spanforge.types

Namespaced event type registry and custom type validation helpers.

EventType

class EventType(str, Enum)

Exhaustive registry of all first-party SPANFORGE event types.

EventType is a str subclass, so values can be compared directly with plain strings, used as dict keys, and serialised without conversion:

assert EventType.TRACE_SPAN_COMPLETED == "llm.trace.span.completed"

Each member also carries .namespace and .description properties.

Properties

namespace -> str

The llm.<ns> namespace prefix for this event type.

EventType.TRACE_SPAN_COMPLETED.namespace  # "llm.trace"

description -> str

A one-line human-readable description of this event type.

Members

llm.diff.*

MemberString valueDescription
DIFF_COMPUTEDllm.diff.computedA textual or semantic diff was computed between two events.
DIFF_REGRESSION_FLAGGEDllm.diff.regression.flaggedA diff computation exceeded the regression similarity threshold.

llm.prompt.*

MemberString valueDescription
PROMPT_RENDEREDllm.prompt.renderedA prompt template was instantiated with variable values.
PROMPT_TEMPLATE_LOADEDllm.prompt.template.loadedA prompt template was loaded from the registry.
PROMPT_VERSION_CHANGEDllm.prompt.version.changedThe active version of a prompt template was updated.

llm.template.*

MemberString valueDescription
TEMPLATE_REGISTEREDllm.template.registeredA new template or version was added to the registry.
TEMPLATE_VARIABLE_BOUNDllm.template.variable.boundA variable was bound to a template for a specific rendering.
TEMPLATE_VALIDATION_FAILEDllm.template.validation.failedA template could not be loaded or rendered due to validation errors.

llm.trace.*

MemberString valueDescription
TRACE_SPAN_STARTEDllm.trace.span.startedA new LLM call/tool-execution span was opened.
TRACE_SPAN_COMPLETEDllm.trace.span.completedA span completed successfully.
TRACE_SPAN_FAILEDllm.trace.span.failedA span terminated with an error or timeout.
TRACE_AGENT_STEPllm.trace.agent.stepOne iteration of a multi-step agent loop.
TRACE_AGENT_COMPLETEDllm.trace.agent.completedA multi-step agent run resolved.
TRACE_REASONING_STEPllm.trace.reasoning.stepOne chain-of-thought reasoning step (v2.0+).

llm.cost.*

MemberString valueDescription
COST_TOKEN_RECORDEDllm.cost.token.recordedPer-call token cost recorded.
COST_SESSION_RECORDEDllm.cost.session.recordedSession-level cost rollup recorded.
COST_ATTRIBUTEDllm.cost.attributedCost attributed to a feature, team, or budget centre.

llm.eval.*

MemberString valueDescription
EVAL_SCORE_RECORDEDllm.eval.score.recordedA quality score was attached to a span or agent run.
EVAL_REGRESSION_DETECTEDllm.eval.regression.detectedA quality regression relative to baseline was detected.
EVAL_SCENARIO_STARTEDllm.eval.scenario.startedAn evaluation scenario run started.
EVAL_SCENARIO_COMPLETEDllm.eval.scenario.completedAn evaluation scenario run completed.

llm.guard.*

MemberString valueDescription
GUARD_INPUT_BLOCKEDllm.guard.input.blockedA model input was blocked by the safety classifier.
GUARD_INPUT_PASSEDllm.guard.input.passedA model input passed the safety classifier.
GUARD_OUTPUT_BLOCKEDllm.guard.output.blockedA model output was blocked by the safety classifier.
GUARD_OUTPUT_PASSEDllm.guard.output.passedA model output passed the safety classifier.

llm.redact.*

MemberString valueDescription
REDACT_PII_DETECTEDllm.redact.pii.detectedPII categories were found in one or more event fields.
REDACT_PHI_DETECTEDllm.redact.phi.detectedPHI categories (HIPAA-regulated) were found.
REDACT_APPLIEDllm.redact.appliedA RedactionPolicy was applied; sensitive values replaced.

llm.fence.*

MemberString valueDescription
FENCE_VALIDATEDllm.fence.validatedModel output passed all structural constraint checks.
FENCE_RETRY_TRIGGEREDllm.fence.retry.triggeredModel output failed schema validation; retry initiated.
FENCE_MAX_RETRIES_EXCEEDEDllm.fence.max_retries.exceededAll retry attempts exhausted without conforming output.

llm.audit.*

MemberString valueDescription
AUDIT_KEY_ROTATEDllm.audit.key.rotatedThe HMAC signing key was rotated (RFC-0001 §11.5).

consent.*

MemberString valueDescription
CONSENT_GRANTEDconsent.grantedData-subject consent was recorded.
CONSENT_REVOKEDconsent.revokedPreviously granted consent was withdrawn.
CONSENT_VIOLATIONconsent.violationProcessing occurred without valid consent.

hitl.*

MemberString valueDescription
HITL_QUEUEDhitl.queuedA decision was queued for human review.
HITL_REVIEWEDhitl.reviewedA human reviewer completed their review.
HITL_ESCALATEDhitl.escalatedA decision was escalated to a higher review tier.
HITL_TIMEOUThitl.timeoutA human-review SLA expired without resolution.

model_registry.*

MemberString valueDescription
MODEL_REGISTRY_REGISTEREDmodel_registry.registeredA model was registered in the governance registry.
MODEL_REGISTRY_DEPRECATEDmodel_registry.deprecatedA registered model was marked as deprecated.
MODEL_REGISTRY_RETIREDmodel_registry.retiredA model was fully decommissioned.

explanation.*

MemberString valueDescription
EXPLANATION_GENERATEDexplanation.generatedAn explainability record was generated for a decision.

llm.cache.*

MemberString valueDescription
CACHE_HITllm.cache.hitSemantic cache returned a cached result without a new model call.
CACHE_MISSllm.cache.missSemantic cache lookup found no matching entry.
CACHE_EVICTEDllm.cache.evictedA cache entry was evicted (TTL, LRU, or manual invalidation).
CACHE_WRITTENllm.cache.writtenA new entry was written to the semantic cache.

