or a subprocess runner.

What GovEngine Includes Now

The public surface registry is govengine.surfaces.public_surface_index(). It currently reports seven alpha surfaces:

  • artifact_governance_core for artifact descriptors, lifecycle state mapping, transition decisions, signing/trust records, guarded-root replay decisions, state-index helpers, deconfliction, and the SCLite bridge.
  • planning_contracts_core for neutral task, plan-intent, and planner-port handoff records. These are handoff contracts, not a planner.
  • admission_policy_core for RuntimeAdmissionResult, policy/admission/approval/audit records, PolicyEngine MVP (govengine.policy), proof-input validation, public summaries, bounded artifact references, and the development-only JSONL audit-ledger adapter.
  • evidence_review_core for receipt-bounded evidence requirements, claims, qualifications, review results, and evidence-review-chain validation.
  • domain_profile_sdk for contract-only domain profile declarations and conformance reports, including Ravenclaw and Tecrax fixture profiles.
  • runtime_contract_proofs for public-safe conformance artifacts over Ravenclaw and Tecrax contract shapes. They are fixtures, not runtime authorization.
  • controlled_execution_core for approved-spec checks, execution-ticket gates, command-shape normalization, runner request/receipt boundaries, supervision records, dry-run helpers, runtime-shell projections, event/control records, OODA records, and orchestration handoff records.

The published 0.15.0 line added:

  • PolicyEngine MVP (govengine.policy): declarative policy packs, fail-closed PolicyEngine.evaluate(), verdict projection via policy_verdict_to_gov_policy_decision(), JSON Schema authoring helpers, baseline policy scaffolds, and the govengine-policy validation/scaffold CLI.

The 0.16.x source line also adds:

  • PolicyExplain (G1): PolicyEvaluationExplanation, explain_policy_evaluation(), and govengine-policy explain|simulate --json for redacted policy reasoning without execution authority;
  • Supervisor action explanations (G2): SupervisorActionExplanation, explain_supervisor_action(), and govengine-supervisor explain --json for recovery/triage reason codes over bounded SupervisorActionRequest payloads without executing recovery or mutating runtime state.
  • Profile governance projection (G3): ProfileGovernanceProjection, ProfileConnectorCompatibilityReport, explain_profile_governance(), and govengine-policy profile-governance --json for policy-hook/evidence/runner posture validation and profile/connector capability compatibility without domain semantics or backend IO.

The published 0.16.0 line adds:

  • policy enforcement plan: deterministic pack/verdict/plan digest binding, an existing GovAdmissionDecision reference, and fail-closed projection of a small neutral control set for host runners; GovEngine does not execute or claim host enforcement;
  • retains the 0.14.0 governed-runtime MVP (RuntimeAdmissionResult, receipt/evidence binding, audit ledger port, inspect-only workflow) without changing its contract shape.

Current Status

Current supported stack line: 0.16.8. Current supported stack line: govengine==0.16.8 with sclite-core==1.0.8. Older GovEngine distributions remain available on PyPI as archived alpha history, but they are not an active compatibility line. The published wheel contains the digest-bound enforcement-plan API used by coordinated B2 consumers.

The current kernel is useful for deterministic review of prepared governance records. It is not production runtime readiness and it is not an execution authority. RuntimeAdmissionResult is the single canonical admission envelope; compose_runtime_admission_result() composes host-supplied gate summaries into that envelope, and validate_runtime_admission_result() checks the envelope shape. These helpers do not verify SCLite artifacts, persist replay claims, approve operators, or execute commands by themselves.

When hosts need a runtime-consumable path, the intended chain is:

  1. SCLite verifies the artifact lifecycle and guarded truth records.
  2. GovEngine maps the lifecycle status and validates proof-input summaries.
  3. GovEngine composes policy, ticket, trust, replay freshness, runner profile, receipt obligation, blockers, and next actions into RuntimeAdmissionResult.
  4. Host runtime code decides what to do with that result under its own operator, credential, storage, scheduler, and execution controls.

Dry-run remains the default local execution posture. Any live backend belongs outside this package until a separate host/runtime boundary explicitly owns and tests it.

Explicit Non-Claims

GovEngine does not provide:

  • live subprocess execution;
  • raw-intent execution;
  • scanner, exploit, campaign, or target authorization;
  • scheduler, queue persistence, long-running worker, or LLM agent loop;
  • credential handling, private key storage, CA, PKI, KMS, HSM, trust-anchor management, rotation, or revocation;
  • production replay database or production audit database;
  • raw artifact store or raw evidence store;
  • SCLite schema authority, SCLite canonicalization, SCLite hash-chain verification, or SCLite Kernel Guard HMAC verification;
  • Ravenclaw security taxonomy, target semantics, campaign UX, public proof projection, or runtime adapters;
  • Tecrax infrastructure semantics, infrastructure credentials, or runtime adapters;
  • carrier adapters such as OpenClaw, MCP, A2A, HTTP APIs, or UI routes;
  • stable 1.0 API guarantees.

Installation

Install the latest published package from PyPI:

python -m pip install govengine==0.16.8

That installs the single supported alpha stack line, including the PolicyEngine MVP, B2 enforcement-plan contracts, policy explain/simulate, and supervisor explain. When PyPI lags source, coordinated stack work may use pip install -e from the GovEngine repository at 0.16.8.

For local development:

python -m venv .venv
. .venv/bin/activate
python -m pip install -e '.[dev]'
python -m pytest -q
python -m mypy govengine
python -m ruff check .
python scripts/validate_public_truth.py
python scripts/validate_alpha_readiness.py

Minimal Smoke Example

from govengine import public_surface_index
from govengine.execution.runner import approved_spec_dry_run_result

assert [surface.name for surface in public_surface_index()] == [
    "artifact_governance_core",
    "planning_contracts_core",
    "admission_policy_core",
    "evidence_review_core",
    "domain_profile_sdk",
    "runtime_contract_proofs",
    "controlled_execution_core",
]

receipt = approved_spec_dry_run_result(
    approved_execution_spec={
        "action_type": "bounded_request",
        "capability": "fixture_review",
        "resolved_tool": "fixture",
        "execution_mode": "dry_run",
    },
    planned_commands=[["fixture", "review"]],
)
assert receipt["status"] == "dry-run"

Validation

The current package-line gate is intentionally local and deterministic:

python -m pytest -q
python -m mypy govengine
python -m ruff check .
python scripts/validate_public_truth.py
python scripts/validate_alpha_readiness.py
python scripts/validate_clean_package_install.py --no-editable

scripts/validate_public_truth.py keeps package metadata, public docs, dependency truth, public surface names, and release labels aligned. scripts/validate_alpha_readiness.py checks the alpha package posture before publication. scripts/validate_clean_package_install.py --no-editable validates an installed wheel in isolation and uses scoped pip check instead of a broad system interpreter.

Documentation

Navigation hub: docs/README.md.

License and provenance

GovEngine is MIT-licensed. It was extracted from Ravenclaw in contract-first stages, so LICENSE preserves the copyright notice for the originating Ravenclaw contribution lineage. The author metadata in pyproject.toml identifies the GovEngine package maintainer; it does not replace or reassign the originating copyright notice.

Safety Boundary

GovEngine should preserve deterministic governance over prompt-only behavior. It must not execute directly from raw intent. Execution by a host runtime requires a prepared execution contract, valid policy decision, approved execution ticket, valid signature/trust decision, allowed runner profile, receipt obligation, and, for runtime-consumable SCLite bundles, guarded-strict verification plus replay-fresh status.

The published 0.16.0 line provides records and validators for that boundary. It does not provide the runtime that acts on them.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

govengine-0.16.8.tar.gz (185.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

govengine-0.16.8-py3-none-any.whl (148.8 kB view details)

Uploaded Python 3

File details

Details for the file govengine-0.16.8.tar.gz.

File metadata

  • Download URL: govengine-0.16.8.tar.gz
  • Upload date:
  • Size: 185.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for govengine-0.16.8.tar.gz
Algorithm Hash digest
SHA256 b29e52b1a0ec350cc31b14b671bb6fd08e0f0a21727ff4dcc3ea6255cec75124
MD5 6ecffc0d6c0da11ddf6041b615172c5c
BLAKE2b-256 ce371acc5fb72a57fcdd0327152c853a4c5e510ae645610d82f34a1fd7443659

See more details on using hashes here.

File details

Details for the file govengine-0.16.8-py3-none-any.whl.

File metadata

  • Download URL: govengine-0.16.8-py3-none-any.whl
  • Upload date:
  • Size: 148.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for govengine-0.16.8-py3-none-any.whl
Algorithm Hash digest
SHA256 bfd5387ad707f55ff265c1a4c45d4b568cfcb903dc803f14f2c35846dd15a3f2
MD5 d56daaed75768b8257a2f45024839175
BLAKE2b-256 e90155faa15e7856cc1039cb198acf2a32ee9ea2c366241919d6363fe4c28d82

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page