Metadata-Version: 2.4
Name: modekeeper
Version: 0.1.13
Summary: ModeKeeper: verify-first, customer-safe read-only agent; apply is licensed and gated
Author: ModeKeeper
License-Expression: LicenseRef-Proprietary
Keywords: mlops,observability,autotuning,safety
Classifier: Programming Language :: Python :: 3
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: cryptography>=42.0.0
Provides-Extra: dev
Requires-Dist: pytest>=7.4; extra == "dev"
Requires-Dist: ruff>=0.4.8; extra == "dev"
Dynamic: license-file

# ModeKeeper

ModeKeeper is a verify-first operations agent for SRE, MLOps, and FinOps teams.
It keeps Free mode customer-safe and read-only so teams can inspect, evaluate, and export evidence.
Every workflow starts with observation and verification before any mutation is considered.
Paid mode unlocks controlled apply flows, policy packs, and governance workflows.
Safety gates enforce `license_ok` + `verify_ok` + kill-switch + approval/audit metadata.
`--out` artifacts keep approvals, audits, and incident review traceable end to end.

<!-- modekeeper:product-intro:start -->
ModeKeeper is a verify-first operations agent for SRE, MLOps, and FinOps teams.
Free mode is customer-safe and read-only: inspect systems, evaluate plans, and export evidence.
Every workflow starts with observation and verification before any change is considered.
Paid mode unlocks apply actions and governance/policy packs for controlled execution.
Licensed apply is hard-gated by license checks, kill-switch controls, and `verify_ok`.
Use `--out` artifacts to keep approvals, audits, and incident review traceable.
Public PyPI packages ship only the safe public runtime, never proprietary paid core.
<!-- modekeeper:product-intro:end -->

## Install

```bash
python -m pip install -U modekeeper
```

Optional:

```bash
pipx install modekeeper
```

## Quickstart

```bash
mk --help
```

```bash
mk doctor
```

```bash
mk quickstart --out report/_quickstart
```

```bash
mk eval file --path report/_quickstart/plan/decision_trace_latest.jsonl --out report/_eval_quick
```

```bash
OBSERVE_ONLY=1 mk observe --duration 30s --source synthetic --out report/_observe_quick
```

Closed-loop dry run (no apply):

```bash
mk closed-loop run --scenario drift --dry-run --out report/_closed_loop_dry
```

Closed-loop apply (safe blocked example):

```bash
MODEKEEPER_KILL_SWITCH=1 MODEKEEPER_APPROVAL_ID=CHG-2026-004 MODEKEEPER_AUDIT_LOG=report/_closed_loop_apply_blocked/audit.json mk closed-loop run --scenario drift --apply --out report/_closed_loop_apply_blocked
```

Apply is gated by `license_ok` + `verify_ok` + kill-switch state + approval/audit metadata; with `MODEKEEPER_KILL_SWITCH=1`, apply remains blocked.

## How It Works

1. `observe`: collect read-only signals and write artifacts with `--out`.
2. `propose`: generate candidate actions/plans without mutating customer systems.
3. `verify`: check invariants/policies and produce a `verify_ok` decision artifact.
4. `apply` (licensed): execute only after gates pass (license + kill-switch + approval/audit + `verify_ok`).

## Packaging Policy (PyPI)

Public PyPI distribution is limited to customer-safe read-only capabilities.
Proprietary paid apply core and governance/policy packs are not shipped in public PyPI artifacts.

## Free vs Paid

- Free: customer-safe read-only workflows (`doctor`, `quickstart`, `observe`, `eval`, `roi`, `plan`, `verify`, `export`) with no mutations.
- Paid: apply actions plus governance/policy packs, gated by license, kill-switch, approval/audit controls, and `verify_ok`.

## Support / Commercial

Run `mk export --out report/_pilot_bundle` and send it to your ModeKeeper support/sales contact to request a pilot/license.
