Deterministic local runtime governance kernel for autonomous coding agents.
Project description
WatchLLM Kernel
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░ ░░░░ ░░░ ░░░ ░░░ ░░░ ░░░░ ░░ ░░░░░░░░ ░░░░░░░░ ░░░░ ░
▒ ▒ ▒ ▒▒ ▒▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒▒ ▒▒ ▒▒▒▒ ▒▒ ▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒ ▒▒ ▒
▓ ▓▓ ▓▓▓▓ ▓▓▓▓▓ ▓▓▓▓▓ ▓▓▓▓▓▓▓▓ ▓▓ ▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓ ▓
█ ██ ██ █████ █████ ████ ██ ████ ██ ████████ ████████ █ █ █
█ ████ ██ ████ █████ ██████ ███ ████ ██ ██ ██ ████ █
████████████████████████████████████████████████████████████████████████████████
Deterministic local write-path governance kernel for autonomous coding agents.
Current status
Task 14 complete — core model layer, parser abstraction, fixture corpus, rule implementations, deterministic decision engine, CLI evaluation interface, end-to-end regression tests, baseline performance benchmarks, and local blocked-event reporting exist. Save-path editor integration is not implemented yet.
Installation
python -m pip install -e .
Usage
watchllm-kernel --help
python -m watchllm_kernel --help
Fixture corpus
Rule evidence fixtures live under tests/fixtures/rules/.
Each MVP rule category has a minimal pass/ and fail/ fixture set:
secretsforbidden_importsboundaryauth_flow
These fixtures are rule evidence examples and are used by rule-specific tests as each rule is implemented.
Implemented rules
Secret-literal rule
The secret-literal rule detects hardcoded credential patterns in assignment contexts and dangerous call contexts. It uses AST context to avoid flagging safe retrieval calls such as process.env.STRIPE_SECRET or os.getenv("STRIPE_SECRET").
Forbidden-import rule
The forbidden-import rule blocks dangerous imports such as child_process and disallowed relative traversal imports. It extracts ES module imports and CommonJS require(...) calls using AST traversal rather than raw text scanning.
Boundary rule
The boundary rule checks AST-extracted import edges against a small declared boundary map. In the current policy, auth may import the public DB contract but must not import db/internal paths directly.
Circular dependency detection is explicitly deferred because Task 08 evaluates single-file import edges only, not a repository-wide import graph.
Auth-flow rule
The auth-flow rule checks calls inside an exported handler function and requires an explicit auth guard before protected database operations such as db.user.update(...).
Current Task 09 behaviour is intentionally narrow:
- mutation before auth returns
FAIL - auth before mutation returns
PASS - auth found only inside an ambiguous branch before mutation returns
INCONCLUSIVE
Repository-wide control-flow analysis is not implemented yet.
Decision engine
The decision engine runs a supplied ordered list of rules against one source buffer and reduces their rule results into one KernelResult.
In enforce mode, any rule failure produces BLOCK.
In shadow mode, rule failures are preserved in the result but the final decision remains ALLOW.
For Task 10, INCONCLUSIVE rule results are recorded but do not block.
Benchmarks
Run the current Python kernel benchmark suite with:
python benchmarks/run_benchmarks.py --iterations 50 --warmup 5 --json
Benchmark baseline documentation lives in docs/benchmarks/baseline.md.
Local violation reporting
Blocked evaluations are written locally as JSONL.
Default path:
.watchllm/logs/violations.jsonl
Override path:
WATCHLLM_LOG_PATH=/tmp/watchllm-violations.jsonl python -m watchllm_kernel evaluate path/to/file.ts --json
The reporting contract is documented in docs/specs/reporting-contract.md.
Non‑goals (current state)
- No save-path editor integration yet
- No cloud dependency or network enforcement
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file watchllm_kernel-0.1.0.tar.gz.
File metadata
- Download URL: watchllm_kernel-0.1.0.tar.gz
- Upload date:
- Size: 30.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2bad3673a089894d5b36c8d5a06ccb2755e57deda6f265a84d7a8fc9f75db109
|
|
| MD5 |
8cba5a74225a2241a46e791f6ef916f8
|
|
| BLAKE2b-256 |
ade0d54d5844e54f4d1b862c2f1ca54eb379ff3ece6185d0d4d82d0847b8c1e5
|
File details
Details for the file watchllm_kernel-0.1.0-py3-none-any.whl.
File metadata
- Download URL: watchllm_kernel-0.1.0-py3-none-any.whl
- Upload date:
- Size: 24.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8f0abf67831a1b9cfbf56d608a84372133855d91e66428b8a7c270205fce82c3
|
|
| MD5 |
1e96782506e10168bf2d734bb0704498
|
|
| BLAKE2b-256 |
fb7a5ee84a1941ebc67c4af5dd603e6ae123d37e2f5d9830bce8917f15702b39
|