Skip to main content

Local enforcement SDK and simulation environment for AI governance.

Project description

Waveframe Guard

Stop unsafe AI and automated actions before they execute.

Waveframe Guard enforces governance at the execution boundary. If an action violates policy, it never runs.

Current release: 0.6.1.

Example

This example assumes a published contract artifact exists at contracts/finance-policy-1.0.0.contract.json. In your application, point contract_path at the contract published by your governance workflow.

from pathlib import Path

from waveframe_guard import install_guard, guard

install_guard(
    actor={"id": "user-1", "type": "human", "role": "intern"},
    contract_path=Path("contracts") / "finance-policy-1.0.0.contract.json"
)

@guard
def transfer(amount):
    print(f"Transferred ${amount}")

transfer(100)
Execution blocked: required role not satisfied: manager

Governed Runtime

For applications that want to resolve published contracts from a registry, use GovernedRuntime:

from waveframe_guard import GovernedRuntime

runtime = GovernedRuntime(
    registry_path="contracts/index.json",
    reject_revoked_authority=True,
    warn_on_superseded=True,
)
runtime.bind_contract("finance-policy@1.0.0")

runtime.execute(
    actor={"id": "user-1", "type": "human", "role": "intern"},
    fn=transfer,
    args=(1250000,),
)

Runtime authority refs are explicit and versioned. Bind or pass finance-policy@1.0.0; unversioned contract IDs such as finance-policy are rejected because replay, audit, and cache integrity depend on deterministic authority identity.

By default, blocked execution raises GovernanceError. To observe the decision without raising, pass raise_on_block=False:

result = runtime.execute(
    actor={"id": "user-1", "type": "human", "role": "intern"},
    contract_id="finance-policy@1.0.0",
    fn=transfer,
    args=(1250000,),
    raise_on_block=False,
)

print(result.allowed)
print(result.reason)
print(result.contract_hash)

Allowed executions return GovernedExecutionResult(allowed=True, reason="execution allowed", value=<function return value>, ...). Blocked executions return GovernedExecutionResult(allowed=False, reason=<policy reason>, error=<block error>, ...).

The registry can map contract IDs to published contract artifacts:

{
  "contracts": [
    {
      "contract_id": "finance-policy",
      "contract_version": "1.0.0",
      "contract_hash": "sha256:...",
      "status": "active",
      "path": "finance-policy-1.0.0.contract.json"
    }
  ]
}

Runtime execution is intentionally small: registry lookup, load the published contract, install the Guard context, execute the guarded function, then allow or block.

You can also bind runtime context once and omit it from each execution:

runtime = GovernedRuntime(registry_path="contracts/index.json")
runtime.install_actor({"id": "user-1", "type": "human", "role": "manager"})
runtime.bind_contract("finance-policy@1.0.0")

result = runtime.execute(
    fn=transfer,
    args=(1250000,),
    raise_on_block=False,
)

Per-call actor and versioned contract_id values still work and override the bound context for that call.

Authority Lifecycle Awareness

Registry entries may include authority lifecycle metadata supplied by Cloud:

{
  "authority_ref": "finance-policy@1.0.0",
  "status": "revoked"
}

Guard evaluates lifecycle state before admissibility or function execution. Cloud can publish lifecycle metadata, but Cloud does not decide admissibility; Guard still evaluates the compiled authority locally.

  • revoked fails closed with GovernanceError when reject_revoked_authority=True.
  • superseded is warning-only when warn_on_superseded=True, records authority_lifecycle metadata on the result and event, and still allows intentionally pinned versions to execute.

Replay Admissibility

Replay systems can evaluate approval evidence without executing the governed function:

from waveframe_guard import evaluate_admissibility

decision = evaluate_admissibility(contract, execution_state)

The returned decision includes allowed, reason, missing_approvals, and a governed decision trace.

For proposal-bound execution, pass a normalized proposal directly:

result = runtime.execute_proposal(
    proposal,
    raise_on_block=False,
)

execute_proposal evaluates the proposal against the bound or supplied contract and returns the same GovernedExecutionResult shape.

Each runtime execution also emits a structured SDK-local audit event. Events are kept in memory on the runtime and attached to non-raising results:

result = runtime.execute(
    fn=transfer,
    args=(1250000,),
    raise_on_block=False,
)

print(result.event)
print(runtime.last_event)
print(runtime.audit_events)

Example event:

{
    "event_type": "governed_execution",
    "execution_type": "function",
    "allowed": False,
    "authority_ref": "finance-policy@1.0.0",
    "reason": "required role not satisfied: manager",
    "error": "Execution blocked: required role not satisfied: manager",
    "contract_id": "finance-policy",
    "contract_version": "1.0.0",
    "contract_hash": "...",
    "actor": {"id": "user-1", "type": "human", "role": "intern"},
    "target": "transfer",
    "timestamp": "2026-05-12T12:00:00+00:00",
}

To append events locally as JSON lines:

runtime = GovernedRuntime(
    registry_path="contracts/index.json",
    audit_path="runtime-audit.jsonl",
)

What Waveframe Guard Does

  • Intercepts function execution
  • Loads published contract artifacts
  • Evaluates governance rules before execution
  • Blocks invalid actions deterministically
  • Continues enforcement even if Cloud is unavailable

Local vs Cloud

Mode Behavior
Local Fast, local enforcement
Cloud Policy sync, audit, and attestation

Guard enforces locally. Cloud provides authority, audit, and verification.

Fail Modes

Mode Behavior
cache (default) Use cached policy if Cloud is unavailable
closed Block if Cloud is unavailable and no cached policy exists
open Allow execution if policy is unavailable and mark the decision unverified

Install

pip install waveframe-guard cricore-contract-compiler cricore-proposal-normalizer

Live Demo

python examples/live_enforcement_demo.py

The demo shows:

  • an intern blocked by policy
  • a manager allowed by policy
  • cached local enforcement during a simulated Cloud outage

Published Contracts

Guard runtime consumes published governance authority artifacts:

from pathlib import Path

install_guard(
    actor={"id": "user-1", "type": "human", "role": "manager"},
    contract_path=Path("contracts") / "finance-policy-1.0.0.contract.json"
)

Inline policy dictionaries are authored and compiled before runtime. Guard loads the compiled contract artifact and enforces against it locally.

Guard also records contract metadata in runtime context for audit and telemetry:

{
    "contract_id": "finance-policy",
    "contract_version": "1.0.0",
    "contract_hash": "..."
}

Why This Exists

Most AI systems can suggest, warn, or log.

Waveframe Guard is the layer that can stop execution.

Architecture Note

The Waveframe Guard SDK operates independently and does not require Cloud components to enforce governance locally.

The cloud directory contains experimental Cloud control plane components and is not required for SDK operation.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

waveframe_guard-0.6.1.tar.gz (25.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

waveframe_guard-0.6.1-py3-none-any.whl (18.4 kB view details)

Uploaded Python 3

File details

Details for the file waveframe_guard-0.6.1.tar.gz.

File metadata

  • Download URL: waveframe_guard-0.6.1.tar.gz
  • Upload date:
  • Size: 25.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for waveframe_guard-0.6.1.tar.gz
Algorithm Hash digest
SHA256 b6bdc5a66c8ee3beaf2141b638c21b8a4478d675fecfd10206f11aa2548553b1
MD5 c85287edfb0c9f87c69eaf4981c5402a
BLAKE2b-256 8dee7418cdfc72733aa31f71cc3c84474f6c74d0f3cec20c08c668344f8a5fe6

See more details on using hashes here.

File details

Details for the file waveframe_guard-0.6.1-py3-none-any.whl.

File metadata

File hashes

Hashes for waveframe_guard-0.6.1-py3-none-any.whl
Algorithm Hash digest
SHA256 354457e82a5c95e2348ee3afc15d4b41c1252ae8ca6ec0ba4c53a5bad6d07f02
MD5 da8ce22e739837ad6a4230dc22389c2d
BLAKE2b-256 d95f0e0a4caa9b7a19f718782125ef4c5811b95dccad741572e340cfd40dff07

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page