feat: RFC-005 Step 9 — PIP request builder types#46
Conversation
Add capiscio_sdk/pip.py with PIP request/response dataclasses for SDK consumers building custom PEP integrations: - PIPRequest, PIPResponse, Obligation (request/response types) - SubjectAttributes, ActionAttributes, ResourceAttributes, ContextAttributes, EnvironmentAttributes (attribute groups) - EnforcementMode enum with stricter_than() and from_env() - Constants: PIP_VERSION, DECISION_ALLOW, DECISION_DENY, DECISION_OBSERVE - Auto-populates txn_id (UUID v7/v4) and environment.time (ISO 8601) - Envelope fields serialize as JSON null (not absent) in badge-only mode RFC-005 Step 9 implementation. 44 unit tests, full serialization roundtrip coverage.
|
✅ Documentation validation passed!
|
|
✅ All checks passed! Ready for review. |
There was a problem hiding this comment.
Pull request overview
Adds RFC-005 “PDP Integration Profile” (PIP) request/response builder types to the Python SDK so SDK consumers can construct decision requests and interpret PDP responses without pulling in enforcement/client logic.
Changes:
- Introduces
capiscio_sdk/pip.pywith dataclass-based PIP request/response types, constants, andEnforcementModehelpers. - Re-exports the new PIP types/constants from
capiscio_sdk/__init__.pyfor top-level SDK consumption. - Adds a comprehensive unit test suite for serialization, env parsing, ordering, and roundtrips.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| capiscio_sdk/pip.py | New PIP dataclasses/constants and EnforcementMode utilities for RFC-005 requests/responses. |
| capiscio_sdk/init.py | Re-exports PIP types/constants as part of the public SDK surface. |
| tests/unit/test_pip.py | Unit tests validating PIP serialization/roundtrip behavior and enforcement mode parsing/order. |
|
✅ SDK server contract tests passed (test_server_integration.py). Cross-product scenarios are validated in capiscio-e2e-tests. |
Accept Union[str, EnforcementMode] for enforcement_mode and normalize to string value in __post_init__. This prevents json.dumps() failures when callers pass EnforcementMode.from_env() directly. Addresses PR review feedback.
|
✅ Documentation validation passed!
|
|
✅ All checks passed! Ready for review. |
|
✅ SDK server contract tests passed (test_server_integration.py). Cross-product scenarios are validated in capiscio-e2e-tests. |
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
Summary
RFC-005 Step 9: Add PIP (PDP Integration Profile) request builder types for SDK consumers building custom PEP integrations.
What's New
New file
capiscio_sdk/pip.pywith:Request Types (RFC-005 §5)
PIPRequest— top-level decision request containerSubjectAttributes— agent identity (DID, badge_jti, IAL, trust_level)ActionAttributes— operation + capability_class (null in badge-only mode)ResourceAttributes— target resource identifierContextAttributes— txn_id, enforcement_mode, envelope fields (null until RFC-008)EnvironmentAttributes— workspace, pep_id, timestampResponse Types (RFC-005 §6)
PIPResponse— decision, decision_id, obligations, reason, TTLObligation— type + params withfrom_dict()/to_dict()roundtripEnforcement Mode
EnforcementModeenum: OBSERVE, GUARD, DELEGATE, STRICTstricter_than()comparison following RFC-008 §10.5 total orderfrom_env()readsCAPISCIO_ENFORCEMENT_MODE(defaults to OBSERVE)Constants
PIP_VERSION = "capiscio.pip.v1"DECISION_ALLOW,DECISION_DENY,DECISION_OBSERVEDesign Decisions
badge.py,connect.pynull, not absent — per RFC-005 §5.1Obligation.paramsvalidated asdictinfrom_dict()(non-dict dropped to None)Tests
44 unit tests covering:
Full unit suite: 392 pass, 10 pre-existing failures (unrelated modules).
RFC Reference
capiscio-rfcs/docs/005-policy-definition-distribution-enforcement.md§5, §6, §7.1Implementation guide:
internal-docs/engineering/rfc005-pip-implementation-guide.mdv1.5, Step 9