Skip to main content

SourceryKit

Project description

SourceryKit

status: v1.0.0b3 python: 3.12+ license: Proprietary

SourceryKit is the Python SDK for Provably. It provides verifiable guardrails for AI agents by automatically recording outbound HTTP calls, enforcing endpoint policies, and checking your agent's claims against a source of truth—all before any request leaves your process.

⚠️ IMPORTANT: Upgrading the SDK from v0.2 to v1.0? See the v1.0 migration guide.

How Does It Work?

SourceryKit handles policy enforcement and logging right inside your agent's normal workflow:

architecture

The Pieces

  • HTTP Interceptor: Patches your HTTP libraries to watch and log outbound calls, blocking untrusted requests on the spot.
  • Trusted Endpoints: A database allow-list of approved destinations for your agent.
  • Intercepts Table: An append-only DB table that logs every request and response for auditing.
  • SourceryKitAgentResponse: A Pydantic model used as the structured response_format for your agent. Enforces a typed response contract with a claimed_values list of extracted values.
  • Handoff Payload: A clean data bundle containing the claims your agent is making about its external actions.
  • Evaluator: Compares the handoff payload against records in the Provably backend to give you a clear verdict.
  • Provably Backend: The source of truth that turns your local intercepts into anchored verification proofs.

Installation

SourceryKit requires Python 3.12+. You can grab it directly from source:

git clone git@github.com:ProvablyAI/sourcerykit.git
pip install -e ./sourcerykit

Or install it directly via pip:

pip install sourcerykit

Configuration

To get things running, SourceryKit must be configured with your project variables. The interactive CLI handles account provisioning, organization workspace initialization, database validation, and persists credentials globally (OS application folder) and locally (project .env).

sourcerykit init

The wizard will guide you through:

  • Account Setup & Authorization: Create a new account or log into an existing one, and select your organization workspace.
  • API Key Generation: Automatically fetch your SDK API-KEY from your account profile.
  • Database Handshake: Enter your database details, test the connection, and ensure it's accessible.
  • Save Config: Automatically write your credentials and tokens straight to a local .env file.

⚠️ IMPORTANT: The wizard only configures SOURCERYKIT_* variables. It does not handle third-party LLM provider infrastructure keys, which must still be exported separately.

For a full list of CLI commands, check out the CLI Documentation file, or simply run:

sourcerykit --help

For a full list of environment variables, see .env.example.

Quick Example

Here is how to bootstrap the system, run an intercepted request, build a payload, and check if everything passes validation:

import uuid
import httpx
import sourcerykit
from agents import Agent, Runner
from sourcerykit import SourceryKitAgentResponse

async def run_verifiable_agent():
    # 1. Fire up the system
    await sourcerykit.bootstrap_system()

    # 2. Tell the registry which URL is allowed
    await sourcerykit.insert_trusted_endpoint(url="https://api.example.com/data")

    # 3. Make a network call inside an intercept context
    async with sourcerykit.async_intercept_context(agent_id="demo-agent", action_name="get_data"):
        async with httpx.AsyncClient() as client:
            response = await client.get(
                "https://api.example.com/data",
                params={"query": "example_parameter"}
            )
            response.raise_for_status()

    # 4. Run agent with SourceryKitAgentResponse as the output format
    #    (e.g., output_type=... for OpenAI, response_format=... for LangChain, output_format=... for Claude).
    #    The output is a structured response containing `claimed_values`.
    prompt = "You are a helpful assistant."
    agent = Agent(
        name="demo-agent",
        instructions=prompt,
        tools=[...],
        model="model-name",
        output_type=SourceryKitAgentResponse,
    )
    result = await Runner.run(agent, prompt)
    final_output: SourceryKitAgentResponse = result.final_output

    # 5. Build the handoff payload from the agent's structured output
    payload_data = {
        "reasoning": final_output.reasoning,
        "claims": [
            {
                "action_name": "get_data",
                "claimed_value": final_output.claimed_values,
                "verification_mode": "field_extraction",
            }
        ],
    }

    payload = await sourcerykit.build_handoff_payload(
        payload_data,
        run_id=uuid.uuid4(),
        prompt=prompt,
        intercept_agent_id="demo-agent",
    )

    # 6. Ask the evaluator for a verdict
    result = await sourcerykit.evaluate_handoff(payload=payload)
    print(f"Evaluation Outcome: {result.get('outcome')}") # PASS, CAUGHT, or ERROR

More Docs

Want to dig into the details? Check out our documentation and specific guides:

Technical Guides

Contributing

We welcome fixes, features, and doc updates! Check out CONTRIBUTING.md to see how to run tests and open up a pull request.

License

This project is licensed under the Business Source License 1.1.

  • Copyright © 2026 Provably Technologies LTD
  • You may not offer the Software as a commercial hosted service without purchasing a commercial license from Provably Technologies Ltd.
  • On 2029-05-07, the license will automatically convert to GPL-3.0-or-later.

See the LICENSE file for full terms and details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sourcerykit-1.0.0b3.tar.gz (54.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sourcerykit-1.0.0b3-py3-none-any.whl (73.9 kB view details)

Uploaded Python 3

File details

Details for the file sourcerykit-1.0.0b3.tar.gz.

File metadata

  • Download URL: sourcerykit-1.0.0b3.tar.gz
  • Upload date:
  • Size: 54.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sourcerykit-1.0.0b3.tar.gz
Algorithm Hash digest
SHA256 a9cdbabc8c210ccef0a243ef4e10864fc9064411b5cb368c635dce869c510551
MD5 bdcf7fc33864eb51c55da9cbb67234aa
BLAKE2b-256 73e2d26f4428a44b3a4bed8a23292b8f5e8915c62f17d410ea5e637e42b733b1

See more details on using hashes here.

Provenance

The following attestation bundles were made for sourcerykit-1.0.0b3.tar.gz:

Publisher: publish.yml on ProvablyAI/sourcerykit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sourcerykit-1.0.0b3-py3-none-any.whl.

File metadata

  • Download URL: sourcerykit-1.0.0b3-py3-none-any.whl
  • Upload date:
  • Size: 73.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sourcerykit-1.0.0b3-py3-none-any.whl
Algorithm Hash digest
SHA256 86e8388ca3a3071e64022e4a7e9392d961dfb05f70c35c7dabc43bcf33255c3b
MD5 44e0425a536f9ccad0bd374df6064c3f
BLAKE2b-256 34e9fdb7498f355630ca4a11c4704710eca83a2b52b7eaf6a0dd58225f058c59

See more details on using hashes here.

Provenance

The following attestation bundles were made for sourcerykit-1.0.0b3-py3-none-any.whl:

Publisher: publish.yml on ProvablyAI/sourcerykit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page