Metadata-Version: 2.4
Name: rubric-app
Version: 0.1.0
Summary: Python SDK for Rubric — runtime governance for AI agents
Project-URL: Homepage, https://rubric-app.com
Project-URL: Documentation, https://docs.rubric-app.com
Project-URL: Repository, https://github.com/getrubric/sdk
Project-URL: Issues, https://github.com/getrubric/sdk/issues
Project-URL: Dashboard, https://app.rubric-app.com
Author-email: Rubric <support@rubric-app.com>
License: Apache-2.0
License-File: LICENSE
Keywords: ai-agents,ai-safety,audit,claude,guardrails,langchain,mcp,policy-engine,rubric,security
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: System :: Monitoring
Classifier: Typing :: Typed
Requires-Python: >=3.10
Requires-Dist: httpx>=0.27.0
Requires-Dist: pydantic>=2.5
Requires-Dist: pyyaml>=6.0
Requires-Dist: regex>=2024.9.11
Provides-Extra: claude-agent
Requires-Dist: claude-agent-sdk>=0.1.0; extra == 'claude-agent'
Provides-Extra: dev
Requires-Dist: mypy>=1.10.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest>=8.0.0; extra == 'dev'
Requires-Dist: ruff>=0.6.0; extra == 'dev'
Provides-Extra: langchain
Requires-Dist: langchain-core>=0.3.0; extra == 'langchain'
Requires-Dist: langchain>=0.3.0; extra == 'langchain'
Provides-Extra: mcp
Requires-Dist: mcp>=1.0; extra == 'mcp'
Description-Content-Type: text/markdown

# rubric-app

> Runtime governance for AI agents — Python SDK.

`rubric-app` is the official Python SDK for [Rubric](https://rubric-app.com). Wrap a tool call with one decorator and every invocation is evaluated against your central policy bundle and logged to a tamper-evident audit trail. Built for teams running LangChain, MCP, the Claude Agent SDK, or anything else that calls tools on behalf of an LLM.

## Install

Requires **Python 3.10+**.

```bash
pip install rubric-app
```

Optional adapter extras:

```bash
pip install 'rubric-app[langchain]'        # LangChain callback
pip install 'rubric-app[claude-agent]'     # claude_agent_sdk PreToolUse hook
pip install 'rubric-app[mcp]'              # MCP ClientSession wrapper
```

## Quickstart

You'll need an **enrollment token** from your Rubric dashboard at <https://app.rubric-app.com>. Tokens start with `enr_`.

```python
import os
import rubric

# 1. Bootstrap once at process startup.
os.environ["RUBRIC_ENROLLMENT_TOKEN"] = "enr_…"   # or pass enrollment_token=...
rubric.init(agent_name="payments-bot")

# 2. Decorate any tool function. The decorator calls evaluate() before
#    invoking it; if the policy denies, GovernanceDeniedError is raised.
@rubric.tool
def delete_file(path: str) -> str:
    return _do_delete(path)

# 3. Optional: group calls under a session so audit rows can be filtered
#    by conversation in the dashboard.
with rubric.session("conv-42"):
    try:
        delete_file("/tmp/foo")
    except rubric.GovernanceDeniedError as e:
        print(f"blocked by policy: {e}")
```

## Adapters

End-to-end examples live under `examples/` in the source repo:

| Example | Integrates with |
| --- | --- |
| `examples/decorator_quickstart.py` | Plain Python functions (the shortest possible governed agent) |
| `examples/langchain_quickstart.py` | LangChain `BaseTool` subclasses — denies raise `GovernanceDeniedError` |
| `examples/claude_agent_quickstart.py` | `claude_agent_sdk` — installs a `PreToolUse` permission callback |
| `examples/mcp_quickstart.py` | Raw `mcp.ClientSession` — denies surface as `CallToolResult(isError=True)` |

## How it works

- **Bundle poller** — a background thread pulls `GET /v1/bundle?since=<hash>` every 30s. New bundles atomically replace the in-process evaluator state.
- **Evaluator** — pure-Python by default. ReDoS-immune (`regex` library with a per-match timeout) and fail-closed (a detector crash or regex compile failure denies).
- **Audit sink** — events queue without blocking the hot path, ship in batches, retry on transient failures, and pass through `scrub_secrets()` before egress.
- **DLP** — optional `Detector` for inline scanning of tool inputs and outputs; same scrubber covers JWTs, `Bearer` headers, postgres credentials, AWS / OpenAI / GitHub / Slack provider keys, and 64-char hex tokens.

## Environment variables

| Variable | Purpose |
| --- | --- |
| `RUBRIC_ENROLLMENT_TOKEN` | Token from the dashboard. Required unless passed via `enrollment_token=`. |
| `RUBRIC_AGENT_NAME` | Stable name for this agent in the dashboard. Required unless passed via `agent_name=`. |
| `RUBRIC_API_URL` | Override the default `https://api.rubric-app.com`. Must be `https://` and on `rubric-app.com` or a subdomain — the SDK refuses everything else at construction. |
| `RUBRIC_DLP` | DLP mode override: `off`, `regex`, `presidio`, `auto`. |

## License

Apache-2.0. See [LICENSE](./LICENSE).

## Links

- Dashboard: <https://app.rubric-app.com>
- Documentation: <https://docs.rubric-app.com>
- Issues: <https://github.com/getrubric/sdk/issues>
