Metadata-Version: 2.4
Name: glacis
Version: 0.2.0
Summary: GLACIS SDK for Python - AI Compliance Attestation
Project-URL: Homepage, https://glacis.io
Project-URL: Documentation, https://docs.glacis.io/sdk/python
Project-URL: Repository, https://github.com/Glacis-io/glacis-python
Project-URL: Issues, https://github.com/Glacis-io/glacis-python/issues
Author-email: GLACIS <sdk@glacis.io>
License-Expression: Apache-2.0
License-File: LICENSE
Keywords: ai,attestation,compliance,logging,transparency
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.9
Requires-Dist: httpx>=0.25.0
Requires-Dist: pydantic>=2.0.0
Requires-Dist: pynacl>=1.5.0
Provides-Extra: all
Requires-Dist: anthropic>=0.18.0; extra == 'all'
Requires-Dist: mypy>=1.0.0; extra == 'all'
Requires-Dist: openai>=1.0.0; extra == 'all'
Requires-Dist: presidio-analyzer>=2.2.0; extra == 'all'
Requires-Dist: presidio-anonymizer>=2.2.0; extra == 'all'
Requires-Dist: pytest-asyncio>=0.21.0; extra == 'all'
Requires-Dist: pytest-httpx>=0.22.0; extra == 'all'
Requires-Dist: pytest>=7.0.0; extra == 'all'
Requires-Dist: pyyaml>=6.0.0; extra == 'all'
Requires-Dist: ruff>=0.1.0; extra == 'all'
Requires-Dist: spacy>=3.5.0; extra == 'all'
Requires-Dist: torch>=2.0.0; extra == 'all'
Requires-Dist: transformers>=4.35.0; extra == 'all'
Provides-Extra: anthropic
Requires-Dist: anthropic>=0.18.0; extra == 'anthropic'
Provides-Extra: controls
Requires-Dist: presidio-analyzer>=2.2.0; extra == 'controls'
Requires-Dist: presidio-anonymizer>=2.2.0; extra == 'controls'
Requires-Dist: pyyaml>=6.0.0; extra == 'controls'
Requires-Dist: spacy>=3.5.0; extra == 'controls'
Requires-Dist: torch>=2.0.0; extra == 'controls'
Requires-Dist: transformers>=4.35.0; extra == 'controls'
Provides-Extra: dev
Requires-Dist: mypy>=1.0.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.21.0; extra == 'dev'
Requires-Dist: pytest-httpx>=0.22.0; extra == 'dev'
Requires-Dist: pytest>=7.0.0; extra == 'dev'
Requires-Dist: ruff>=0.1.0; extra == 'dev'
Provides-Extra: jailbreak
Requires-Dist: pyyaml>=6.0.0; extra == 'jailbreak'
Requires-Dist: torch>=2.0.0; extra == 'jailbreak'
Requires-Dist: transformers>=4.35.0; extra == 'jailbreak'
Provides-Extra: openai
Requires-Dist: openai>=1.0.0; extra == 'openai'
Provides-Extra: redaction
Requires-Dist: presidio-analyzer>=2.2.0; extra == 'redaction'
Requires-Dist: presidio-anonymizer>=2.2.0; extra == 'redaction'
Requires-Dist: pyyaml>=6.0.0; extra == 'redaction'
Requires-Dist: spacy>=3.5.0; extra == 'redaction'
Description-Content-Type: text/markdown

<p align="center">
  <img src="assets/glacis-logo.png" alt="Glacis" width="200">
</p>

# Glacis Python SDK

**Tamper-proof audit logs for AI systems - without exposing sensitive data.**

## The Problem

You need to prove what your AI did for compliance, audits, or legal discovery. But sending prompts and responses to a logging service exposes sensitive data (PII, PHI, trade secrets).

## The Solution

Glacis creates cryptographic proofs of AI operations. Your data stays local - only a SHA-256 hash is sent for witnessing.

```
Your Infrastructure              Glacis Log
┌─────────────────────┐         ┌─────────────────────┐
│ "Pt. Frodo Baggins  │         │ 7a3f8b2c...         │
│  has diabetes"      │  ──→    │ (64-char hash)      │
│                     │         │ + timestamp         │
│ (data stays here)   │         │ + Merkle proof      │
└─────────────────────┘         └─────────────────────┘
```

Later, you can prove the hash matches your local records without revealing the data itself.

