Pre-Edit Benefit-Risk Assessment for coding agents — a deterministic, hexagonal decision controller.
Project description
PEBRA
PEBRA is a Pre-Edit Benefit-Risk Assessment controller for coding agents.
It evaluates a proposed code edit before the agent applies it, returns a deterministic decision and math packet, verifies the actual post-edit diff against the approved envelope, records outcomes, and uses measured calibration data to promote learned facts for future assessments.
Current Capabilities
- Pre-edit
assesswith expected loss, expected utility, RAU, edit confidence, and ordered gates. - Post-edit
verifyagainst the approved safe scope and required checks. - Candidate-bound pre-edit enforcement: an impactful host edit must produce the same normalized file contents as the patch that was assessed; same repository/HEAD/path alone is not sufficient.
- Outcome recording, shadow learning, promotion, scorecards, and learned-fact reapplication.
- Read-only local Risk Observatory dashboard for assessment, calibration, learning, and graph state.
- Explicit graph-engine setup and diagnostics through
pebra setup-graphandpebra doctor. - CodeGraph-backed evidence:
- per-symbol fan-in;
- DELETE file fan-in roll-up;
- MODIFY graph-wide blast over callers/references/implementers/subclasses;
- contract-surface metadata for interface/base-class edits;
- containing class/namespace/module hierarchy roll-up;
- file metadata / parse-error confidence penalties;
- bounded revised-candidate refinement: cheap deterministic ranking first, then one materialized
before/after graph by default. Structural continuity adjusts only the exact owner-scoped risk
event; RAU remains authoritative. Set
PEBRA_GRAPH_REFINEMENT=0to disable this path.
- Benchmark harnesses for math-oracle validation and deterministic learning-loop wiring proof.
- True CLI-boundary e2e lanes, including a gated external C# repo lane.
Install For Development
python -m venv .venv
.\.venv\Scripts\python.exe -m pip install --upgrade pip
.\.venv\Scripts\python.exe -m pip install -e .
The graph engine is explicit, not a pip dependency:
pebra setup-graph --fix
pebra doctor
assess never silently installs external binaries.
The benefit signal (multi-language complexity + maintainability index) is likewise an explicit
external binary — rust-code-analysis (MPL-2.0),
invoked as a subprocess. Build it from git (crates.io's release does not compile against current
tree-sitter):
cargo install --git https://github.com/mozilla/rust-code-analysis `
--rev 37e5d83c056c8cbf827223d5814a93c5218df1a9 rust-code-analysis-cli
Point PEBRA at it via PEBRA_RCA_BIN or ensure it is on PATH. PEBRA accepts runtime version
0.0.25 when Cargo install metadata identifies the pinned source revision. For a copied or packaged
binary without Cargo metadata, set PEBRA_RCA_SHA256 to its expected lowercase SHA-256. Live experiment
metadata records the executable SHA-256 and refuses to resume a run with a different fingerprint.
Cargo metadata is install provenance, not tamper-proof byte attestation. For copied binaries, shared
machines, or any environment where local binary replacement is in scope, set PEBRA_RCA_SHA256; an
explicit hash is authoritative and a mismatch disables RCA benefit evidence even when Cargo metadata
matches.
When absent or version-mismatched, benefit evidence fails
safe to projected (no maintainability credit) — it never blocks an assessment and never affects risk.
Supported languages: Python, JavaScript/JSX, TypeScript/TSX, Java, Rust, C/C++.
Basic Workflow
assess proposed edit -> agent decides -> apply edit -> verify actual diff ->
finalize trusted outcome -> future assess uses promoted learned snapshot
Example command surface:
pebra assess request.json --json
pebra verify --assessment-id <assessment_id> --json
pebra record-outcome --assessment-id <assessment_id> --status completed --detail '{"actual_success": true}'
pebra learn --assessment-id <assessment_id>
pebra promote --repo-root <repo_root>
# Preferred host path: one idempotent record + measure + gated-promotion operation.
pebra finalize-outcome --trusted-outcome-file outcome.json --repo-root <repo_root> --json
pebra scorecard --repo-root <repo_root>
pebra dashboard --port 4500 --open
pebra capabilities --repo-root <repo_root>
outcome.json contains assessment_id, terminal status, and an optional detail object. The
finalize-outcome command is host-only: MCP outcome reports are retained for lifecycle telemetry but
their self-reported learning labels are censored. The legacy three-command sequence remains available
for diagnosis and manual operation.
Agent Enforcement
Install the repository protocol for either host. Add --with-hook when you want pre-edit interception,
not only instructions:
pebra agent-init --target claude --repo-root . --with-hook
pebra agent-init --target codex --repo-root . --with-hook
pebra capabilities --repo-root .
The guarantees are deliberately different:
| Host surface | Reported mode | Guarantee |
|---|---|---|
| Claude Code PreToolUse hook | configured_enforcing |
Exact enabled hook config, matching gate capability handshake, graph, and Git HEAD were observed. Candidate-bound checks deny or ask before supported structured edits; this does not prove the host invoked every event. |
| Codex repo-local hook | best_effort |
Candidate-bound gate logic is installed, but repo-local hook loading remains host-dependent. |
| MCP tools | advisory_only |
Assess/verify tools are available, but MCP alone does not intercept another host's writes. |
If graph or Git HEAD evidence is unavailable, an installed gate remains fail-open by policy and
capabilities reports degraded_fail_open. The Claude hook also emits the degradation warning as a
non-blocking system message. Repository-local and user-level disableAllHooks settings also degrade
the reported posture. This is observable configuration, not proof that a host or managed policy invoked
every event.
trusted_actor_required is a protocol boundary, not OS-level identity authentication. PEBRA does
not expose risk acceptance through MCP, and interactive acceptance requires a terminal. A process
with arbitrary shell access under the same OS account can still invoke local trusted-host surfaces
or simulate a terminal. Use a separately privileged host or operator account when resistance to an
adversarial agent is required.
For a candidate that changes multiple files, enforcement requires one complete apply_patch event containing
the complete assessed candidate. Structured single-file edits must be assessed as separate single-file
candidates; one file cannot reuse approval for part of a multi-file candidate.
The dashboard is read-only. On a loopback bind (localhost, 127.0.0.1, ::1) the default is
token-free for local convenience; --auth token forces a bearer token when you want the old locked
path. Any non-loopback bind requires a token.
# normal local browser UX
pebra dashboard --port 4500 --open
# venv-safe form if the `pebra` console script is not on PATH yet
python -m pebra dashboard --port 4500 --open
# force bearer auth even on loopback
pebra dashboard --port 4500 --auth token
# expose beyond loopback only with a token
pebra dashboard --host 0.0.0.0 --port 4500 --auth token
It exposes five browser views: overview, score history, calibration, learned facts, and CodeGraph hotspots. Graph views are fail-soft when no trusted graph index is bound to the launched repo, and graph routes are repo-scoped to avoid replaying one repo's graph under another repo id.
Validation
.\.venv\Scripts\nox.exe -s tests lint e2e-fast
Dashboard/e2e lanes:
.\.venv\Scripts\python.exe -m pytest tests/integration/test_dashboard_server.py tests/integration/test_dashboard_cli.py -q
.\.venv\Scripts\python.exe -m pytest e2e/features/dashboard/test_dashboard_metrics_visual.py -q
.\.venv\Scripts\nox.exe -s e2e-learning
.\.venv\Scripts\nox.exe -s e2e-ui
External real-repo graph lane:
$env:E2E_EXTERNAL='1'
$env:E2E_TEMPLATE_BLUEPRINT_REPO='C:\Users\RajLord_new\Desktop\avalonia_template'
.\.venv\Scripts\nox.exe -s e2e-external
Benchmark lanes:
.\.venv\Scripts\nox.exe -s bench-math
.\.venv\Scripts\nox.exe -s bench-flow
More Docs
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pebra-0.1.0.tar.gz.
File metadata
- Download URL: pebra-0.1.0.tar.gz
- Upload date:
- Size: 353.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2014e0e1960e54d51726c0ca4481d8b04d13b607095efa24dcf4314b83ff21a6
|
|
| MD5 |
8b012721af848d2b60c4c89437fa3533
|
|
| BLAKE2b-256 |
4bf2030277be3c21f2acb60cf0943371c1778c557b6cf384d774fedd6e0312d0
|
Provenance
The following attestation bundles were made for pebra-0.1.0.tar.gz:
Publisher:
release.yml on Rajioba1/pebra
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pebra-0.1.0.tar.gz -
Subject digest:
2014e0e1960e54d51726c0ca4481d8b04d13b607095efa24dcf4314b83ff21a6 - Sigstore transparency entry: 2193500130
- Sigstore integration time:
-
Permalink:
Rajioba1/pebra@f16eb8073d6c80eaf748bf3e99d00762798aba1d -
Branch / Tag:
refs/heads/main - Owner: https://github.com/Rajioba1
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@f16eb8073d6c80eaf748bf3e99d00762798aba1d -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file pebra-0.1.0-py3-none-any.whl.
File metadata
- Download URL: pebra-0.1.0-py3-none-any.whl
- Upload date:
- Size: 399.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d6f2ee3a84d7ba77d29e4c822f167ffd213d73a6d348b1dcc5c64ff55715b09b
|
|
| MD5 |
4e504d9d39e60e2e9b6ffb30e61709d5
|
|
| BLAKE2b-256 |
b921d57c5e31bc4b20c59a75b224b248ba885ca36e7df7bcf22eef612916da1c
|
Provenance
The following attestation bundles were made for pebra-0.1.0-py3-none-any.whl:
Publisher:
release.yml on Rajioba1/pebra
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pebra-0.1.0-py3-none-any.whl -
Subject digest:
d6f2ee3a84d7ba77d29e4c822f167ffd213d73a6d348b1dcc5c64ff55715b09b - Sigstore transparency entry: 2193500132
- Sigstore integration time:
-
Permalink:
Rajioba1/pebra@f16eb8073d6c80eaf748bf3e99d00762798aba1d -
Branch / Tag:
refs/heads/main - Owner: https://github.com/Rajioba1
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@f16eb8073d6c80eaf748bf3e99d00762798aba1d -
Trigger Event:
workflow_dispatch
-
Statement type: