Skip to content

skunkworks-powerweave/never-auto-act-guard

Repository files navigation

never-auto-act-guard

A record physically cannot enter a consequential state without a human's verbatim sign-off — and the in-memory bypass window is closed.

When an automated system can propose and execute a hard-to-reverse action — a production deploy, a money transfer, a data deletion, a model promotion — the dangerous failure mode is silent auto-action: some code path constructs the "approved" record and the action fires, with no human ever on the hook. never-auto-act-guard makes that impossible at the type level.

You declare, per record class, which statuses are gated (consequential) and which sign-off fields are required. The guard then enforces two things:

  1. At construction — building a record directly in a gated status without every required, non-empty sign-off field raises SignoffRequired.
  2. At mutation — assigning a record into a gated status (or clearing a required field while it is already gated) re-runs the gate and rolls the assignment back before re-raising. The attribute write that would otherwise sneak the record into the consequential state leaves no trace.
from dataclasses import dataclass
from typing import Optional
from never_auto_act_guard import SignoffGatedRecord, SignoffRequired

@dataclass
class GatedAction(SignoffGatedRecord):
    action_id: str
    status: str  # recommended | signed_off | applied | rolled_back
    verbatim_response: Optional[str] = None
    responsible_owner: Optional[str] = None
    _gated_statuses = ("signed_off", "applied", "rolled_back")
    def __post_init__(self): self._arm_signoff_gate()

rec = GatedAction("act-42", status="recommended")     # advisory — fine
rec.status = "signed_off"                              # -> SignoffRequired; rec.status is STILL "recommended"

The moat

The valuable, hard-to-fake part is the closed bypass window. Most "approval" checks validate at one moment — usually construction — and leave a wide-open hole: any later attribute write (record.status = "applied") can move the object into the consequential state without re-validating, and an automated pipeline will happily do exactly that. This guard overrides __setattr__ so a gated transition re-runs the sign-off check on every mutation and atomically rolls back the assignment on failure (via an _UNSET sentinel that distinguishes "never set" from "set to None"). The result is an invariant you can actually rely on: there is no in-process path — construction or mutation — by which a record reaches a consequential status without a substantive, human, verbatim authorization on file. That is the property auditors, regulators, and post-incident reviews ask for, and it is far cheaper to adopt as a primitive than to retrofit after an incident. See docs/MOAT.md.

Install

pip install -e .

Zero runtime dependencies — pure standard library, Python 3.9+.

What's here

  • SignoffGatedRecord — mixin; set _status_field, _gated_statuses, _required_signoff_fields, and call _arm_signoff_gate() at the end of __post_init__.
  • signoff_gated(...) — dataclass decorator form; wires the gate automatically, no __post_init__ needed.
  • SignoffRequired — raised when a gated record is constructed or mutated without valid sign-off.
  • DEFAULT_REQUIRED_SIGNOFF_FIELDS (verbatim_response + responsible_owner), DEFAULT_VERBATIM_MIN_LENGTH (50).

Full reference: docs/API.md. How to wire it into your system: docs/FORKING.md.

License

MIT — see LICENSE.


About Powerweave Skunkworks

Powerweave Skunkworks is the AI R&D division of Powerweave Software Services — a rapid-innovation lab that turns real-world product feedback into working, reusable, open-source building blocks. Working in parallel to the main engineering backlog, a lean, cross-functional team of product and technology specialists (UX, data, software engineering, and AI) fast-tracks high-priority ideas into validated modules ready for full-scale build-out.

never-auto-act-guard is one such building block — a de-domained, MIT-licensed, dependency-light component extracted from Powerweave's internal R&D and engineered to be forked into any SaaS or enterprise product.

About Powerweave

Powerweave Software Services Pvt. Ltd. is a digital-transformation company founded in 2001 and headquartered in Mumbai, India. With 25+ years of experience, 1,700+ professionals, and 350+ global customers, Powerweave builds platforms, processes, and teams across enterprise eCommerce, AI-powered procurement, Microsoft Dynamics ERP, business services, and sustainability — with a strong focus on cutting-edge AI automation that streamlines workflows, reduces manual errors, and accelerates decision-making. Powerweave is ISO 27001:2013 certified.

Explore Powerweave

Maintainers — Powerweave Skunkworks


Keywords: governance · signoff · guard · human-in-the-loop · dataclass · approval · safety · audit · Powerweave · Powerweave Skunkworks · AI R&D · open source · MIT · Python · forkable.

About

A dataclass guard: a record physically cannot enter a consequential status without a human verbatim sign-off, with an __setattr__ rollback that closes the in-memory bypass window.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages