feat(pep): decide → fulfill → forward Decision Mode PEP (#2571)

.lint_baselines/falsey_clobber.json

@@ -22,24 +22,24 @@
     "axonflow/adapters/tool_wrapper.py:190:20",
     "axonflow/adapters/tool_wrapper.py:208:20",
     "axonflow/adapters/tool_wrapper.py:220:20",
-    "axonflow/client.py:1104:16",
-    "axonflow/client.py:1181:16",
-    "axonflow/client.py:1653:37",
-    "axonflow/client.py:1694:18",
-    "axonflow/client.py:1752:37",
-    "axonflow/client.py:2270:24",
-    "axonflow/client.py:2291:33",
-    "axonflow/client.py:2292:31",
-    "axonflow/client.py:2304:25",
-    "axonflow/client.py:2365:28",
-    "axonflow/client.py:2406:69",
-    "axonflow/client.py:293:14",
-    "axonflow/client.py:298:24",
-    "axonflow/client.py:299:20",
-    "axonflow/client.py:522:44",
-    "axonflow/client.py:6284:25",
-    "axonflow/client.py:838:20",
-    "axonflow/client.py:924:20",
+    "axonflow/client.py:1111:16",
+    "axonflow/client.py:1188:16",
+    "axonflow/client.py:1669:37",
+    "axonflow/client.py:1710:18",
+    "axonflow/client.py:1768:37",
+    "axonflow/client.py:2286:24",
+    "axonflow/client.py:2307:33",
+    "axonflow/client.py:2308:31",
+    "axonflow/client.py:2320:25",
+    "axonflow/client.py:2381:28",
+    "axonflow/client.py:2422:69",
+    "axonflow/client.py:300:14",
+    "axonflow/client.py:305:24",
+    "axonflow/client.py:306:20",
+    "axonflow/client.py:529:44",
+    "axonflow/client.py:6463:25",
+    "axonflow/client.py:845:20",
+    "axonflow/client.py:931:20",
     "axonflow/execution.py:205:19",
     "axonflow/interceptors/anthropic.py:134:43",
     "axonflow/interceptors/anthropic.py:161:43",

CHANGELOG.md

@@ -9,6 +9,55 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  and tag v{X.Y.Z}. The release workflow's preflight checks the section
  header matches the tag. -->
 
+## [8.5.0] - 2026-06-09 — Decision Mode PEP: decide → fulfill → forward
+
+Adds the SDK analog of the platform PEP client (`platform/shared/pep`,
+ADR-056, epic #2563). A Policy Enforcement Point now follows one path —
+**decide → fulfill → forward** — and the SDK makes the engine-fulfillable
+obligation contract impossible to misuse: there is **no local redaction
+path**, so a `redact_pii` obligation can only be discharged by round-tripping
+content through the engine endpoint the obligation names.
+
+### Added
+
+- **`AxonFlow.decide(DecideRequest)` / `SyncAxonFlow.decide`** — the PDP step.
+  `POST /api/v1/decide` returns a `DecideResponse` whose `obligations` is a
+  list of self-describing `Obligation`s. Decision Mode auth is HTTP Basic
+  (org:license), which the client already sends; wrong/demo credentials are
+  refused with `AuthenticationError`.
+- **`AxonFlow.fulfill_request(decision, statement)`** — discharges every
+  request-phase `redact_pii` obligation by POSTing the statement to the
+  engine's `check-input` endpoint and returning the **engine-redacted**
+  statement. Fails closed with `ObligationNotFulfillableError` when an
+  obligation names no request-phase fulfillment, advertises a content-type the
+  PEP is not holding, names an endpoint the client will not call, the engine
+  call fails, or the engine reports `redaction_evaluated=false`. Never redacts
+  locally.
+- **`AxonFlow.decide_and_fulfill(DecideRequest)`** — the blessed one-call path
+  (decide, then fulfill any request-phase obligation); fail-closed by
+  construction.
+- **New types**: `DecideRequest`, `DecideResponse`, `Obligation`,
+  `ObligationFulfillment`, `DecisionCallerIdentity`, `DecisionTarget`.
+- **New exception**: `ObligationNotFulfillableError` (a fail-closed signal).
+- **PEP constants** + `has_request_redaction(obligations)` helper
+  (`OBLIGATION_REDACT_PII`, `PHASE_REQUEST`/`PHASE_RESPONSE`,
+  `CONTENT_TYPE_TEXT`, `VERDICT_ALLOW`/`VERDICT_DENY`/`VERDICT_NEEDS_APPROVAL`,
+  endpoint-path constants).
+- **`redacted` / `redacted_statement` / `redaction_evaluated` on
+  `MCPCheckInputResponse`** and **`redaction_evaluated` on
+  `MCPCheckOutputResponse`** — the request-redaction contract fields the agent
+  emits (ADR-056). A PEP fulfilling an obligation fails closed when
+  `redaction_evaluated` is false.
+- **`content_type` on `MCPCheckInputRequest` / `mcp_check_input(...)`** —
+  selects the request-redaction detector (defaults to `text/plain`).
+
+### Notes
+
+- SDK semver is decoupled from the platform: this is a **minor** bump from
+  8.4.0 (purely additive, optional fields backward-compatible with older
+  platforms). The wire-shape baseline records the new fields as an
+  acknowledged SDK superset pending the OpenAPI spec catching up.
+
 ## [8.4.0] - 2026-05-30 — Decision request context + Pasal 56(b) transfer basis
 
 Targets AxonFlow platform **v8.5.0**.

axonflow/__init__.py

@@ -60,6 +60,7 @@
     ConnectionError,
     ConnectorError,
     IdempotencyKeyMismatchError,
+    ObligationNotFulfillableError,
     PlanExecutionError,
     PolicyViolationError,
     RateLimitError,
@@ -104,6 +105,19 @@
     RegistrySummary,
     SystemStatus,
 )
+from axonflow.pep import (
+    CONTENT_TYPE_TEXT,
+    DECIDE_PATH,
+    OBLIGATION_REDACT_PII,
+    PHASE_REQUEST,
+    PHASE_RESPONSE,
+    REQUEST_REDACTION_PATH,
+    RESPONSE_REDACTION_PATH,
+    VERDICT_ALLOW,
+    VERDICT_DENY,
+    VERDICT_NEEDS_APPROVAL,
+    has_request_redaction,
+)
 from axonflow.policies import (
     CreateDynamicPolicyRequest,
     CreatePolicyOverrideRequest,
@@ -171,6 +185,10 @@
     ConnectorPolicyInfo,
     ConnectorResponse,
     CreateBudgetRequest,
+    DecideRequest,
+    DecideResponse,
+    DecisionCallerIdentity,
+    DecisionTarget,
     DynamicPolicyInfo,
     DynamicPolicyMatch,
     ExecutionDetail,
@@ -204,6 +222,8 @@
     MediaGovernanceStatus,
     Mode,
     ModelPricing,
+    Obligation,
+    ObligationFulfillment,
     PaginationMeta,
     PlanExecutionResponse,
     PlanResponse,
@@ -312,6 +332,25 @@
     "MCPCheckInputResponse",
     "MCPCheckOutputRequest",
     "MCPCheckOutputResponse",
+    # Decision Mode PEP contract (ADR-056, #2563)
+    "DecideRequest",
+    "DecideResponse",
+    "DecisionCallerIdentity",
+    "DecisionTarget",
+    "Obligation",
+    "ObligationFulfillment",
+    "ObligationNotFulfillableError",
+    "OBLIGATION_REDACT_PII",
+    "PHASE_REQUEST",
+    "PHASE_RESPONSE",
+    "CONTENT_TYPE_TEXT",
+    "VERDICT_ALLOW",
+    "VERDICT_DENY",
+    "VERDICT_NEEDS_APPROVAL",
+    "DECIDE_PATH",
+    "REQUEST_REDACTION_PATH",
+    "RESPONSE_REDACTION_PATH",
+    "has_request_redaction",
     # Planning types
     "PlanStep",
     "PlanResponse",

axonflow/_version.py

@@ -1,3 +1,3 @@
 """Single source of truth for the AxonFlow SDK version."""
 
-__version__ = "8.4.0"
+__version__ = "8.5.0"