## Installation

```bash
pip install glacis[openai]      # For OpenAI
pip install glacis[anthropic]   # For Anthropic
pip install glacis[controls]    # Add PII redaction + jailbreak detection
pip install glacis[all]         # Everything
```

## Quick Start

### Option 1: Drop-in Wrapper (Recommended)

Replace your OpenAI/Anthropic client with a wrapped version. Every API call is automatically attested.

```python
import os
from glacis.integrations.openai import attested_openai, get_last_receipt

# Create wrapped client (offline mode - no Glacis account needed)
client = attested_openai(
    openai_api_key="sk-...",
    offline=True,
    signing_seed=os.urandom(32),
)

# Use exactly like the normal OpenAI client
response = client.chat.completions.create(
    model="gpt-4",
    messages=[{"role": "user", "content": "Hello!"}]
)

# Get the attestation receipt
receipt = get_last_receipt()
print(f"Attestation ID: {receipt.attestation_id}")
```

Works the same for Anthropic:

```python
from glacis.integrations.anthropic import attested_anthropic, get_last_receipt

client = attested_anthropic(
    anthropic_api_key="sk-ant-...",
    offline=True,
    signing_seed=os.urandom(32),
)
```

### Option 2: Direct API

For custom attestations (non-OpenAI/Anthropic, or manual control):

```python
import os
from glacis import Glacis

glacis = Glacis(mode="offline", signing_seed=os.urandom(32))

receipt = glacis.attest(
    service_id="my-ai-app",
    operation_type="inference",
    input={"prompt": "Summarize this..."},
    output={"response": "The document..."},
)
```

## Adding PII Redaction

Automatically detect and redact sensitive data before it's hashed:

```python
client = attested_openai(
    openai_api_key="sk-...",
    offline=True,
    signing_seed=os.urandom(32),
    redaction="fast",  # Regex-based, or "full" for ML models
)

response = client.chat.completions.create(
    model="gpt-4",
    messages=[{"role": "user", "content": "My SSN is 123-45-6789"}]
)

# The attestation hash is computed on: "My SSN is [US_SSN]"
# Original text still sent to OpenAI, but redacted version is attested
```

## Configuration File

For persistent settings, create `glacis.yaml`:

```yaml
attestation:
  offline: true
  service_id: my-ai-service

controls:
  pii_phi:
    enabled: true
    mode: fast          # "fast" (regex) or "full" (Presidio NER)

  jailbreak:
    enabled: true
    threshold: 0.5      # Block prompt injection attempts
    action: block       # "warn" or "block"
```

Then:

```python
client = attested_openai(
    openai_api_key="sk-...",
    config_path="glacis.yaml",
)
```

## Retrieving Evidence

Full payloads are stored locally for audits:

```python
from glacis.integrations.openai import get_last_receipt, get_evidence

receipt = get_last_receipt()
evidence = get_evidence(receipt.attestation_id)

print(evidence["input"])                  # Original input
print(evidence["output"])                 # Original output
print(evidence["control_plane_results"])  # PII/jailbreak results
```

Evidence is stored in `~/.glacis/receipts.db` (SQLite).

## Online vs Offline Mode

| Feature | Offline | Online |
|---------|---------|--------|
| Requires Glacis account | No | Yes |
| Signing | Local Ed25519 | Glacis witness |
| Third-party verifiable | No | Yes (Merkle proofs) |
| Use case | Development, air-gapped | Production, audits |

To use online mode:

```python
client = attested_openai(
    openai_api_key="sk-...",
    glacis_api_key="glsk_live_...",  # Get at glacis.io
)
```

## What Gets Sent to Glacis?

| Data | Sent? |
|------|-------|
| Your prompts | No (hash only) |
| Model responses | No (hash only) |
| API keys | No |
| service_id, operation_type | Yes |
| Timestamps | Yes |

## CLI

Verify a receipt:

```bash
python -m glacis verify receipt.json
```

## Security

- **Hashing**: SHA-256 with RFC 8785 canonical JSON (cross-runtime compatible)
- **Signing**: Ed25519 via PyNaCl (libsodium)
- **Online mode**: Merkle tree inclusion proofs (RFC 6962)

## License

Apache 2.0
