Lightweight Security Contract Layer lifecycle artifacts, validation, and cryptographic integrity chain fixtures
Project description
SCLite
Lightweight Security Contract Layer for auditable AI/security contract lifecycles.
SCLite v0.2 separates what an agent wants, what policy allows, what was approved, what was executed, and what can be proven.
Status
- Version:
0.3.5 - Status: published 0.3.x scoped-ticket and receipt-bounded-evidence line
- Runtime execution: not included
- Protocol/carrier adapters: not included
- Integrity: canonical SHA-256 artifact descriptors + ordered hash-linked lifecycle manifest
- Identity/PKI: not included in core
SCLite v0.2 is a contract lifecycle, not an execution engine. Runtimes such as Ravenclaw can consume SCLite artifacts and enforce tickets, but executors, sandboxes, policy engines, raw evidence storage, agent loops, and carrier adapters stay outside this package.
Project sentence
SCLite separates what an agent wants, what policy allows, what was approved, what was executed, and what can be proven.
What problem does SCLite solve?
AI-assisted security workflows often blur separate authority boundaries:
- a model proposes intent;
- policy/scope decides whether the request may proceed;
- code prepares a concrete execution shape;
- an auditor/reviewer approves or rejects that shape;
- a runtime executes or dry-runs under bounds;
- evidence is summarized for review.
SCLite turns those steps into small schema-backed JSON artifacts and verifies their integrity locally. A reviewer can check the public-safe bundle without running live targets or reading private logs.
v0.2 canonical lifecycle
intent_contract -> policy_decision -> execution_contract -> execution_ticket -> execution_receipt -> evidence_contract -> artifact_chain_manifest
Current v0.2 artifacts:
| Artifact | Purpose |
|---|---|
IntentContract |
Captures what an agent/caller wants before authority exists. |
PolicyDecision v0.2 |
Captures allow/deny/review policy outcome bound to intent. |
ExecutionContract |
Captures the exact bounded execution shape prepared for review. |
ExecutionTicket |
Captures approval for one exact execution contract under explicit bounds and validity. |
ExecutionReceipt v0.2 |
Captures what an external runtime reports as executed or dry-run. |
EvidenceContract |
Captures public-safe claims, non-claims, replay, verification, and evidence links. |
ArtifactChainManifest |
Ordered tamper-evident hash chain over lifecycle artifacts. |
Verify the lifecycle fixture:
sclite validate-chain sclite/examples/contract-lifecycle-v0.2/artifact_chain_manifest.json
sclite verify-lifecycle sclite/examples/contract-lifecycle-v0.2/artifact_chain_manifest.json
verify-lifecycle uses the same underlying verifier as validate-chain; the command name exists because it describes the v0.2 review action more clearly.
What the verifier checks
The v0.2 verifier checks more than raw hashes:
- manifest paths cannot escape the artifact root;
- artifact descriptors match canonical SHA-256 digests;
- hash-chain links and root digest recompute correctly;
- lifecycle artifacts appear in the canonical order;
- policy binds the correct intent digest;
- ticket binds the correct execution contract digest;
- receipt binds the correct execution ticket digest;
- evidence contract binds the correct receipt digest.
What SCLite is
SCLite core is limited to:
define / validate / hash / bind / redact / verify
Roadmap direction: scoped tickets should bound what a runtime may consume, and receipts should bound what public-safe evidence may claim. See ROADMAP.md.
It provides:
- JSON schemas for lifecycle and compatibility artifacts;
- deterministic artifact hashing helpers;
- v0.2 lifecycle/chain verification;
- scoped-ticket review helpers (
validate-ticket,explain-ticket); - ticket-use / receipt-bounded-evidence checks (
verify-ticket-use); - redaction/public-snapshot helper artifacts;
- a CLI for local validation and review fixtures;
- legacy v0.1 compatibility fixtures and schemas.
What SCLite is not
SCLite is not:
- a security scanner;
- an executor;
- a sandbox;
- a full policy engine;
- an approval authority by itself;
- an agent loop;
- a tool wrapper package for
nmap,ffuf, etc.; - an MCP/OpenClaw/A2A protocol replacement;
- a proof of legal authorization;
- a proof of live vulnerability evidence;
- a proof of signer identity or PKI trust;
- a tamper-proof transparency log.
Legacy v0.1 compatibility
The older public-safe v0.1 proof trace remains supported:
scope/input -> policy decision -> prepared execution spec -> approved execution spec -> dry-run execution receipt -> evidence summary
v0.1 compatibility artifacts remain available for existing integrations, including Ravenclaw public proof fixtures. New lifecycle work should use the v0.2 model.
See SPEC.md for the canonical model, artifact definitions, integrity chain, compatibility notes, and explicit security boundaries.
