A lightweight runtime framework for reliable, auditable, budget-aware, and permission-aware AI agents.
Project description
petfishFramework
A lightweight Python framework for reliable, auditable, budget-aware, and permission-aware AI agents.
Status: Alpha — API may change. Core runtime works; see Roadmap.
Quick Start (Zero Cost — No API Key)
pip install petfishframework
from petfishframework import Agent, ReAct
from petfishframework.tools.calculator import Calculator
from petfishframework.models.fake import FakeModel
# FakeModel — runs without any API key, perfect for testing
model = FakeModel.script_tool_then_answer(
tool_name="calculator",
tool_args={"expression": "17 * 23"},
final_answer="391",
)
agent = Agent(
model=model,
reasoning=ReAct(),
tools=(Calculator(),),
)
result = agent.run("What is 17 * 23?")
print(result.answer) # "391"
print(result.usage.total_tokens)
print(len(result.trajectory.steps), "steps")
Quick Start (Real LLM)
pip install "petfishframework[openai]"
from petfishframework import Agent, ReAct
from petfishframework.tools.calculator import Calculator
from petfishframework.models.openai import OpenAIModel
agent = Agent(
model=OpenAIModel(model="gpt-4o-mini"), # or model="openai:gpt-4o-mini"
reasoning=ReAct(),
tools=(Calculator(),),
)
result = agent.run("What is 17 * 23?")
print(result.answer) # "391"
Set OPENAI_API_KEY in .env or environment. Works with OpenAI-compatible APIs (SiliconFlow, etc.) via OPENAI_BASE_URL.
Budget Control (Runtime Hard Limits)
from petfishframework import Budget
# Budget is execution-scoped — pass to run() or session(), not Agent()
result = agent.run(
"Complex calculation task",
budget=Budget(max_tokens=1000, max_tool_calls=5, max_steps=10),
)
# Exceeding any limit raises BudgetExceeded
Permission Gate (Runtime Access Control)
from petfishframework.permissions.model import (
Decision, DecisionEffect, PermissionPolicy,
)
class DenyExpensiveTools:
"""Custom policy: deny tools tagged 'expensive'."""
def evaluate(self, subject, action, resource, context):
if "expensive" in resource.tags:
return Decision(effect=DecisionEffect.DENY, reason="too expensive")
return Decision(effect=DecisionEffect.ALLOW)
agent = Agent(
model=model,
reasoning=ReAct(),
tools=(Calculator(),),
permission_policy=DenyExpensiveTools(),
)
# Tool calls pass through the Environment chokepoint — denied calls never execute
Replay & Audit (Event-Sourced Sessions)
session = agent.session("What is 17 * 23?")
result = session.run()
# Every step is recorded — model calls, tool calls, permission decisions
for event in session.replay():
print(f"{event.type}: {event.data}")
# Events come from session.replay(), not from Result
# Result has: answer, usage, trajectory
# Session has: events, replay(), checkpoint()
MCP Client (External Tool Servers)
pip install "petfishframework[mcp]"
from petfishframework.mcp import connect_stdio
# Connect to a real MCP server
client = connect_stdio("npx", ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"])
tools = client.discover_tools() # 14 tools: read_file, write_file, list_directory...
agent = Agent(model=model, reasoning=ReAct(), tools=tuple(tools))
result = agent.run("List all files in /tmp")
Reliability Evaluation (Pass^k)
from petfishframework.reliability import pass_at_k_with_perturbations, exact_match
from petfishframework.core.types import Task
# Run same task 8 times — measure consistency
result = pass_at_k_with_perturbations(
session_factory=lambda task: agent.session(task),
task=Task(prompt="What is 17 * 23?"),
k=8,
)
print(result.summary())
# Pass@8 — PASS (100%)
# canonical: 8/8
# order_shuffled: 8/8
# paraphrase: 8/8
Core Concepts
| Concept | Role |
|---|---|
| Agent | Immutable recipe (model + reasoning + tools) |
| Session | Event-sourced execution (auditable, replayable) |
| Environment | Single chokepoint (all calls audited, budget-metered, permission-gated) |
| Budget | Hard execution limits (tokens, cost, steps, tool calls) |
| Permission | SARC access control with 6 DecisionEffects |
| Replay | AUDIT event log available; RERUN + RESUME planned |
| Pass^k | Reliability metric (k repetitions + perturbation suite) |
Features
- 3 reasoning strategies: ReAct, LATS (MCTS search), LLM+P (symbolic planning)
- 3 model adapters: OpenAI, Anthropic, FakeModel (deterministic testing)
- 3 routing axes: ToolRegistry (auto tool selection), Adaptive-RAG (retrieval), ReasoningStrategy
- MCP client: real stdio transport, tool discovery from external MCP servers
- Multi-agent: AgentAsTool (supervisor delegates to specialist agents)
- Structured output: JSON → dataclass (zero regex scoring)
- Conversation memory: cross-session recall via ConversationStore
- Async + streaming: dual sync/async interface
Documentation
- Usage Guide — full lifecycle, 18 sections
- API Reference — 989-line definitive reference
- Architecture — 5 core decisions
- Benchmark Results — 3-tier strategy
- Examples — quickstart, tools+retrieval, multi-agent
Enterprise PoC
See examples/05_enterprise_expense.py and tests/test_enterprise_demo.py for a complete enterprise expense approval scenario demonstrating all 6 DecisionEffects.
Run: python examples/05_enterprise_expense.py
YAML Policy Engine
Configure permissions via YAML instead of Python:
from petfishframework.policies import YamlPolicy
policy = YamlPolicy.from_file("examples/policies/enterprise-expense.yaml")
policy.register_tools(tools)
agent = Agent(model=model, reasoning=ReAct(), tools=tools, permission_policy=policy)
Supported conditions: action.tool_name, subject.role_in, subject.role_not_in, action.args.amount_gt/lt, tool.side_effect, tool.external_egress.
CredentialBroker
Tools never hold raw API keys — they receive scoped, time-limited tokens:
from petfishframework.credentials import CredentialBroker
broker = CredentialBroker()
broker.register_credential("github_tool", os.environ["GITHUB_TOKEN"])
agent = Agent(model=model, reasoning=ReAct(), tools=tools, credential_broker=broker)
# Tools with requires_credentials=True receive a ScopedToken (repr-safe, auto-expiring)
Roadmap
- v0.2.x: Core runtime, permission semantics, enterprise PoC, Trusted Publishing ✅
- v0.3.x (current): YAML Policy Engine, CredentialBroker ✅
- v0.4.x: Production hardening, deployment guides
Current Limitations
petfishFramework is Alpha. API may change before v1.0.
| Capability | Status |
|---|---|
| Zero-cost quickstart | ✅ Available |
| ReAct / Budget / Pass^k | ✅ Available |
| DENY permission gate | ✅ Enforced (pre-execution block) |
| REQUIRE_APPROVAL | ✅ Enforced (pre-execution block) |
| PARTIAL_ALLOW | ✅ Enforced (pre-execution arg filtering) |
| MASK | ✅ Enforced (input mask before + output mask after) |
| DEGRADE | ✅ Enforced (fallback tool switching) |
| Session replay | ✅ Audit replay available |
| Deterministic rerun / resume | 📋 Planned |
| MCP client stdio | ✅ Available |
| MCP server mode | 📋 Planned |
| Structured output / conversation memory | ✅ Available |
| YAML Policy Engine | ✅ Available |
| Credential Broker | ✅ Available |
| LATS / LLM+P | ⚠️ Lightweight implementations |
| CRAG / Adaptive-RAG | ⚠️ Lightweight reference implementations |
Development
git clone https://github.com/kylecui/petfishFramework.git
cd petfishFramework
uv sync --all-extras
uv run pytest # 284 tests
uv run ruff check src/ tests/
See CONTRIBUTING.md for details.
License
MIT — © 2026 Kyle Cui
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file petfishframework-0.3.3.tar.gz.
File metadata
- Download URL: petfishframework-0.3.3.tar.gz
- Upload date:
- Size: 394.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
16b6fc1aa0c6b49f957f970a8dd5e0dd6320d5af22a4321c831014ef7a319dd3
|
|
| MD5 |
b284b7bd86682a27bb437fccf8693b88
|
|
| BLAKE2b-256 |
5081031fd620d9ab5edb4e5605c6eaff66256a6c2d749102214dbeb233e92496
|
Provenance
The following attestation bundles were made for petfishframework-0.3.3.tar.gz:
Publisher:
publish.yml on kylecui/petfishFramework
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
petfishframework-0.3.3.tar.gz -
Subject digest:
16b6fc1aa0c6b49f957f970a8dd5e0dd6320d5af22a4321c831014ef7a319dd3 - Sigstore transparency entry: 2112500431
- Sigstore integration time:
-
Permalink:
kylecui/petfishFramework@6d8c05346c2b30e25451b5f9184c8260bd5a695f -
Branch / Tag:
refs/tags/v0.3.3 - Owner: https://github.com/kylecui
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@6d8c05346c2b30e25451b5f9184c8260bd5a695f -
Trigger Event:
push
-
Statement type:
File details
Details for the file petfishframework-0.3.3-py3-none-any.whl.
File metadata
- Download URL: petfishframework-0.3.3-py3-none-any.whl
- Upload date:
- Size: 90.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9db7226b8d94f76c900de4445107bf3eb5cacd0bacd9577552f5e6a616edbb71
|
|
| MD5 |
a9e088a7cfe894a1f4d89ad1990074fc
|
|
| BLAKE2b-256 |
7a422f3c54c247a28189edf793a5a60466d6305d8a96b29deb257ff398f87245
|
Provenance
The following attestation bundles were made for petfishframework-0.3.3-py3-none-any.whl:
Publisher:
publish.yml on kylecui/petfishFramework
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
petfishframework-0.3.3-py3-none-any.whl -
Subject digest:
9db7226b8d94f76c900de4445107bf3eb5cacd0bacd9577552f5e6a616edbb71 - Sigstore transparency entry: 2112500439
- Sigstore integration time:
-
Permalink:
kylecui/petfishFramework@6d8c05346c2b30e25451b5f9184c8260bd5a695f -
Branch / Tag:
refs/tags/v0.3.3 - Owner: https://github.com/kylecui
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@6d8c05346c2b30e25451b5f9184c8260bd5a695f -
Trigger Event:
push
-
Statement type: