Skip to main content

Governed, deterministic AI backend workflow framework

Project description

governai

PyPI version Python CI

governai is a developer-facing Python framework for building governed AI backends with deterministic execution.

It is designed for teams that need explicit control over what runs next, what is allowed, what needs approval, and what happened during execution.

What It Solves

  • Typed tool contracts (Python and CLI tools) with strict input/output validation.
  • Deterministic workflow chaining with strict, rule-based, or bounded transitions.
  • Runtime-enforced control flow (not prompt-enforced).
  • Policy checks before execution.
  • Approval interruptions before risky actions.
  • Full audit event streams for run lifecycle, transitions, policies, approvals, tools, and agents.
  • Governed multi-agent workflows where agents are bounded executors inside the same runtime kernel.

What It Intentionally Does Not Do (MVP)

  • SaaS control plane
  • visual builder UI
  • distributed orchestration
  • Temporal integration
  • managed control-plane persistence
  • auth/RBAC
  • background scheduling
  • autonomous free-form swarms

Install

Requires Python 3.12+.

Install from PyPI:

pip install governai

Install with sandbox worker dependencies:

pip install "governai[sandbox]"

Install with Redis-backed run and interrupt persistence:

pip install "governai[redis]"

Install directly from GitHub:

pip install "governai @ git+https://github.com/rrrozhd/governai.git@main"

Local editable install for development:

pip install -e .[dev]

Local editable install with sandbox service support:

pip install -e .[dev,sandbox]

Local editable install with Redis support:

pip install -e .[dev,redis]

Quickstart

from pydantic import BaseModel
from governai import Workflow, step, tool

class In(BaseModel):
    value: int

class Mid(BaseModel):
    value: int

class Out(BaseModel):
    value: int

@tool(name="add_one", input_model=In, output_model=Mid)
async def add_one(ctx, data: In) -> Mid:
    return Mid(value=data.value + 1)

@tool(name="double", input_model=Mid, output_model=Out)
async def double(ctx, data: Mid) -> Out:
    return Out(value=data.value * 2)

class MyFlow(Workflow[In, Out]):
    first = step("first", tool=add_one).then("second")
    second = step("second", tool=double).then_end()

# await MyFlow().run(In(value=2))

Thread-native execution is additive. If you omit thread_id, behavior stays exactly the same as before and the run uses its generated run_id as the thread identity.

state = await MyFlow().run(In(value=2), thread_id="thread-123")
latest = await MyFlow().get_latest_run_state("thread-123")
history = await MyFlow().list_thread_runs("thread-123")

Core Concepts

  • Tools: typed executable units (@tool or Tool.from_cli(...)).
  • Skills: named tool bundles.
  • Workflows: explicit step graph with runtime-enforced transitions.
  • Policies: allow/deny checks before execution.
  • Approvals: interruption/resume gates for risky actions.
  • Audit events: structured, in-memory event stream for inspection and tests.
  • Agents: bounded role executors with allowlisted tools/handoffs, executed as workflow steps.

Tools vs LLM Tool Calling

Tool in governai means "typed executable unit", not "LLM-only function".

  • A tool can run as a normal deterministic workflow step (step(..., tool=...)).
  • A tool can also be exposed to an LLM/agent (for example through AgentExecutionContext.use_tool(...)).
  • LLM usage is optional. Governance (validation, policies, approvals, audit) still applies either way.

This separation is intentional:

  • tools define what can execute
  • transitions define what can run next
  • agent/LLM logic only decides content or proposals inside those runtime bounds

Deterministic Tool Chaining

In governai, chaining is encoded in workflow transitions (then, branch, route_to) and enforced by the runtime.

Control flow is not decided by prompts. The model/tool logic decides content; runtime decides next step; policy decides permission; approval decides whether risky actions can proceed.

Governed App Layer

You can define flows declaratively using GovernedFlowSpec and compile them with governed_flow(...).

from governai import GovernedFlowSpec, GovernedStepSpec, governed_flow, then, end

spec = GovernedFlowSpec(
    name="minimal",
    steps=[
        GovernedStepSpec(name="first", tool=add_one, transition=then("second")),
        GovernedStepSpec(name="second", tool=double, transition=end()),
    ],
)

flow = governed_flow(spec)
# await flow.run(In(value=2))

Core additions in this layer:

  • transport-agnostic execution backends (AsyncBackend, ThreadPoolBackend, ProcessPoolBackend)
  • persistence abstractions (RunStore, InMemoryRunStore, RedisRunStore)
  • interrupt contracts and manager (InterruptManager, InterruptStore, InMemoryInterruptStore, RedisInterruptStore)
  • generic integration helpers (GovernedHTTPClient, provider error normalization)

Thread-Native Runs And Durable Interrupts

GovernAI now supports caller-supplied thread identity and thread-aware resume helpers without breaking existing run_id flows.

  • await flow.run(data, thread_id="thread-123")
  • await flow.get_latest_run_state("thread-123")
  • await flow.resume_latest("thread-123", payload)
  • await flow.list_thread_runs("thread-123")

Built-in stores now also support:

  • active/latest run lookup by thread in InMemoryRunStore and RedisRunStore
  • durable interrupt persistence in InMemoryInterruptStore and RedisInterruptStore
  • audit events that carry thread_id as a top-level field

Minimal threaded resume example:

from governai import ApprovalDecision, ApprovalDecisionType

state = await flow.run(payload, thread_id="thread-123")
latest = await flow.get_latest_run_state("thread-123")

if latest.pending_approval:
    latest = await flow.resume_latest(
        "thread-123",
        ApprovalDecision(
            decision=ApprovalDecisionType.APPROVE,
            decided_by="alice",
        ),
    )

Reference material:

Contained Execution

GovernAI now supports two runtime containment modes:

  • local_dev: default. Tools and agents execute on the host machine.
  • strict_remote: control plane stays local, but governed execution must go through a remote sandbox.

Placement is configured per tool or agent:

  • execution_placement="local_only": may only run on the host
  • execution_placement="remote_only": must run through the remote adapter
  • execution_placement="local_or_remote": local in local_dev, remote in strict_remote

In strict_remote:

  • local_only executors are rejected at workflow construction time
  • nested agent tool calls stay governed by the local runtime
  • policies, approvals, audit, transitions, and run state remain local
  • CLI containment only exists when the CLI tool is routed through the sandbox

Minimal control-plane setup:

from governai import HTTPSandboxExecutionAdapter

flow = MyFlow(
    containment_mode="strict_remote",
    remote_execution_adapter=HTTPSandboxExecutionAdapter(
        base_url="https://sandbox.internal",
        bearer_token="replace-me",
    ),
)

Worker-side setup:

from governai import AgentRegistry, ToolRegistry, create_sandbox_app

app = create_sandbox_app(
    tool_registry=ToolRegistry(),
    agent_registry=AgentRegistry(),
    bearer_token="replace-me",
)

Reference material:

Config And DSL Frontends

governai now supports additive frontends for workflow authoring:

  • Config compiler: define FlowConfigV1 in YAML/JSON and compile with governed_flow_from_config(...).
  • Agent-specific DSL: write text DSL, parse/compile with parse_dsl(...), dsl_to_flow_config(...), or governed_flow_from_dsl(...).

Both frontends compile into the same governed runtime model and preserve deterministic transitions and policy/approval enforcement.

from governai import AgentRegistry, ToolRegistry, governed_flow_from_config

tools = ToolRegistry()  # register tools before compile
flow = governed_flow_from_config(
    "examples/config/support_flow.yaml",
    tool_registry=tools,
    agent_registry=AgentRegistry(),
)
from governai import AgentRegistry, ToolRegistry, governed_flow_from_dsl

dsl_text = '''
flow demo {
  step first: tool support.validate -> end;
}
'''
tools = ToolRegistry()  # register tools before compile
flow = governed_flow_from_dsl(
    dsl_text,
    tool_registry=tools,
    agent_registry=AgentRegistry(),
)

Documentation

Example App

Run:

python examples/support_flow.py

Config/DSL equivalent run:

python examples/support_flow_from_definitions.py

Strict remote sandbox example:

python examples/strict_remote_sandbox.py

This demonstrates:

  • validate input
  • fetch customer
  • draft response via CLI tool
  • approval interruption before send
  • resume after approval
  • audit trail output

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

governai-0.2.2.tar.gz (78.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

governai-0.2.2-py3-none-any.whl (77.7 kB view details)

Uploaded Python 3

File details

Details for the file governai-0.2.2.tar.gz.

File metadata

  • Download URL: governai-0.2.2.tar.gz
  • Upload date:
  • Size: 78.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for governai-0.2.2.tar.gz
Algorithm Hash digest
SHA256 06b22d48ccea142661287e8c711a636658b02999a25dc9f9e47547a88c3bdeba
MD5 78bae4915bdaafebeb94b6db9ee1ddd7
BLAKE2b-256 8efcdf88d0088901a491f3097b6f6b01d1e9d2d25427c376de0ebaa615804779

See more details on using hashes here.

File details

Details for the file governai-0.2.2-py3-none-any.whl.

File metadata

  • Download URL: governai-0.2.2-py3-none-any.whl
  • Upload date:
  • Size: 77.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for governai-0.2.2-py3-none-any.whl
Algorithm Hash digest
SHA256 dd05d3a95713e407d0010338f36cf1233a329a49f53d193ece45f00022604303
MD5 460b8df160c6bc9afba6aab8991f86e1
BLAKE2b-256 5d6339b7705df7200a772769a1b183c6fc471e234f0b61e206911ea71ee6457a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page