Metadata-Version: 2.4
Name: iris-security-openai
Version: 0.1.0
Summary: IRIS governance for OpenAI — Cedar policy on every API call
Author-email: IRIS Platform <sdk@iris.ai>
License: Apache-2.0
Project-URL: Homepage, https://github.com/gimartinb/iris-sdk
Project-URL: Repository, https://github.com/gimartinb/iris-sdk
Requires-Python: >=3.10
Description-Content-Type: text/markdown
Requires-Dist: iris-security-core>=0.1.0
Requires-Dist: iris-security-sdk>=0.1.0
Provides-Extra: openai
Requires-Dist: openai>=1.30; extra == "openai"
Provides-Extra: dev
Requires-Dist: pytest>=8.0; extra == "dev"
Requires-Dist: pytest-asyncio>=0.23; extra == "dev"
Requires-Dist: ruff>=0.4; extra == "dev"

# iris-openai

Drop-in IRIS governance for the [OpenAI Python SDK](https://github.com/openai/openai-python).

Replace one line:

```python
# client = openai.OpenAI()
client = IrisOpenAI(passport=passport)
```

Every `client.chat.completions.create()`, `stream()`, and `client.embeddings.create()` call is evaluated against Cedar policy, recorded in the Evidence Vault, and enforced per `IRIS_ENV` (warn in dev, block in production).

Tool arrays are filtered to `passport.tool_permissions`; removed tools are logged as `IRIS-TOOL-001` (never silently dropped in dev).

## Install

```bash
pip install iris-openai
```

## Quickstart

See [examples/governed_gpt.py](examples/governed_gpt.py).

## Environment

| `IRIS_ENV`   | Behavior                                      |
|-------------|-----------------------------------------------|
| `dev`       | Fail open — warnings to stderr, never block   |
| `production`| Fail closed — `IrisViolationError` on deny    |

Defaults to `dev` when unset.