Project docs
ROADMAP.md— planned accountability-layer evolution using PEP 440-compatible milestone labels.PUBLIC_STATUS.md— current maturity and non-claims.VALIDATION.md— local validation and build gates.PUBLICATION_CHECKLIST.md— release/publication checklist.CHANGELOG.md— notable package changes.CONTRIBUTING.md— contribution and boundary rules.SECURITY.md— security reporting and fixture-safety policy.
Installation
Install from PyPI:
pip install sclite-core
Install directly from GitHub:
pip install git+https://github.com/rozmiarD/SCLite.git
From a local checkout:
python -m venv .venv
. .venv/bin/activate
python -m pip install -e '.[dev]'
Runtime dependencies are intentionally empty. The dev extra installs pytest for local tests.
CLI quickstart
Validate the v0.2 lifecycle chain:
sclite validate-chain sclite/examples/contract-lifecycle-v0.2/artifact_chain_manifest.json
sclite verify-lifecycle sclite/examples/contract-lifecycle-v0.2/artifact_chain_manifest.json
Validate and explain the v0.3 scoped-ticket fixture:
sclite validate-ticket \
sclite/examples/scoped-ticket-v0.3/execution_ticket.json \
--contract sclite/examples/scoped-ticket-v0.3/execution_contract.json
sclite explain-ticket sclite/examples/scoped-ticket-v0.3/execution_ticket.json
sclite verify-ticket-use \
sclite/examples/scoped-ticket-v0.3/execution_ticket.json \
--contract sclite/examples/scoped-ticket-v0.3/execution_contract.json \
--receipt sclite/examples/scoped-ticket-v0.3/execution_receipt.json \
--evidence-contract sclite/examples/scoped-ticket-v0.3/evidence_contract.json
Validate the legacy public-safe proof fixture:
sclite validate examples/security-contract-proof
Validate one artifact against a schema:
sclite validate-artifact \
--schema prepared_execution_spec.v0.1 \
examples/prepared-execution-spec/prepared_execution_spec.json
Use strict Draft 2020-12 validation with the optional jsonschema extra:
pip install 'sclite-core[jsonschema]'
sclite validate-artifact \
--strict-jsonschema \
--schema prepared_execution_spec.v0.1 \
examples/prepared-execution-spec/prepared_execution_spec.json
Hash one artifact with deterministic SCLite canonical JSON + SHA-256:
sclite hash-artifact \
--schema approved_execution_spec.v0.1 \
examples/security-contract-proof/approved_execution_spec.json
Generate a Scope Fidelity report from the approved spec fixture:
sclite scope-fidelity \
--approved-spec examples/security-contract-proof/approved_execution_spec.json \
--fail-on review
Emit a validation receipt for the proof fixture:
sclite validation-receipt examples/security-contract-proof
Run tests:
python -m pytest -q
Python usage
Verify a v0.2 lifecycle manifest:
from sclite.integrity import verify_artifact_chain_manifest
# Load artifact_chain_manifest.json as a dict and verify it against a local root.
result = verify_artifact_chain_manifest(manifest, root=fixture_dir)
assert result["status"] == "passed"
Review scoped-ticket / receipt-bounded-evidence fixtures:
from sclite.tickets import validate_ticket_semantics, verify_ticket_use
checks = validate_ticket_semantics(ticket, execution_contract)
assert "ticket_scope_matches_execution_contract" in checks
result = verify_ticket_use(ticket, execution_contract, execution_receipt, evidence_contract)
assert "evidence_claims_bounded_by_receipt" in result["checks"]
Repository layout
sclite/ Python package
sclite/schemas/ Packaged schemas
sclite/examples/contract-lifecycle-v0.2/
examples/security-contract-proof/ Legacy v0.1 public-safe proof fixture
schemas/ Source schema copies
SPEC.md v0.2 draft specification
CHANGELOG.md Release notes
License
MIT. See LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sclite_core-0.3.5.tar.gz.
File metadata
- Download URL: sclite_core-0.3.5.tar.gz
- Upload date:
- Size: 59.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fe8a9ad4cb68d29f21978415f95830bfb8f31ead53bc50812e19376a1366a847
|
|
| MD5 |
d8000ca7027cb02e461fa7698a90281b
|
|
| BLAKE2b-256 |
4274b597e03e1d1732ce1ef29ad2cfcec23aff4f51f094bfaccbe9d8634d99cb
|
File details
Details for the file sclite_core-0.3.5-py3-none-any.whl.
File metadata
- Download URL: sclite_core-0.3.5-py3-none-any.whl
- Upload date:
- Size: 79.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
289179e1a54e8c1518c5baf5b6e7fbdd2962a55b50100314d3b775576bc07349
|
|
| MD5 |
8c9f87279ba3c9a2444362008331c0b2
|
|
| BLAKE2b-256 |
fc73f9b9e0174212feda5da96470985655c8214b723fbbec67efb358acc6ba05
|
