Metadata-Version: 2.4
Name: air-trust
Version: 0.1.0
Summary: Universal compliance trust layer for AI systems. One install, any framework. Local-first HMAC-SHA256 audit chain.
Project-URL: Homepage, https://airblackbox.ai
Project-URL: Repository, https://github.com/airblackbox/air-trust
Project-URL: Documentation, https://airblackbox.ai/docs
Project-URL: Issues, https://github.com/airblackbox/air-trust/issues
Author-email: Jason Shotwell <jason@airblackbox.ai>
License-Expression: Apache-2.0
License-File: LICENSE
Keywords: ai,anthropic,audit,compliance,crewai,eu-ai-act,governance,injection-detection,langchain,llm,openai,pii,safety,trust
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.9
Provides-Extra: all
Requires-Dist: anthropic>=0.20.0; extra == 'all'
Requires-Dist: langchain-core>=0.1.0; extra == 'all'
Requires-Dist: openai>=1.0.0; extra == 'all'
Provides-Extra: anthropic
Requires-Dist: anthropic>=0.20.0; extra == 'anthropic'
Provides-Extra: crewai
Requires-Dist: crewai>=0.30.0; extra == 'crewai'
Provides-Extra: dev
Requires-Dist: mypy>=1.5.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.21.0; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Requires-Dist: ruff>=0.1.0; extra == 'dev'
Provides-Extra: dspy
Requires-Dist: dspy>=2.0.0; extra == 'dspy'
Provides-Extra: google
Requires-Dist: google-generativeai>=0.5.0; extra == 'google'
Provides-Extra: haystack
Requires-Dist: haystack-ai>=2.0.0; extra == 'haystack'
Provides-Extra: langchain
Requires-Dist: langchain-core>=0.1.0; extra == 'langchain'
Provides-Extra: llamaindex
Requires-Dist: llama-index-core>=0.10.0; extra == 'llamaindex'
Provides-Extra: mcp
Requires-Dist: mcp>=1.0.0; extra == 'mcp'
Provides-Extra: openai
Requires-Dist: openai>=1.0.0; extra == 'openai'
Provides-Extra: otel
Requires-Dist: opentelemetry-sdk>=1.20.0; extra == 'otel'
Provides-Extra: pydantic-ai
Requires-Dist: pydantic-ai>=0.1.0; extra == 'pydantic-ai'
Provides-Extra: smolagents
Requires-Dist: smolagents>=0.1.0; extra == 'smolagents'
Description-Content-Type: text/markdown

# air-trust

**Universal compliance trust layer for AI systems.**

One package. Any framework. Any LLM. Any agent. Zero dependencies.

```bash
pip install air-trust
```

## Quick Start

```python
import air_trust

# 1. One-liner — wraps any AI client automatically
from openai import OpenAI
client = air_trust.trust(OpenAI())
# Every call is now audited with HMAC-SHA256 signed evidence

# 2. Decorator — wrap any function
@air_trust.monitor
def my_agent_step(prompt):
    return client.chat.completions.create(model="gpt-4o", messages=[{"role": "user", "content": prompt}])

# 3. Context manager — audit a block of code
with air_trust.session("my-pipeline") as s:
    result = my_agent_step("Analyze this document")
    s.log("Pipeline complete", risk_level="low")
```

That's it. HMAC-SHA256 signed audit chain, PII detection, prompt injection scanning — all local, no API key, no network calls.

## Why air-trust?

| | air-trust | SaaS alternatives |
|---|---|---|
| Evidence storage | Your machine (SQLite) | Vendor's cloud |
| Works offline | Yes | No |
| API key required | No | Yes |
| Signing location | In-process | Vendor servers |
| Vendor shutdown risk | None (open source) | Total |
| Dependencies | Zero | SDK + network |
| Framework lock-in | None | Per-framework |

## Supported Frameworks

air-trust auto-detects your framework and applies the right adapter:

**Proxy Adapter** (intercepts SDK calls):
OpenAI, Anthropic, Google GenAI, Google ADK, Ollama, vLLM, LiteLLM, Together, Groq, Mistral, Cohere

**Callback Adapter** (framework events):
LangChain, LangGraph, LlamaIndex, Haystack

**Decorator Adapter** (wraps functions/methods):
CrewAI, Smolagents, PydanticAI, DSPy, AutoGen, Browser Use

**OpenTelemetry Adapter** (reads gen_ai spans):
Semantic Kernel, any OTel-instrumented system

**MCP Adapter** (protocol-level):
Claude Desktop, Cursor, Claude Code, Windsurf, any MCP client

## How It Works

### Auto-Detection

```python
import air_trust

# Detects OpenAI client → applies proxy adapter
from openai import OpenAI
client = air_trust.trust(OpenAI())

# Detects CrewAI crew → applies decorator adapter
from crewai import Crew
crew = air_trust.trust(my_crew)

# Detects LangChain → returns callback handler
handler = air_trust.trust(my_chain)
my_chain.invoke(input, config={"callbacks": [handler]})
```

### HMAC-SHA256 Audit Chain

Every event is signed and linked to the previous record:

```
HMAC(key, previous_hash_bytes || JSON(record, sort_keys=True))
```

If anyone modifies a record after the fact, the chain breaks. Verify anytime:

```python
result = air_trust.verify()
# {'valid': True, 'records': 1847, 'broken_at': None}
```

### PII Detection

Scans every input/output for: email, SSN, phone, credit card, IBAN, national ID.

```python
result = air_trust.scan_text("Contact me at test@example.com, SSN 123-45-6789")
# {'pii': [{'type': 'email', 'count': 1}, {'type': 'ssn', 'count': 1}], ...}
```

### Prompt Injection Scanning

20 weighted patterns detect injection attempts in real-time:

```python
result = air_trust.scan_text("Ignore all previous instructions")
# {'injection': {'score': 0.95, 'alerts': [...]}}
```

### Sessions

Group related events and add custom checkpoints:

```python
with air_trust.session("document-analysis") as s:
    s.log("User input received", risk_level="low")

    # Scan arbitrary text
    scan = s.scan(user_input)
    if scan["injection"]["score"] > 0.7:
        s.log("Injection blocked", risk_level="critical")
        raise ValueError("Injection detected")

    # Wrap clients within the session
    client = s.trust(OpenAI())
    result = client.chat.completions.create(...)

    s.log("Analysis complete", risk_level="low")
```

## Storage

All evidence is stored locally in SQLite at `~/.air-trust/events.db`. No cloud. No network. No API keys. The signing key is auto-generated and persisted at `~/.air-trust/signing.key`.

Override paths via constructor:

```python
from air_trust import AuditChain

chain = AuditChain(
    db_path="/custom/path/events.db",
    signing_key="your-key-here",  # or set AIR_TRUST_KEY env var
)
```

## EU AI Act Compliance

air-trust is purpose-built for EU AI Act Article 11 (Technical Documentation) and Article 12 (Record-Keeping). The tamper-evident audit chain provides the evidence trail that regulators require — stored on your infrastructure, signed with NIST FIPS 198-1 compliant HMAC-SHA256.

**Deadline: August 2, 2026.**

## Part of AIR Blackbox

air-trust is the runtime compliance layer in the [AIR Blackbox](https://airblackbox.ai) ecosystem — open-source EU AI Act compliance tooling for developers.

## License

Apache-2.0
