Metadata-Version: 2.4
Name: axiom-lang
Version: 0.2.1
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Rust
Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
Classifier: Topic :: Security
Summary: Python bindings for Axiom - a verification-first policy engine for AI agents
Keywords: policy,ai,safety,verification,agents
Author: Axiom Contributors
License: Apache-2.0
Requires-Python: >=3.12
Description-Content-Type: text/markdown
Project-URL: Homepage, https://github.com/latentcollapse/Axiom
Project-URL: Repository, https://github.com/latentcollapse/Axiom

# Axiom

A small, embeddable policy engine. Write a policy file, check intentions before execution.

Think SQLite — not a server, not a framework, just a library you drop in.

---

## Quick Start

**Download pre-built binaries:**

```bash
# Linux
wget https://github.com/latentcollapse/Axiom/releases/latest/download/axiom-linux-x64.zip
unzip axiom-linux-x64.zip
# You now have: libaxiom_lang.so, axiom.h, examples/

# Windows
# Download axiom-windows-x64.zip from releases
# Contains: axiom_lang.dll, axiom.h, examples/
```

**Or build from source:**

```bash
git clone https://github.com/latentcollapse/Axiom
cd Axiom
cargo build --release
# Output: target/release/libaxiom_lang.so (or .dll on Windows)
```

---

## Use It

**C (or any language with C FFI):**

```c
#include "axiom.h"

int main() {
    axiom_engine_t *eng = axiom_engine_open("policy.axm");
    
    const char *keys[] = { "path" };
    const char *vals[] = { "/tmp/output.txt" };
    int rc = axiom_verify(eng, "WriteFile", keys, vals, 1);
    
    if      (rc == 1) puts("allowed");
    else if (rc == 0) printf("blocked: %s\n", axiom_denied_reason(eng));
    else              printf("error: %s\n",   axiom_errmsg(eng));
    
    axiom_engine_close(eng);
}
```

Compile:
```bash
gcc main.c -L. -laxiom_lang -o myapp
```

**Rust:**

```toml
# Cargo.toml
[dependencies]
axiom-lang = { git = "https://github.com/latentcollapse/Axiom" }
```

```rust
use axiom_lang::AxiomEngine;

let engine = AxiomEngine::from_file("policy.axm")?;
let verdict = engine.verify("WriteFile", &[("path", "/tmp/output.txt")])?;

if verdict.allowed() {
    // proceed
} else {
    eprintln!("blocked: {}", verdict.reason().unwrap_or_default());
}
```

**Python:**

```bash
pip install axiom-lang
```

```python
from axiom import AxiomEngine

engine = AxiomEngine.from_file("policy.axm")
v = engine.verify("WriteFile", {"path": "/tmp/output.txt"})

if v.allowed:
    print("allowed")
else:
    print(f"blocked: {v.reason}")
```

---

## Write a Policy

```axm
module security {
    intent WriteFile {
        takes: path: String, content: String;
        gives: success: bool;
        effect: WRITE;
        pre: !contains(path, "/etc/");
        pre: !contains(path, "..");
    }
    
    intent ReadFile {
        takes: path: String;
        gives: content: String;
        effect: READ;
        pre: !contains(path, "/etc/shadow");
        pre: !contains(path, ".ssh/");
    }
    
    intent RunCommand {
        takes: command: String;
        gives: output: String;
        effect: EXECUTE;
        pre: !contains(command, "rm -rf");
        pre: !starts_with(command, "curl");
    }
}
```

Save as `policy.axm`, load it, verify intentions. Done.

---

## Pre-Conditions

The `pre:` field is where you define what's allowed:

| Function | Example | Meaning |
|----------|---------|---------|
| `contains(s, sub)` | `contains(path, "/tmp")` | String contains substring |
| `starts_with(s, prefix)` | `starts_with(cmd, "nmap")` | String starts with prefix |
| `matches(s, pattern)` | `matches(url, "https://.*\.internal\.com")` | Regex match |
| `length(s) > N` | `length(content) < 10000` | Length comparison |
| `!` | `!contains(path, "..")` | Negation |
| `&&`, `\|\|` | `pre: a && b` | Combine conditions |

All pre-conditions must pass for an intent to be allowed.

---

## Conscience Predicates

Built-in safety checks that apply automatically:

| Predicate | Blocks |
|-----------|--------|
| `path_safety` | `/etc/shadow`, `.ssh/`, path traversal (`../..`) |
| `no_exfiltrate` | Undeclared network destinations |
| `no_bypass_verification` | Attempts to skip verification |

Add to an intent with `conscience: path_safety, no_exfiltrate;`

---

## API Reference

| Function | Returns |
|----------|---------|
| `axiom_engine_open(path)` | Handle to engine |
| `axiom_engine_open_source(src)` | Handle from string |
| `axiom_verify(eng, intent, keys, vals, n)` | 1=allowed, 0=denied, -1=error |
| `axiom_denied_reason(eng)` | Why it was blocked |
| `axiom_errmsg(eng)` | Error message |
| `axiom_engine_close(eng)` | Free handle |
| `axiom_version()` | Version string |

---

## Building

```bash
cargo build --release   # libaxiom_lang.so / .dll / .dylib
cargo test              # run test suite
```

Requires Rust 1.70+. Only dependency is `blake3`.

---

## Status

**MVP. Not production-ready.**

Core verification works. Pre-conditions, conscience predicates, C/Rust/Python bindings all functional. The API will evolve. Breaking changes may occur without notice until 1.0.

Use it, test it, break it. Feedback welcome — open an issue.

