Execution-boundary SDK for allowing or blocking governed actions before they run.
Project description
Waveframe Guard
Stop unsafe AI and automated actions before they execute.
Waveframe Guard is an execution-boundary SDK. It wraps sensitive actions, resolves compiled authority, evaluates through CRI-CORE, and only runs the action when the outcome is allowed.
Current release: 0.10.0.
Guard does not generate actions.
Guard does not author governance.
Guard does not replace Cloud.
Guard decides whether this action may run now.
Install
pip install waveframe-guard==0.10.0
Run the local quickstart example from a repository checkout:
python examples/quickstart_guard.py
Expected output:
executed=False
decision=blocked
30-second example
from waveframe_guard import Guard
compiled_authority = {
"schema_version": "compiled_authority_contract.v1",
"contract_id": "finance-policy",
"contract_version": "1.0.0",
"authority_requirements": {"required_roles": ["manager"]},
"approval_requirements": {},
"artifact_requirements": {},
"stage_requirements": {},
"invariants": {},
"contract_hash": "e4fd822ae1ac5f0228c9042dfd81c7c96b2774bf7e1e5516d9db95880b1aab70",
}
request = {
"schema_version": "normalized_execution_request.v1",
"request_id": "transfer-001",
"action": "wire_transfer",
"target": "treasury-account",
"arguments": {"amount": 1250000},
"artifacts": [],
}
guard = Guard.local(
authorities={"finance-policy@1.0.0": compiled_authority},
actor_identity={"id": "user-1", "type": "human", "role": "intern"},
)
@guard.protect(authority="finance-policy@1.0.0", raise_on_block=False)
def wire_transfer(execution_request):
return "transfer executed"
result = wire_transfer(request)
print(result["executed"])
print(result["outcome"]["execution_state"])
Expected result:
False
blocked
The wrapped function does not run because the actor does not satisfy the compiled authority requirement.
Primary developer path
Use one object first:
from waveframe_guard import Guard
guard = Guard.local(workspace=".guard-local")
@guard.protect(authority="finance-policy@1.0.0")
def protected_action(execution_request):
return perform_sensitive_action(execution_request)
Guard sits before the mutation boundary. It loads compiled authority, validates the normalized execution request, evaluates the action through CRI-CORE-backed runtime logic, emits an enforcement outcome, and writes local receipt/replay artifacts for inspection.
What Guard owns
Guard owns the developer-side enforcement boundary:
- local SDK integration
- compiled authority resolution
- normalized execution request enforcement
- local allow/block/escalate outcomes
- continuation windows and deferred release checks
- local receipts, replay artifacts, and runtime diagnostics
- evidence spooling for later Cloud submission
Guard does not author governance, publish authority, host organization workflows, operate the long-term evidence system, or ship the proprietary Guard Inspector UI.
Guard, Cloud, and Ledger
| Product | Responsibility |
|---|---|
| Guard | Enforce locally before execution. |
| Cloud | Store authority, evidence, receipts, replay packages, lifecycle state, and continuity records. |
| Ledger / Workspace | Author, review, activate, and publish deterministic governance authority. |
| CRI-CORE | Deterministic admissibility kernel used under the Guard boundary. |
The product flow is:
Ledger publishes authority
-> Cloud distributes authority and records evidence
-> Guard enforces before execution
-> Cloud stores receipts and replay history
Cloud can publish lifecycle metadata such as active, superseded, or revoked, but Cloud does not decide runtime admissibility. Guard evaluates locally against compiled authority.
Local authority registry
For applications that resolve published contracts from a local registry, use the runtime layer:
from waveframe_guard import GovernedRuntime
runtime = GovernedRuntime(
registry_path="contracts/index.json",
reject_revoked_authority=True,
warn_on_superseded=True,
)
runtime.install_actor({"id": "user-1", "type": "human", "role": "manager"})
runtime.bind_contract("finance-policy@1.0.0")
result = runtime.execute(
fn=transfer,
args=(1250000,),
raise_on_block=False,
)
Runtime authority refs are explicit and versioned. Use finance-policy@1.0.0; unversioned IDs such as finance-policy are rejected because replay, audit, and cache integrity depend on deterministic authority identity.
Cloud-connected runtime
For application code that needs Cloud authority metadata and evidence delivery, use the Cloud-connected runtime:
from waveframe_guard import GuardRuntime
runtime = GuardRuntime.from_cloud(
authority="finance-policy@1.0.0",
api_key="...",
)
result = runtime.execute(
actor={"id": "user-1", "type": "human", "role": "manager"},
fn=transfer,
args=(1250000,),
raise_on_block=False,
)
runtime.flush_evidence()
execute(...) still enforces locally. Cloud availability is only required when you explicitly call flush_evidence().
Guard writes evidence to a durable local spool first:
.waveframe_guard/evidence/
pending/
sent/
failed/
If a flush fails, evidence is retained and can be submitted again later.
Continuation and deferred release
Guard separates admissibility from release. An action can be admissible at T1, queued or delayed, and then blocked at T2 if its continuation lease no longer validates.
Guard emits:
guard_continuation_lease.v1guard_release_validation.v1release blockedwhen execution was admissible earlier but a runtime dependency expired before release
Continuity signals are not Cloud decisions. Guard evaluates continuity locally; Cloud may display and preserve the evidence.
Guard Inspector
Guard Inspector is the private operational visualization layer for SDK-emitted evaluations, receipts, replay artifacts, continuity signals, and release posture.
It consumes Guard outcomes and artifacts. It is not part of the public Guard SDK package, does not author policy, and does not own enforcement semantics.
Repository surface
The public Guard surface includes:
- SDK facade
- local runtime
- deterministic evaluation model
- continuation governance
- replay artifacts
- deferred release model
- examples
- docs
- tests
- sample compiled contracts
Non-production or split-bound work is quarantined under temp/. In particular, temp/labs/cloud_runtime/ is a lab preview for future Cloud product work, not production Guard Cloud and not required for local enforcement.
Release discipline
Every substantive Guard change must update the release surface together:
code
+ README / docs
+ CHANGELOG
+ pyproject metadata
+ version-dependent files
+ tests
+ package build
+ tag
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file waveframe_guard-0.10.0.tar.gz.
File metadata
- Download URL: waveframe_guard-0.10.0.tar.gz
- Upload date:
- Size: 67.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
423eed34a23d6d4541e4af48d02f5075dbba04c32d88c7a973569b8f64f8bc78
|
|
| MD5 |
54c28e48811d45d4e6f87bee755a5c4a
|
|
| BLAKE2b-256 |
49e258160a17694eaf4a2ae0cff80f4c82ec58865993df0b311c6f5f313a3c69
|
File details
Details for the file waveframe_guard-0.10.0-py3-none-any.whl.
File metadata
- Download URL: waveframe_guard-0.10.0-py3-none-any.whl
- Upload date:
- Size: 56.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8e573004788c91a1c409c78c4b4c5447aed4e0a6678c7ddea97477104ff73db4
|
|
| MD5 |
fddfe75c581221105caa056bb0738526
|
|
| BLAKE2b-256 |
5099f35e7f81e89bb1bd0443517d4c376f64c829ab52c034ca8108ec23c4f0a9
|