Python SDK Reference
Package: mima-governance · Version: 0.3.x · Python: 3.9+
Client setup
Environment variables
Attestation
@mima.attest() — decorator
Wraps any function. Records input hash, output hash, and execution time.
Parameters
Works with async functions:
mima.push() — explicit attestation
Use when you already have input/output hashes (e.g. from a pipeline step).
mima.trace() — context manager
Capture hashes manually within the with block.
mima.batch() — buffered bulk push
Pre-approval gates
Block an AI action until a GRC manager approves it in the dashboard.
When token is an ApprovalToken, the decorator also pushes a human_oversight GRC record with oversight_status='approved', earning EUAIA_ART14.
Do not call require_approval() inside a web request handler — it holds the connection for up to timeout_seconds. Gate job submission instead.
GRC evidence methods
All 11 methods push to POST /api/workspaces/{ws}/governance/grc/evidence and return a GrcResult:
mima.ai_risk_assessment()
Records an AI system risk classification under EU AI Act Art. 9.
art5_self_assessment=True certifies the system does not engage in any Art. 5 prohibited practices. Never set without explicit human confirmation.
annex_iii_category must be one of:
biometric_identification, critical_infrastructure, education_vocational,
employment_management, essential_services, law_enforcement,
migration_border, justice_democratic, not_annex_iii
mima.model_evaluation()
mima.human_oversight()
mima.training_data_governance()
mima.incident_report()
mima.access_review()
mima.change_event()
mima.vendor_risk()
mima.policy_acknowledged()
mima.model_drift_event()
mima.governance_review()
Async client
Signing GRC records
Pass a 32-byte hex key to enable HMAC-SHA256 record signing:
Every GRC push includes client_sig and client_sig_algo: "hmac-sha256". Auditors can verify signatures using the canonical message format (see api-reference.md).
Framework integrations
LangChain
LlamaIndex
AutoGen
Error handling
Check for a failed push without raising:
