A record physically cannot enter a consequential state without a human's verbatim sign-off — and the in-memory bypass window is closed.
When an automated system can propose and execute a hard-to-reverse action — a production deploy, a money transfer, a data deletion, a model promotion — the dangerous failure mode is silent auto-action: some code path constructs the "approved" record and the action fires, with no human ever on the hook. never-auto-act-guard makes that impossible at the type level.
You declare, per record class, which statuses are gated (consequential) and which sign-off fields are required. The guard then enforces two things:
- At construction — building a record directly in a gated status without every required, non-empty sign-off field raises
SignoffRequired. - At mutation — assigning a record into a gated status (or clearing a required field while it is already gated) re-runs the gate and rolls the assignment back before re-raising. The attribute write that would otherwise sneak the record into the consequential state leaves no trace.
from dataclasses import dataclass
from typing import Optional
from never_auto_act_guard import SignoffGatedRecord, SignoffRequired
@dataclass
class GatedAction(SignoffGatedRecord):
action_id: str
status: str # recommended | signed_off | applied | rolled_back
verbatim_response: Optional[str] = None
responsible_owner: Optional[str] = None
_gated_statuses = ("signed_off", "applied", "rolled_back")
def __post_init__(self): self._arm_signoff_gate()
rec = GatedAction("act-42", status="recommended") # advisory — fine
rec.status = "signed_off" # -> SignoffRequired; rec.status is STILL "recommended"The valuable, hard-to-fake part is the closed bypass window. Most "approval" checks validate at one moment — usually construction — and leave a wide-open hole: any later attribute write (record.status = "applied") can move the object into the consequential state without re-validating, and an automated pipeline will happily do exactly that. This guard overrides __setattr__ so a gated transition re-runs the sign-off check on every mutation and atomically rolls back the assignment on failure (via an _UNSET sentinel that distinguishes "never set" from "set to None"). The result is an invariant you can actually rely on: there is no in-process path — construction or mutation — by which a record reaches a consequential status without a substantive, human, verbatim authorization on file. That is the property auditors, regulators, and post-incident reviews ask for, and it is far cheaper to adopt as a primitive than to retrofit after an incident. See docs/MOAT.md.
pip install -e .Zero runtime dependencies — pure standard library, Python 3.9+.
SignoffGatedRecord— mixin; set_status_field,_gated_statuses,_required_signoff_fields, and call_arm_signoff_gate()at the end of__post_init__.signoff_gated(...)— dataclass decorator form; wires the gate automatically, no__post_init__needed.SignoffRequired— raised when a gated record is constructed or mutated without valid sign-off.DEFAULT_REQUIRED_SIGNOFF_FIELDS(verbatim_response+responsible_owner),DEFAULT_VERBATIM_MIN_LENGTH(50).
Full reference: docs/API.md. How to wire it into your system: docs/FORKING.md.
MIT — see LICENSE.
Powerweave Skunkworks is the AI R&D division of Powerweave Software Services — a rapid-innovation lab that turns real-world product feedback into working, reusable, open-source building blocks. Working in parallel to the main engineering backlog, a lean, cross-functional team of product and technology specialists (UX, data, software engineering, and AI) fast-tracks high-priority ideas into validated modules ready for full-scale build-out.
never-auto-act-guard is one such building block — a de-domained, MIT-licensed, dependency-light component extracted from Powerweave's internal R&D and engineered to be forked into any SaaS or enterprise product.
- 🧪 Powerweave Skunkworks on GitHub — https://github.com/skunkworks-powerweave
- 🌐 Powerweave — https://powerweave.com
- 💼 Powerweave on LinkedIn — https://www.linkedin.com/company/powerweave
Powerweave Software Services Pvt. Ltd. is a digital-transformation company founded in 2001 and headquartered in Mumbai, India. With 25+ years of experience, 1,700+ professionals, and 350+ global customers, Powerweave builds platforms, processes, and teams across enterprise eCommerce, AI-powered procurement, Microsoft Dynamics ERP, business services, and sustainability — with a strong focus on cutting-edge AI automation that streamlines workflows, reduces manual errors, and accelerates decision-making. Powerweave is ISO 27001:2013 certified.
Explore Powerweave
- 🌐 Website — https://powerweave.com
- 💼 LinkedIn — https://www.linkedin.com/company/powerweave
- 𝕏 Twitter / X — https://twitter.com/powerweave
▶️ YouTube — https://www.youtube.com/channel/UCE1t_rg38z4n5BAg29PDZFA- 📘 Facebook — https://www.facebook.com/PowerweaveSoftwareSolutions/
- 🛒 Enterprise eCommerce — https://www.powerweave.com/solutions/enterprise-ecommerce/
- 📦 AI-Powered Procurement — https://www.powerweave.com/solutions/procurement/
- 🧮 Microsoft Dynamics ERP — https://www.powerweave.com/solutions/microsoft-dynamics-erp/
- 🌱 Snowkap — Sustainability — https://www.snowkap.com/
- 🎨 Powerweave Studio — https://www.powerweavestudio.com/
- 🧑💼 About Us & Leadership — https://www.powerweave.com/about-us/
- 🚀 Careers — https://www.powerweave.com/careers/
Keywords: governance · signoff · guard · human-in-the-loop · dataclass · approval · safety · audit · Powerweave · Powerweave Skunkworks · AI R&D · open source · MIT · Python · forkable.