Skip to main content

Lightweight Security Contract Layer lifecycle artifacts, validation, and cryptographic integrity chain fixtures

Project description

SCLite

CI: pytest Package: sclite-core 1.0.8 Python: 3.11+ Contracts: JSON Schema License: MIT

Lightweight Security Contract Layer for auditable operation lifecycles.

SCLite's canonical lifecycle separates what an agent or caller wants, what policy allows, what was approved, what was executed, and what can be proven. It is the stack truth layer: it defines, validates, hashes, binds, redacts, reviews, and verifies artifacts without becoming a runtime, scheduler, governance authority, domain profile, PKI authority, or raw-evidence store.

Status

  • Version: 1.0.8
  • Status: published 1.0 source and PyPI stable line: frozen lifecycle/review and guarded verification surface
  • Latest published PyPI package: sclite-core==1.0.8
  • Runtime execution: out of scope; owned by RExecOp or another host runtime
  • Protocol/carrier adapters: out of scope; owned by host/runtime integrations
  • Integrity: canonical SHA-256 artifact descriptors + ordered hash-linked lifecycle manifest
  • Identity/PKI: out of scope for core; owned by the host/governance trust domain

SCLite's core is a contract/review lifecycle, not an execution engine. Runtimes such as RExecOp can consume SCLite artifacts and enforce tickets, but executors, sandboxes, policy engines, raw evidence storage, agent loops, and carrier adapters stay outside this package.

Project sentence

SCLite separates what an agent wants, what policy allows, what was approved, what was executed, and what can be proven.

Stack position

Layer Ownership
SCLite truth, contracts, evidence metadata, receipts, review bundles, digest binding, validation
GovEngine governance, admission, policy decisions, obligations, constraints, enforcement planning
RExecOp domain-neutral lifecycle runner, execution mechanics, connectors, reactions, scheduling, event intake
Tecrax and other profiles domain semantics, intent catalogs, workflow definitions, finding taxonomy, runbooks

Detailed package/surface history lives in ROADMAP.md and docs/ARTIFACTS.md. Schema-version compatibility lives in docs/SCHEMA_COMPATIBILITY.md.

What problem does SCLite solve?

AI-assisted security workflows often blur separate authority boundaries:

  1. a model proposes intent;
  2. policy/scope decides whether the request may proceed;
  3. code prepares a concrete execution shape;
  4. an auditor/reviewer approves or rejects that shape;
  5. a runtime executes or dry-runs under bounds;
  6. evidence is summarized for review.

SCLite turns those steps into small schema-backed JSON artifacts and verifies their integrity locally. A reviewer can check the public-safe bundle without running live targets or reading private logs.

The canonical lifecycle keeps each authority boundary visible:

flowchart LR
    A[intent_contract] --> B[policy_decision]
    B --> C[execution_contract]
    C --> D[execution_ticket]
    D --> E[execution_receipt]
    E --> F[evidence_contract]
    F --> G[artifact_chain_manifest]

v0.2 canonical lifecycle

intent_contract -> policy_decision -> execution_contract -> execution_ticket -> execution_receipt -> evidence_contract -> artifact_chain_manifest

Current v0.2 artifacts:

Artifact Purpose
IntentContract Captures what an agent/caller wants before authority exists.
PolicyDecision v0.2 Captures allow/deny/review policy outcome bound to intent.
ExecutionContract Captures the exact bounded execution shape prepared for review.
ExecutionTicket Captures approval for one exact execution contract under explicit bounds and validity.
ExecutionReceipt v0.2 Captures what an external runtime reports as executed or dry-run.
EvidenceContract Captures public-safe claims, non-claims, replay, verification, and evidence links.
ArtifactChainManifest Ordered tamper-evident hash chain over lifecycle artifacts.

Verify the lifecycle fixture:

sclite validate-chain sclite/examples/contract-lifecycle-v0.2/artifact_chain_manifest.json
sclite verify-lifecycle sclite/examples/contract-lifecycle-v0.2/artifact_chain_manifest.json

validate-chain verifies the ordered hash-chain. verify-lifecycle applies the lifecycle gate on top and requires the exact canonical v0.2 role sequence with no extra roles, duplicate roles, or changed order.

The summary output intentionally distinguishes these postures:

  • validate-chain ... reports posture=integrity_only and lifecycle_not_checked;
  • verify-lifecycle ... and validate-chain --strict-lifecycle ... report posture=strict_lifecycle after lifecycle semantics pass.

