Prompt attribution, versioning, analytics, and governance for TokenHelm — entirely additive.
Project description
tokenhelm-prompt
Prompt Intelligence for TokenHelm — prompt attribution, versioning, analytics, and governance for every LLM request TokenHelm tracks. Entirely additive: the TokenHelm v0.1 API is never changed.
Install
pip install tokenhelm-prompt
# optional framework integrations:
pip install "tokenhelm-prompt[langchain]" # or llamaindex, crewai, adk, openai-agents, haystack
Quick start
from tokenhelm import TokenHelm, DefaultEventDispatcher
from tokenhelm_prompt import YamlRegistry, tracker, analytics, make_dispatcher
# 1. Register a versioned prompt (metadata + a template HASH — never the text).
registry = YamlRegistry("prompts.yaml")
registry.register(
"invoice_summary",
owner="ana", application="billing", environment="prod",
template="Summarize invoice {invoice_id} for {customer}",
)
tracker.use_registry(registry)
# 2. Wrap TokenHelm's dispatcher so events get attributed (no core changes).
th = TokenHelm(dispatcher=make_dispatcher(DefaultEventDispatcher()))
# 3. Every tracked call inside the scope is attributed automatically.
with tracker.prompt("invoice_summary"):
th.track(response) # event recorded as invoice_summary@v1
# 4. Per-prompt / per-version analytics.
for row in analytics.by_version():
print(row.prompt_name, row.prompt_version, row.calls, row.cost, row.failures)
analytics.export("csv", "prompts.csv")
Nested scopes, the @prompt(...) decorator, and async/streaming all work and
restore correctly:
from tokenhelm_prompt import prompt
@prompt("translate")
async def translate(...): ...
with tracker.prompt("invoice"):
with tracker.prompt("translate"): # inner wins; outer restored on exit
...
CLI
tokenhelm-prompt init # create a local registry
tokenhelm-prompt list # list prompts + current versions
tokenhelm-prompt versions invoice_summary # immutable version history
tokenhelm-prompt diff invoice_summary v1 v2 # compare by hash (never shows text)
tokenhelm-prompt export --format json -o inventory.json
Guarantees
- No core changes — TokenHelm's
track/trace/track_stream/configure/LLMEventare untouched; integration is purely via theEventDispatcherseam. - Privacy — only metadata + one-way hashes are stored; never rendered prompts, keys, credentials, or PII.
- Offline-first — the default YAML/SQLite registry needs no network.
- Additive — with no active scope, behavior is identical to plain TokenHelm.
Release process
Releases are staged through TestPyPI before production PyPI, driven entirely by git tags. Publishing uses PyPI Trusted Publishing (OIDC) — there are no API tokens anywhere.
RC tag ──► TestPyPI ──► install + smoke test ──► GitHub prerelease
final tag ─► PyPI ──► install + smoke test ──► GitHub release
A tag is classified automatically: vX.Y.Z is a production release; anything
with a pre-release/dev suffix (rc, a, b, .dev — e.g. v0.2.0rc1) goes to
TestPyPI. The tag version must match project.version in pyproject.toml (the
workflow guards this), so bump the version first.
1. Pre-release to TestPyPI:
# bump pyproject.toml version to 0.2.0rc1 first, then:
git tag v0.2.0rc1
git push origin v0.2.0rc1
This builds, publishes to TestPyPI, installs into a clean venv from TestPyPI,
runs scripts/release_smoke_test.py, and cuts a GitHub prerelease.
2. Production to PyPI:
# bump pyproject.toml version to 0.2.0 first, then:
git tag v0.2.0
git push origin v0.2.0
This builds, publishes to PyPI, installs from PyPI into a clean venv, runs the smoke test, and cuts the GitHub release with generated notes and the wheel + sdist attached.
The workflow (.github/workflows/release.yml) also supports workflow_dispatch
for a build-and-check dry run (no publish). The testpypi and pypi GitHub
environments must each have a Trusted Publisher configured on the respective
index.
See docs/ for the architecture, full API reference, and a migration
guide. The design lives under
specs/001-prompt-intelligence/.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tokenhelm_prompt-0.2.0.tar.gz.
File metadata
- Download URL: tokenhelm_prompt-0.2.0.tar.gz
- Upload date:
- Size: 21.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c1fd87e40ef5498941dc0304d268043718315784c8950f8a8044d9b06fd534ef
|
|
| MD5 |
07a4b35a96fa72d1b7187a1110589e86
|
|
| BLAKE2b-256 |
f0c41cc3108eaff43cf1ef3cff1dedd28e26b32a4bfc99ad7aa6093ca6eb2403
|
Provenance
The following attestation bundles were made for tokenhelm_prompt-0.2.0.tar.gz:
Publisher:
release.yml on srinitrumatics/tokenhelm-prompt
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
tokenhelm_prompt-0.2.0.tar.gz -
Subject digest:
c1fd87e40ef5498941dc0304d268043718315784c8950f8a8044d9b06fd534ef - Sigstore transparency entry: 1993555461
- Sigstore integration time:
-
Permalink:
srinitrumatics/tokenhelm-prompt@21d84ef38e4d5648406c8f59041e6b77633f9908 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/srinitrumatics
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@21d84ef38e4d5648406c8f59041e6b77633f9908 -
Trigger Event:
push
-
Statement type:
File details
Details for the file tokenhelm_prompt-0.2.0-py3-none-any.whl.
File metadata
- Download URL: tokenhelm_prompt-0.2.0-py3-none-any.whl
- Upload date:
- Size: 30.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
911abaafd586ae0a51322223701703e2438389224a7ea3c827d7ea8ee71bb074
|
|
| MD5 |
9703f5fed859ab469175a2a9366804ad
|
|
| BLAKE2b-256 |
e8e8fc9586b9a392c7ab4262d6082f7b756994a1debe86f8e5c2c7ccde506509
|
Provenance
The following attestation bundles were made for tokenhelm_prompt-0.2.0-py3-none-any.whl:
Publisher:
release.yml on srinitrumatics/tokenhelm-prompt
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
tokenhelm_prompt-0.2.0-py3-none-any.whl -
Subject digest:
911abaafd586ae0a51322223701703e2438389224a7ea3c827d7ea8ee71bb074 - Sigstore transparency entry: 1993555597
- Sigstore integration time:
-
Permalink:
srinitrumatics/tokenhelm-prompt@21d84ef38e4d5648406c8f59041e6b77633f9908 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/srinitrumatics
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@21d84ef38e4d5648406c8f59041e6b77633f9908 -
Trigger Event:
push
-
Statement type: