PlanSpec + lint + safety gates for agent plans.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for directiveproto from gravatar.com directiveproto

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: DirectiveProto
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

sdf-plan

Tool safety gates for agent workflows.

CI PyPI version Python versions License: MIT

30-Second Quickstart (ToolGate-first)

from sdf_plan import GateContext, confirm, propose

ctx = GateContext(workspace_id="demo-ws")
first = propose(
    tool_name="filesystem.write",
    args={"path": "/tmp/demo.txt", "content": "hello"},
    ctx=ctx,
)
print(first.decision.value)  # REQUIRE_CONFIRM

token = first.resume.token
_ = confirm(token, user_ok=True)

second = propose(
    tool_name="filesystem.write",
    args={"path": "/tmp/demo.txt", "content": "hello"},
    ctx=ctx,
    meta={"confirmed_token": token},
)
print(second.decision.value)  # ALLOW

Expected flow: REQUIRE_CONFIRM -> CONFIRM -> ALLOW

Install

pip install sdf-plan

Production note: set a strong SDF_PLAN_TOKEN_SECRET. Development fallback is warning-only and not for deployed environments.

Replay Protection (jti Store)

confirm(...) is stateless in OSS mode. For strict replay protection, store token jti values server-side.

from sdf_plan._internal.token import verify_token
from sdf_plan import confirm

used_jti: set[str] = set()

def confirm_once(token: str):
    payload = verify_token(token)
    jti = payload.get("jti")
    if jti and jti in used_jti:
        raise RuntimeError("replay detected")
    result = confirm(token, user_ok=True)
    if result.confirmed and jti:
        used_jti.add(jti)
    return result

5-Minute First Success

python examples/tool_gate_quickstart.py
python examples/tool_gate_openai_input.py
python examples/plan_mode_preflight.py

Adapter vs Legacy Integration

Path Use case Status
sdf_plan.adapters.* Runtime ToolGate decisions (propose/confirm) Recommended
sdf_plan.integrations.* Legacy decomposition-client flow Legacy (compat only)

CLI

sdf-plan lint path/to/plan.json
sdf-plan classify --tool filesystem.write

What You Get

  • ToolGate runtime decisions (ALLOW | REQUIRE_CONFIRM | WARN | BLOCK)
  • Signed confirmation tokens (jti, expiry, scope/tool/args binding) + resume flow
  • Idempotency key derivation from scope + tool + canonical args
  • Tool-mode lint rules + policy defaults
  • PlanSpec lint and preflight (optional mode)
  • LangGraph adapter (official thin wrapper for v0.2.x)

Support Matrix (v0.2.8)

  • Official maintained adapter: LangGraph
  • Thin adapters: CrewAI, LangChain
  • Legacy integration path: sdf_plan.integrations.* (decomposition client, not ToolGate runtime gating)
  • Direct parser support: OpenAI-style tool calls, generic tool call JSON, PlanSpec
  • BYO adapter support: any framework that can pass (tool_name, args, meta, run_context) into propose(...)
  • Deferred official adapters: additional framework-specific variants beyond thin wrappers

Strict Mode Checklist

  • Set SDF_PLAN_TOKEN_SECRET (no fallback in non-development).
  • Pass ctx.workspace_id for write tools.
  • Enable strict_args=True.
  • Optionally set tool_args_validator for deep per-tool schema validation.

Public API Stability

Top-level imports are a stable facade:

from sdf_plan import propose, confirm

The facade remains stable while internals evolve; core logic stays in sdf_plan/gate, not in __init__.py.

Optional PlanSpec Mode

Plan mode remains supported for existing users.

from sdf_plan import lint_plan, policy_annotate, preflight_lint

plan = {
    "steps": [
        {
            "id": "S1",
            "type": "ACT",
            "title": "send email",
            "intent": "send email",
            "inputs": [],
            "outputs": ["ctx.sent"],
            "depends_on": [],
            "stop_condition": "Step S1 completed",
            "fallback": "reduce_scope",
            "idempotency_key": "idem-1",
        }
    ]
}
plan, summary = policy_annotate(plan)
findings = lint_plan(plan, max_steps=12, safety_mode="safe")
preflight_lint(plan, max_steps=12, safety_mode="safe")

