Skip to main content

Deterministic local runtime governance kernel for autonomous coding agents.

Project description

WatchLLM Kernel

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░  ░░░░  ░░░      ░░░        ░░░      ░░░  ░░░░  ░░  ░░░░░░░░  ░░░░░░░░  ░░░░  ░
▒  ▒  ▒  ▒▒  ▒▒▒▒  ▒▒▒▒▒  ▒▒▒▒▒  ▒▒▒▒  ▒▒  ▒▒▒▒  ▒▒  ▒▒▒▒▒▒▒▒  ▒▒▒▒▒▒▒▒   ▒▒   ▒
▓        ▓▓  ▓▓▓▓  ▓▓▓▓▓  ▓▓▓▓▓  ▓▓▓▓▓▓▓▓        ▓▓  ▓▓▓▓▓▓▓▓  ▓▓▓▓▓▓▓▓        ▓
█   ██   ██        █████  █████  ████  ██  ████  ██  ████████  ████████  █  █  █
█  ████  ██  ████  █████  ██████      ███  ████  ██        ██        ██  ████  █
████████████████████████████████████████████████████████████████████████████████

Deterministic local write-path governance kernel for autonomous coding agents.

Current status

Task 14 complete — core model layer, parser abstraction, fixture corpus, rule implementations, deterministic decision engine, CLI evaluation interface, end-to-end regression tests, baseline performance benchmarks, and local blocked-event reporting exist. Save-path editor integration is not implemented yet.

Installation

python -m pip install -e .

Usage

watchllm-kernel --help
python -m watchllm_kernel --help

Fixture corpus

Rule evidence fixtures live under tests/fixtures/rules/.

Each MVP rule category has a minimal pass/ and fail/ fixture set:

  • secrets
  • forbidden_imports
  • boundary
  • auth_flow

These fixtures are rule evidence examples and are used by rule-specific tests as each rule is implemented.

Implemented rules

Secret-literal rule

The secret-literal rule detects hardcoded credential patterns in assignment contexts and dangerous call contexts. It uses AST context to avoid flagging safe retrieval calls such as process.env.STRIPE_SECRET or os.getenv("STRIPE_SECRET").

Forbidden-import rule

The forbidden-import rule blocks dangerous imports such as child_process and disallowed relative traversal imports. It extracts ES module imports and CommonJS require(...) calls using AST traversal rather than raw text scanning.

Boundary rule

The boundary rule checks AST-extracted import edges against a small declared boundary map. In the current policy, auth may import the public DB contract but must not import db/internal paths directly.

Circular dependency detection is explicitly deferred because Task 08 evaluates single-file import edges only, not a repository-wide import graph.

Auth-flow rule

The auth-flow rule checks calls inside an exported handler function and requires an explicit auth guard before protected database operations such as db.user.update(...).

Current Task 09 behaviour is intentionally narrow:

  • mutation before auth returns FAIL
  • auth before mutation returns PASS
  • auth found only inside an ambiguous branch before mutation returns INCONCLUSIVE

Repository-wide control-flow analysis is not implemented yet.

Decision engine

The decision engine runs a supplied ordered list of rules against one source buffer and reduces their rule results into one KernelResult.

In enforce mode, any rule failure produces BLOCK.

In shadow mode, rule failures are preserved in the result but the final decision remains ALLOW.

For Task 10, INCONCLUSIVE rule results are recorded but do not block.

Benchmarks

Run the current Python kernel benchmark suite with:

python benchmarks/run_benchmarks.py --iterations 50 --warmup 5 --json

Benchmark baseline documentation lives in docs/benchmarks/baseline.md.

Local violation reporting

Blocked evaluations are written locally as JSONL.

Default path:

.watchllm/logs/violations.jsonl

Override path:

WATCHLLM_LOG_PATH=/tmp/watchllm-violations.jsonl python -m watchllm_kernel evaluate path/to/file.ts --json

The reporting contract is documented in docs/specs/reporting-contract.md.

Non‑goals (current state)

  • No save-path editor integration yet
  • No cloud dependency or network enforcement

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

watchllm_kernel-0.1.0.tar.gz (30.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

watchllm_kernel-0.1.0-py3-none-any.whl (24.2 kB view details)

Uploaded Python 3

File details

Details for the file watchllm_kernel-0.1.0.tar.gz.

File metadata

  • Download URL: watchllm_kernel-0.1.0.tar.gz
  • Upload date:
  • Size: 30.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.9

File hashes

Hashes for watchllm_kernel-0.1.0.tar.gz
Algorithm Hash digest
SHA256 2bad3673a089894d5b36c8d5a06ccb2755e57deda6f265a84d7a8fc9f75db109
MD5 8cba5a74225a2241a46e791f6ef916f8
BLAKE2b-256 ade0d54d5844e54f4d1b862c2f1ca54eb379ff3ece6185d0d4d82d0847b8c1e5

See more details on using hashes here.

File details

Details for the file watchllm_kernel-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for watchllm_kernel-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8f0abf67831a1b9cfbf56d608a84372133855d91e66428b8a7c270205fce82c3
MD5 1e96782506e10168bf2d734bb0704498
BLAKE2b-256 fb7a5ee84a1941ebc67c4af5dd603e6ae123d37e2f5d9830bce8917f15702b39

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page