What the verifiers check

The v0.2 validate-chain verifier checks local chain integrity:

  • manifest paths cannot escape the artifact root;
  • artifact descriptors match canonical SHA-256 digests;
  • hash-chain links and root digest recompute correctly.

verify-lifecycle and validate-chain --strict-lifecycle add strict lifecycle semantics:

  • lifecycle artifacts must appear in the canonical order;
  • no extra roles, duplicate roles, or reordered lifecycle roles are accepted;
  • policy, execution contract, ticket, receipt, and evidence digest links are checked across the lifecycle.
  • policy binds the correct intent digest;
  • ticket binds the correct execution contract digest;
  • receipt binds the correct execution ticket and execution contract digests;
  • evidence contract binds the correct receipt and execution ticket digests.
  • each canonical lifecycle role carries the expected artifact type, schema_version, and packaged schema_ref for strict/secure profiles.

Loose validate-chain keeps compatibility for generic hash-chain manifests. It may report duplicate, missing, or extra lifecycle roles in JSON, but those role-shape findings become fail-closed only when strict lifecycle is requested.

JSON Schema validation modes

SCLite has two validation modes:

Mode Dependency Intended use Boundary
dependency-free subset validator none fast/offline local checks and minimal installs only supports the keyword subset SCLite implements directly
strict Draft 2020-12 validator optional jsonschema extra CI, release gates, and reviewer validation uses jsonschema.Draft202012Validator

The default CLI path preserves the zero-runtime-dependency package. Release and CI validation must also run strict mode through scripts/strict_schema_gate.sh. See SCLite Validation for the supported keyword table and strict-mode commands.

What SCLite is

SCLite core is limited to:

define / validate / hash / bind / redact / review / verify

The review-bundle shape first published on the 0.5.x line remains part of the current lifecycle/review front door: it packages lifecycle artifacts, review records, and verification receipts for local public-safe review. The scoped-ticket surface still bounds what a runtime may consume, and verify-ticket-use checks that public-safe evidence stays inside the linked receipt. Review records and guarded secure-bundle verification now consume that same static ticket-use check when v0.3 ticket, receipt, and evidence artifacts are present. See ROADMAP.md.

It provides:

  • JSON schemas for current lifecycle, review, profile, and publication-hygiene artifacts;
  • deterministic artifact hashing helpers;
  • v0.2 lifecycle/chain verification;
  • scoped-ticket review helpers (validate-ticket, explain-ticket);
  • ticket-use / receipt-bounded-evidence checks (verify-ticket-use);
  • digest-bound trust/carrier profile reference checks (validate-trust-profile, validate-carrier-profile);
  • lifecycle review records and Scope Fidelity v0.2 checks (review-lifecycle);
  • canonical review-bundle validation and Markdown export (review, export-review-bundle);
  • redaction/public-snapshot helper artifacts;
  • a CLI for local validation and review fixtures.

The package stays centered on local validation, review, profile references, and integrity checks:

flowchart TB
    CLI[CLI] --> Validation[validation]
    CLI --> ReviewBundles[review bundles]
    CLI --> Profiles[profiles]
    Validation --> Schemas[schemas]
    Validation --> Artifacts[artifacts]
    Artifacts --> Integrity[integrity chain]
    Artifacts --> Tickets[tickets]
    ReviewBundles --> Integrity
    ReviewBundles --> ScopeFidelity[scope fidelity]
    ReviewBundles --> Profiles
    Profiles --> Integrity

Out of Scope

SCLite intentionally does not own:

Capability Owner
Execution, subprocess handling, connectors, scheduler/event intake, reaction loop RExecOp or another host runtime
Governance, admission, policy decisions, obligations, constraints, human sign-off gates GovEngine
Infrastructure/security/business semantics, findings, runbooks, target taxonomy Tecrax, Ravenclaw, or another domain profile
Raw evidence storage, secret storage, replay store, operational logs Host/operator infrastructure
Signer identity, PKI trust, KMS, transparency log guarantees Host/governance trust domain
Legal authorization or proof of live vulnerability evidence Operator/governance process

Execution, raw evidence storage, and concrete trust verification belong to the host runtime. Governance and admission belong to GovEngine:

flowchart LR
    Runtime[RExecOp or another host runtime] --> Governance[GovEngine governance]
    Governance --> Runtime
    Runtime --> Artifacts[SCLite artifacts]
    Artifacts --> SCLite[SCLite validate hash bind review]
    SCLite --> Record[review record or receipt]
    Record --> Runtime

    Runtime --> Execute[execute tools]
    Runtime --> Authorize[decide authorization]
    Runtime --> Evidence[store raw evidence]
    Runtime --> Trust[verify PKI or signer trust]

    SCLite -. does not .-> Execute
    SCLite -. does not .-> Authorize
    SCLite -. does not .-> Evidence
    SCLite -. does not .-> Trust

Retired proof-trace path

The older public-safe proof trace was a migration source during alpha development. It is out of scope for the installed/current SCLite surface. Ravenclaw moved its public proof projection to the current lifecycle/review-bundle model; retained schema identifiers such as review_record.v0.1 identify current formats and are not compatibility product lines.

See SPEC.md for the canonical model, artifact definitions, integrity chain, compatibility notes, and explicit security boundaries. See SECURITY_MODEL.md and docs/SECURITY_PROFILES.md for the frozen security profile meanings, Kernel Guard transcript/canonicalization freeze, and replay/non-claim boundaries for the 1.0 release line.

Project docs

Installation

Install the latest published package from PyPI with an exact version pin:

python -m pip install sclite-core==1.0.8

Install directly from GitHub:

pip install git+https://github.com/rozmiarD/SCLite.git

From a local checkout:

python -m venv .venv
. .venv/bin/activate
python -m pip install -e '.[dev]'

Runtime dependencies are intentionally empty. The dev extra installs pytest for local tests. Python import package remains sclite.

Run the canonical local development gate:

scripts/dev_gate.sh

CLI quickstart

Validate the v0.2 lifecycle chain:

sclite validate-chain sclite/examples/contract-lifecycle-v0.2/artifact_chain_manifest.json
sclite verify-lifecycle sclite/examples/contract-lifecycle-v0.2/artifact_chain_manifest.json

Use sclite validate-chain --strict-lifecycle ... when a generic chain check should also fail closed on the canonical lifecycle role sequence.

Optionally verify a GovEngine/KERNEL-domain guard sidecar:

SCLITE_KERNEL_GUARD_KEY='local-test-secret' \
  sclite verify-guarded-chain \
  sclite/examples/contract-lifecycle-v0.2/artifact_chain_manifest.json \
  --guard /path/to/kernel_guard_manifest.json \
  --strict-lifecycle

kernel_guard_hmac_v1 authenticates a manifest and its entries only inside the domain that knows the HMAC secret. It is not PKI, non-repudiation, public identity, replay prevention, or proof that a runtime behaved correctly. When --guard is provided explicitly, SCLite resolves it relative to the current working directory, not relative to the bundle directory. Omitting --guard uses kernel_guard_manifest.json next to the manifest or review bundle target.

For runtime-consumable guarded bundles, use the fail-closed secure profile instead of assembling the weaker pieces manually. The guard sidecar is produced by the trusted host/GovEngine domain and is not committed in the public example bundle:

SCLITE_KERNEL_GUARD_KEY='local-test-secret' \
  sclite verify-secure-bundle examples/govengine-integration \
  --guard /path/to/kernel_guard_manifest.json

verify-secure-bundle is the guarded-strict profile. It always verifies the artifact chain, requires the exact lifecycle role sequence, requires kernel_guard_hmac_v1, binds manifest metadata, and fails when the guard is missing. It still does not check replay freshness; GovEngine owns guarded_domain_auth_fresh by recording root_tag reuse.

JSON output includes a stable verification_result object with explicit layer statuses:

{
  "artifact_chain": "pass",
  "strict_lifecycle": "pass",
  "kernel_guard": "pass",
  "replay": "not_checked",
  "public_identity": "not_claimed",
  "runtime_enforcement": "not_claimed"
}

The verification_result.v1 contract makes SCLite's non-claims machine-readable; it does not add replay state, public identity, or runtime enforcement.

Security posture modes:

  • integrity_only: local SHA-256 artifact-chain consistency only.
  • strict_lifecycle: integrity plus exact lifecycle roles, no extras, duplicates, or reorder.
  • guarded_domain_auth: strict lifecycle plus HMAC authenticity inside the domain that knows the secret.
  • guarded_domain_auth_fresh: HMAC authenticity plus GovEngine replay-store freshness.
  • public_signed_export: future public signature/export mode, not implemented in this release.