Module-level functions

is_registered(event_type: str) -> bool

Return True if event_type is a registered first-party EventType value.

from spanforge.types import is_registered

is_registered("llm.trace.span.completed")  # True
is_registered("x.my-org.custom.event")      # False

Args:

ParameterTypeDescription
event_typestrEvent type string to look up.

Returns: bool

namespace_of(event_type: str) -> str

Return the llm.<tool> namespace of a registered event type.

Args:

ParameterTypeDescription
event_typestrA registered event type string.

Returns: str — the namespace prefix (e.g. "llm.trace").

Raises: EventTypeError — if event_type does not match the expected pattern.

validate_custom(event_type: str) -> None

Validate a custom (third-party) event type string.

Custom event types must use a reverse-domain prefix (e.g. com.example.<…>).

Args:

ParameterTypeDescription
event_typestrCustom event type string to validate.

Raises: EventTypeError — if event_type does not match the required pattern or claims a reserved llm.* namespace.

get_by_value(value: str) -> Optional[EventType]

Look up an EventType by its string value.

Returns None instead of raising if the value is not found.

Args:

ParameterTypeDescription
valuestrEvent type string value to look up.

Returns: EventType | None

Constants

EVENT_TYPE_PATTERN: str

Regex pattern that all valid event type strings (registered and custom) must match:

^(?:llm\.[a-z][a-z0-9_]*(?:\.[a-z][a-z0-9_]*){1,3}|[a-z][a-z0-9-]*(?:\.[a-z][a-z0-9-]*){2,}\.[a-z][a-z0-9_]*)$
  • validate_custom() — validate a custom reverse-domain event type string (e.g. com.example.<…>)
  • namespace_of() — return the namespace prefix of a given event type string

SDK Types — spanforge.sdk._types

Phase 11 introduces the following dataclass types used by SFEnterpriseClient and SFSecurityClient.

Enterprise types

TypeFieldsDescription
DataResidencyEU, US, AP, IN, GLOBAL (class constants); is_valid(value) → boolData residency region constants (ENT-004 / ENT-005).
IsolationScopeorg_id: str, project_id: strComposite key for namespace isolation (ENT-002).
TenantConfigproject_id: str, org_id: str, data_residency: str = "global", org_secret: str = "", cross_project_read: bool = False, allowed_project_ids: list[str] = []Per-project multi-tenancy configuration (ENT-001 through ENT-005).
EncryptionConfigencrypt_at_rest: bool = False, `kms_provider: strNone = None, mtls_enabled: bool = False, tls_cert_path: str = "", tls_key_path: str = "", tls_ca_path: str = "", fips_mode: bool = False`
AirGapConfigoffline: bool = False, self_hosted: bool = False, compose_file: str = "docker-compose.yml", helm_release_name: str = "spanforge", health_check_interval_s: int = 30Air-gap and self-hosted configuration (ENT-020 through ENT-023).
HealthEndpointResultservice: str, endpoint: str, status: int, ok: bool, latency_ms: float, checked_at: strResult from a container health probe (ENT-023).
EnterpriseStatusInfostatus: str, multi_tenancy_enabled: bool = False, encryption_at_rest: bool = False, fips_mode: bool = False, offline_mode: bool = False, data_residency: str = "global", tenant_count: int = 0, `last_security_scan: strNone = None`

Security types

TypeFieldsDescription
DependencyVulnerabilitypackage: str, version: str, advisory_id: str, severity: str, description: str, fix_version: str = ""A single dependency vulnerability finding (ENT-033).
StaticAnalysisFindingtool: str, rule_id: str, severity: str, file_path: str, line: int, message: strA single static analysis finding (ENT-034).
ThreatModelEntryservice: str, category: str, threat: str, mitigation: str, risk_level: str, reviewed_at: strA STRIDE threat model entry (ENT-031).
SecurityScanResultdependencies: list, static_analysis: list, secrets_in_logs: int, pass_: bool, scanned_at: strCombined dependency + static scan results (ENT-033 / ENT-034).
SecurityAuditResultcategories: dict[str, dict[str, str]], pass_: bool, audited_at: str, threat_model: list[ThreatModelEntry] = []OWASP API Security Top 10 audit result (ENT-030).

Import

from spanforge.sdk._types import (
    DataResidency,
    IsolationScope,
    TenantConfig,
    EncryptionConfig,
    AirGapConfig,
    HealthEndpointResult,
    EnterpriseStatusInfo,
    DependencyVulnerability,
    StaticAnalysisFinding,
    ThreatModelEntry,
    SecurityScanResult,
    SecurityAuditResult,
)