Metadata-Version: 2.4
Name: coreason_adlc_api
Version: 0.1.0
Summary: Secure ADLC Middleware enforcing PII scrubbing, budget caps, and strict governance.
License: # The Prosperity Public License 3.0.0
         
         Contributor: CoReason, Inc.
         
         Source Code: https://github.com/CoReason-AI/coreason_adlc_api
         
         ## Purpose
         
         This license allows you to use and share this software for noncommercial purposes for free and to try this software for commercial purposes for thirty days.
         
         ## Agreement
         
         In order to receive this license, you have to agree to its rules.  Those rules are both obligations under that agreement and conditions to your license.  Don't do anything with this software that triggers a rule you can't or won't follow.
         
         ## Notices
         
         Make sure everyone who gets a copy of any part of this software from you, with or without changes, also gets the text of this license and the contributor and source code lines above.
         
         ## Commercial Trial
         
         Limit your use of this software for commercial purposes to a thirty-day trial period.  If you use this software for work, your company gets one trial period for all personnel, not one trial per person.
         
         ## Contributions Back
         
         Developing feedback, changes, or additions that you contribute back to the contributor on the terms of a standardized public software license such as [the Blue Oak Model License 1.0.0](https://blueoakcouncil.org/license/1.0.0), [the Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0.html), [the MIT license](https://spdx.org/licenses/MIT.html), or [the two-clause BSD license](https://spdx.org/licenses/BSD-2-Clause.html) doesn't count as use for a commercial purpose.
         
         ## Personal Uses
         
         Personal use for research, experiment, and testing for the benefit of public knowledge, personal study, private entertainment, hobby projects, amateur pursuits, or religious observance, without any anticipated commercial application, doesn't count as use for a commercial purpose.
         
         ## Noncommercial Organizations
         
         Use by any charitable organization, educational institution, public research organization, public safety or health organization, environmental protection organization, or government institution doesn't count as use for a commercial purpose regardless of the source of funding or obligations resulting from the funding.
         
         ## Defense
         
         Don't make any legal claim against anyone accusing this software, with or without changes, alone or with other technology, of infringing any patent.
         
         ## Copyright
         
         The contributor licenses you to do everything with this software that would otherwise infringe their copyright in it.
         
         ## Patent
         
         The contributor licenses you to do everything with this software that would otherwise infringe any patents they can license or become able to license.
         
         ## Reliability
         
         The contributor can't revoke this license.
         
         ## Excuse
         
         You're excused for unknowingly breaking [Notices](#notices) if you take all practical steps to comply within thirty days of learning you broke the rule.
         
         ## No Liability
         
         ***As far as the law allows, this software comes as is, without any warranty or condition, and the contributor won't be liable to anyone for any damages related to this software or this license, under any kind of legal claim.***
License-File: LICENSE
License-File: NOTICE
Author: Gowtham A Rao
Author-email: gowtham.rao@coreason.ai
Requires-Python: >=3.12, <3.15
Classifier: License :: Other/Proprietary License
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Operating System :: OS Independent
Requires-Dist: asyncpg (>=0.31.0,<0.32.0)
Requires-Dist: cryptography (>=46.0.3,<47.0.0)
Requires-Dist: email-validator (>=2.3.0,<3.0.0)
Requires-Dist: fastapi (>=0.127.0,<0.128.0)
Requires-Dist: litellm (>=1.80.11,<2.0.0)
Requires-Dist: loguru (>=0.7.2,<0.8.0)
Requires-Dist: presidio-analyzer (>=2.2.360,<3.0.0) ; python_version < "3.14"
Requires-Dist: pydantic-settings (>=2.12.0,<3.0.0)
Requires-Dist: pyjwt (>=2.10.1,<3.0.0)
Requires-Dist: redis (>=7.1.0,<8.0.0)
Requires-Dist: spacy (>=3.8.11,<4.0.0)
Requires-Dist: uvicorn[standard] (>=0.40.0,<0.41.0)
Project-URL: Documentation, https://github.com/CoReason-AI/coreason_adlc_api
Project-URL: Homepage, https://github.com/CoReason-AI/coreason_adlc_api
Project-URL: Repository, https://github.com/CoReason-AI/coreason_adlc_api
Description-Content-Type: text/markdown

# coreason_adlc_api

Secure ADLC Middleware enforcing PII scrubbing, budget caps, and strict governance.

[![CI](https://github.com/CoReason-AI/coreason_adlc_api/actions/workflows/ci.yml/badge.svg)](https://github.com/CoReason-AI/coreason_adlc_api/actions/workflows/ci.yml)

## The Architecture and Utility of coreason_adlc_api

### 1. The Philosophy (The Why)

In the high-stakes environment of biopharmaceutical development, we face a critical tension: the need for rapid AI innovation versus the absolute requirement for GxP compliance, data sovereignty, and auditability. The standard approach—allowing developers direct access to model APIs—creates a "Black Box" liability where costs spiral and decision provenance is lost.

We architected the **coreason_adlc_api** to resolve this by shifting governance from a client-side "honor system" to a server-side "hard gate." Our intent is to prevent "Toxic Telemetry" and "Cloud Bill Shock" while ensuring that every AI-generated insight is inextricably linked to a human identity. This middleware acts as a "Clean Room" airlock, securing the data plane without hindering developer velocity.

### 2. Under the Hood (The Dependencies & Logic)

The architecture leverages a stack chosen for concurrency, security, and integration rather than raw generative capability:

* **fastapi & uvicorn**: The backbone is asynchronous, designed to handle high-concurrency inference requests without blocking the application logic.
* **litellm**: This dependency underscores our "Borrow to Build" mandate. Instead of writing custom clients for every model provider, we use litellm as a universal proxy, allowing the middleware to intercept payloads regardless of the underlying model.
* **presidio-analyzer & spacy**: These libraries provide the "scrubbing" intelligence. By integrating Microsoft’s Presidio directly into the memory stream, we ensure that PII detection happens locally and in-memory, intercepting sensitive data before it ever touches a disk.
* **redis & asyncpg**: Performance is critical. redis handles high-speed, atomic budget counting, while asyncpg ensures non-blocking writes to the immutable PostgreSQL audit logs.
* **cryptography**: Security is treated as a first-class citizen with AES encryption primitives, enabling a "Vault" architecture where API keys are decrypted only in memory during inference.

The internal logic operates as a series of **Interceptors**. When a request arrives, it passes through the **Budget Gatekeeper** and **Identity Validator** before the **PII Sentinel** scans it. Only then is the request proxied to the LLM. The response travels back through the same scrubber, ensuring the **Immutable Execution Record (IER)** contains only sanitized, safe data.

### 3. In Practice (The How)

The utility of coreason_adlc_api is best understood through its enforcement mechanisms. These examples illustrate how the middleware creates a safe environment for AI execution.

#### The Budget Guardrail

Before any inference occurs, the system performs an atomic check against a user's daily limit. This prevents infinite loops or excessive testing from draining resources.

```python
from coreason_adlc_api.middleware.budget import check_budget_guardrail
from uuid import uuid4

# In the request lifecycle, before calling the LLM:
user_id = uuid4()
estimated_cost = 0.05  # Cost derived from token count

try:
    # This is a blocking check backed by Redis.
    # It atomically increments the spend and reverts if the limit is hit.
    allowed = check_budget_guardrail(user_id, estimated_cost)

    print(f"Request allowed. Processing inference for user {user_id}...")

except Exception as e:
    # 402 Payment Required is raised to the client
    print(f"Governance Block: {e}")
```

#### In-Stream PII Scrubbing

To prevent "Toxic Telemetry," the API scrubs payloads in memory using a Singleton analyzer to avoid reload overhead.

```python
from coreason_adlc_api.middleware.pii import scrub_pii_payload

# A raw payload containing sensitive data enters the system
raw_payload = "Patient John Doe called from 555-0199 regarding adverse effects."

# The Scrubber intercepts the text before it is written to telemetry logs
safe_payload = scrub_pii_payload(raw_payload)

# The output preserves structure but obliterates identity
# Output: "Patient <REDACTED PERSON> called from <REDACTED PHONE_NUMBER> regarding adverse effects."
print(f"Loggable Payload: {safe_payload}")
```

#### Pessimistic Locking for Collaboration

To enforce the "Single Author" principle of the ADLC, the workbench router enforces strict locking. This ensures that while multiple users can view a draft, only one can edit it at a time.

```python
# Inside coreason_adlc_api/routers/workbench.py

@router.put("/drafts/{draft_id}")
async def update_existing_draft(draft_id: UUID, update: DraftUpdate, identity: UserIdentity):
    """
    Updates draft content, but only if the user holds the lock.
    """
    # 1. Fetch the draft metadata efficiently
    current_draft = await get_draft_by_id(draft_id, identity.oid)

    # 2. Verify Project Access (RBAC)
    # Ensures the user belongs to the Entra ID group assigned to this AUC
    await _verify_project_access(identity, current_draft.auc_id)

    # 3. Commit the update
    # If the draft is locked by another user, the service layer raises a 423 Locked error
    return await update_draft(draft_id, update, identity.oid)
```

## Getting Started

### Prerequisites

- Python 3.12+
- Poetry

### Installation

1.  Clone the repository:
    ```sh
    git clone https://github.com/CoReason-AI/coreason_adlc_api
    cd coreason_adlc_api
    ```
2.  Install dependencies:
    ```sh
    poetry install
    ```

### Usage

-   Run the linter:
    ```sh
    poetry run pre-commit run --all-files
    ```
-   Run the tests:
    ```sh
    poetry run pytest
    ```