Validate and explain the v0.3 scoped-ticket fixture:

sclite validate-ticket \
  sclite/examples/scoped-ticket-v0.3/execution_ticket.json \
  --contract sclite/examples/scoped-ticket-v0.3/execution_contract.json
sclite explain-ticket sclite/examples/scoped-ticket-v0.3/execution_ticket.json
sclite verify-ticket-use \
  sclite/examples/scoped-ticket-v0.3/execution_ticket.json \
  --contract sclite/examples/scoped-ticket-v0.3/execution_contract.json \
  --receipt sclite/examples/scoped-ticket-v0.3/execution_receipt.json \
  --evidence-contract sclite/examples/scoped-ticket-v0.3/evidence_contract.json

Validate one artifact against a schema:

sclite validate-artifact \
  --schema execution_contract.v0.2 \
  examples/review-bundle/03_execution_contract.json

Use strict Draft 2020-12 validation with the optional jsonschema extra:

pip install 'sclite-core[jsonschema]'
sclite validate-artifact \
  --strict-jsonschema \
  --schema execution_contract.v0.2 \
  examples/review-bundle/03_execution_contract.json

Hash one artifact with deterministic SCLite canonical JSON + SHA-256:

sclite hash-artifact \
  --schema execution_contract.v0.2 \
  examples/review-bundle/03_execution_contract.json

Generate a standalone Scope Fidelity report from explicit dry-run shape facts:

sclite scope-fidelity \
  --target https://example.com/login \
  --normalized-arg https://example.com/login \
  --fail-on review

Review and export the v0.5 review-bundle fixture:

sclite review examples/review-bundle --format json
sclite export-review-bundle examples/review-bundle --format markdown

Review bundles package the lifecycle chain into a reviewer-facing record and optional Markdown export:

flowchart LR
    Bundle[review bundle directory] --> Shape[validate shape]
    Shape --> Chain[verify chain]
    Chain --> Lifecycle[lifecycle review]
    Lifecycle --> Record[review_record]
    Record --> Markdown[markdown export]

Review the GovEngine integration-readiness fixture and enforce conservative CI thresholds:

sclite review examples/govengine-integration --format json --fail-on review
sclite validate-trust-profile examples/govengine-integration/trust_profile_ref.json --subject examples/govengine-integration/04_execution_ticket.json
sclite validate-carrier-profile examples/govengine-integration/carrier_profile_ref.json --subject examples/govengine-integration/04_execution_ticket.json

Run tests:

python -m pytest -q

Python usage

Verify a v0.2 lifecycle manifest:

from sclite.integrity import verify_artifact_chain_manifest

# Load artifact_chain_manifest.json as a dict and verify it against a local root.
result = verify_artifact_chain_manifest(manifest, root=fixture_dir)
assert result["status"] == "passed"

Review scoped-ticket / receipt-bounded-evidence fixtures:

from sclite.tickets import validate_ticket_semantics, verify_ticket_use

checks = validate_ticket_semantics(ticket, execution_contract)
assert "ticket_scope_matches_execution_contract" in checks

result = verify_ticket_use(ticket, execution_contract, execution_receipt, evidence_contract)
assert "evidence_claims_bounded_by_receipt" in result["checks"]

Review a canonical v0.5 bundle:

from sclite.bundles import review_bundle

record = review_bundle("examples/govengine-integration")
assert record["verdict"] == "pass"

Repository layout

sclite/                         Python package
sclite/schemas/                 Packaged schemas
sclite/examples/contract-lifecycle-v0.2/
sclite/examples/review-bundle/  Packaged v0.5 review-bundle fixture
sclite/examples/govengine-integration/ Packaged downstream integration fixture
examples/review-bundle/         Public v0.5 review-bundle fixture
examples/govengine-integration/ Public GovEngine integration-readiness fixture
schemas/                        Source schema copies
SPEC.md                         Current public specification
CHANGELOG.md                    Release notes

License

MIT. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sclite_core-1.0.8.tar.gz (117.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sclite_core-1.0.8-py3-none-any.whl (143.0 kB view details)

Uploaded Python 3

File details

Details for the file sclite_core-1.0.8.tar.gz.

File metadata

  • Download URL: sclite_core-1.0.8.tar.gz
  • Upload date:
  • Size: 117.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for sclite_core-1.0.8.tar.gz
Algorithm Hash digest
SHA256 bf310de7052a476db8477961dd53a64ff64aa77342a0bed09a241cc357f8dd82
MD5 42d1f1eb9b1cc0ed87470a22f59d5334
BLAKE2b-256 4cdfcaa64a26fdde04592feeb73dc061ae0268115e340bf4a187142a1f4b92d4

See more details on using hashes here.

File details

Details for the file sclite_core-1.0.8-py3-none-any.whl.

File metadata

  • Download URL: sclite_core-1.0.8-py3-none-any.whl
  • Upload date:
  • Size: 143.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for sclite_core-1.0.8-py3-none-any.whl
Algorithm Hash digest
SHA256 93aa3e247e74752b8978fa648dea509a9d6628fd1b5645d6467066c9610b6086
MD5 2b412aee1aa3d9db9b2aa73d05ad76e4
BLAKE2b-256 e7fb66549606169ca39f63886a29948260769d7a1b4ef14360a95f37b937b57a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page