API Reference
Auto-generated documentation for all public EnforceCore APIs.
EnforceCore exports 63 core symbols (Tier 1) in __all__.
An additional ~80 advanced symbols (Tier 2) remain importable from the
top-level package for backwards compatibility, but emit a
DeprecationWarning — use submodule imports instead.
!!! tip "Import convention" ```python # ✅ Tier 1 — stable, no warning from enforcecore import enforce, Enforcer, Policy, Redactor, Auditor
# ✅ Tier 2 — stable via submodule
from enforcecore.plugins.hooks import on_pre_call, on_violation
from enforcecore.auditor.backends import JsonlBackend
# ⚠️ Deprecated — emits DeprecationWarning
from enforcecore import JsonlBackend # will be removed in v2.0.0
```Core
The enforcement engine and policy system.
| Module | Description |
|---|---|
| Enforcer | Central coordinator — @enforce() decorator and Enforcer class |
| Policy | Policy models, engine, and YAML loading |
| Types | Shared types, exceptions, enums, and dataclasses |
| Rules | Content rule engine for argument-level inspection |
| Hardening | Input validation, size checks, enforcement depth tracking |
| Config | Global settings via environment variables |
Redactor
PII detection and redaction pipeline.
| Module | Description |
|---|---|
| Engine | PII detection engine with configurable strategies |
| Patterns | Custom pattern registry for domain-specific PII |
| Secrets | API key, token, and credential detection (11 categories) |
| Unicode | Homoglyph normalization and encoded PII decoding |
Auditor
Tamper-proof audit trail system.
| Module | Description |
|---|---|
| Engine | Merkle-chained audit writer and verifier |
| Backends | Pluggable storage backends (JSONL, callback, multi) |
| Rotation | Size-based rotation, retention, and compression |
| Witness | Hash-only remote witnesses for tamper detection |
| Immutable | OS-enforced append-only file protection |
Guard
Resource enforcement and rate limiting.
| Module | Description |
|---|---|
| Engine | Resource guard, cost tracker, and kill switch |
| Network | Domain allow/deny enforcement |
| Rate Limiter | Sliding-window rate limiting |
Plugins
Extensibility hooks, plugin SDK, and integrations.
| Module | Description |
|---|---|
| Plugin Base | GuardPlugin, RedactorPlugin, AuditBackendPlugin ABCs and dataclasses |
| Plugin Manager | Entry-point discovery and loading (PluginManager, PluginLoadError) |
| Hooks | Lifecycle hook registry (pre-call, post-call, violation, redaction) |
| Webhooks | HTTP webhook dispatcher for enforcement events |
Compliance
Compliance reporting and regulatory exports.
| Module | Description |
|---|---|
| Reporter | ComplianceReporter — EU AI Act, SOC2, GDPR export engine |
| Types | ComplianceFormat, CompliancePeriod, ComplianceReport, ComplianceError |
Sandbox
Subprocess isolation and resource containment.
| Module | Description |
|---|---|
| Runner | SubprocessSandbox — sandboxed process execution |
| Config | SandboxConfig, SandboxStrategy |
| Errors | SandboxTimeoutError, SandboxMemoryError, SandboxViolationError |
Sensitivity
Data classification and sensitivity enforcement.
| Module | Description |
|---|---|
| Sensitivity | SensitivityEnforcer, SensitivityLabel, NER-based classification |
Telemetry
Observability and metrics.
| Module | Description |
|---|---|
| Instrumentor | OpenTelemetry auto-instrumentor |
| Metrics | In-process metrics collector |
Other
| Module | Description |
|---|---|
| Integrations | Framework adapters (LangGraph, CrewAI, AutoGen) |
| Evaluation | Adversarial scenarios and benchmark runner |