Guides

  • docs/API_REFERENCE.md
  • docs/ARCHITECTURE.md
  • docs/SECURITY_MODEL.md
  • docs/MIGRATION_PLANSPEC_TO_TOOLGATE.md
  • docs/PRODUCTION_HARDENING.md
  • docs/ADAPTER_TEMPLATE.md
  • docs/POLICY_TUNING.md
  • docs/TOOL_CLASSIFICATION.md
  • docs/COMPATIBILITY.md
  • docs/RELEASING.md

Examples

  • examples/tool_gate_quickstart.py
  • examples/tool_gate_openai_input.py
  • examples/plan_mode_preflight.py
  • examples/adapter_minimal.py
  • examples/langgraph_plangate_demo.py
  • examples/crewai_plangate_demo.py (community-style example, not an official adapter contract in v0.2.0)

Testing (CI Parity)

Install dev/test dependencies:

pip install -e ".[dev]"

Fast local checks (matches PR path):

pytest -q -m "not slow" tests/unit
pytest -q tests/contract/test_gate_contract.py tests/contract/test_adapter_contract.py
pytest -q -m "not slow" tests/integration/test_openai_variants_normalization.py tests/integration/test_generic_toolcall_normalization.py tests/integration/test_planspec_to_ir.py tests/integration/test_tool_gate_flow.py tests/integration/test_tool_gate_concurrency.py tests/integration/test_plan_and_tool_mode_coexist.py tests/compat/test_planspec_roundtrip_best_effort.py
pytest -q tests/unit/test_token_security.py tests/integration/test_tool_gate_concurrency.py

Coverage gates:

pytest -q --cov=sdf_plan --cov-report=term-missing --cov-fail-under=70 tests/unit tests/integration
pytest -q --cov=sdf_plan.gate --cov-fail-under=70 tests/unit tests/integration
pytest -q --cov=sdf_plan.policy --cov-fail-under=70 tests/unit tests/integration
pytest -q --cov=sdf_plan.inputs --cov-fail-under=70 tests/unit tests/integration

Nightly/slow checks:

pytest -q -m slow tests/integration/test_fuzz_inputs.py tests/integration/test_perf_budget.py

Packaging smoke:

python -m build
twine check dist/*
pip install dist/*.whl
python -c "import sdf_plan; print('sdf_plan import ok')"

Compatibility

Use Cloud schema hash checks to detect contract drift:

from sdf_plan.compat import assert_schema_compat, package_version

assert_schema_compat(package_version(), "schema_hash_from_/v1/schema")

Releases

  • Git tags use vX.Y.Z format.
  • GitHub Releases notes mirror CHANGELOG.md.
  • PyPI releases are published from tagged workflow runs.
  • See docs/RELEASING.md for the exact process.

License

This project is licensed under the MIT License. See LICENSE for the full text.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for directiveproto from gravatar.com directiveproto

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: DirectiveProto
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.2.9

This version

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sdf_plan-0.2.8.tar.gz (30.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sdf_plan-0.2.8-py3-none-any.whl (39.5 kB view details)

Uploaded Python 3

File details

Details for the file sdf_plan-0.2.8.tar.gz.

File metadata

  • Download URL: sdf_plan-0.2.8.tar.gz
  • Upload date:
  • Size: 30.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sdf_plan-0.2.8.tar.gz
Algorithm Hash digest
SHA256 c2cab20a8eddac3443af33bd3e4eabf6a60317a3cb943ea235c5e6083f3a8d98
MD5 322bd5009f3dd6f2b2125b35bad819a7
BLAKE2b-256 2e82004daa3520a9fd836282b933f6ac1c9961b48cf231070bef21e67c46bea2

See more details on using hashes here.

Provenance

The following attestation bundles were made for sdf_plan-0.2.8.tar.gz:

Publisher: release.yml on directiveproto/sdf-plan

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sdf_plan-0.2.8-py3-none-any.whl.

File metadata

  • Download URL: sdf_plan-0.2.8-py3-none-any.whl
  • Upload date:
  • Size: 39.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for sdf_plan-0.2.8-py3-none-any.whl
Algorithm Hash digest
SHA256 20215b8e6b597bd2aa40f6e7daa413d829d5a89d60169a46eb5517ffd2e0dda0
MD5 8bf50521489d99fff8a810dd85eb3252
BLAKE2b-256 75348bf18e9d85c0fb80181b112f33d1482012e37ce05a24f40e1745cb772d76

See more details on using hashes here.

Provenance

The following attestation bundles were made for sdf_plan-0.2.8-py3-none-any.whl:

Publisher: release.yml on directiveproto/sdf-plan

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page