Metadata-Version: 2.4
Name: kevros-agent-framework
Version: 0.1.4
Summary: Kevros Governance Middleware for Microsoft Agent Framework — cryptographic authorization, intent binding, and hash-chained provenance for AI agents.
Project-URL: Homepage, https://taskhawktech.com
Project-URL: Governance Gateway, https://governance.taskhawktech.com
Project-URL: Agent Card, https://governance.taskhawktech.com/.well-known/agent.json
Author-email: TaskHawk Systems <governance@taskhawktech.com>
License: BSL-1.1
Requires-Python: >=3.10
Requires-Dist: agent-framework>=1.0.0b251001
Requires-Dist: httpx>=0.27.0
Requires-Dist: pydantic>=2.0.0
Provides-Extra: dev
Requires-Dist: opentelemetry-semantic-conventions-ai==0.4.1; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Requires-Dist: respx>=0.21; extra == 'dev'
Provides-Extra: embedded
Requires-Dist: kevros>=0.3.1; extra == 'embedded'
Description-Content-Type: text/markdown

# Kevros Governance Middleware for Microsoft Agent Framework

Cryptographic authorization, intent binding, and hash-chained provenance for AI agents built on the [Microsoft Agent Framework](https://github.com/microsoft/agent-framework).

## Install

```bash
pip install kevros-agent-framework
```

## Quick Start

```python
from kevros_agent_framework import (
    KevrosGovernanceMiddleware,
    KevrosFunctionMiddleware,
    KevrosConfig,
    KevrosGovernanceClient,
)
from agent_framework import Agent

# Configure -- API key auto-provisions on first use if omitted
config = KevrosConfig(api_key="kvrs_...")
client = KevrosGovernanceClient(config)

# Attach both middleware types, sharing a single client
agent = Agent(
    client=chat_client,
    name="governed-assistant",
    instructions="You are a helpful assistant.",
    middleware=[
        KevrosGovernanceMiddleware(config=config, client=client),
        KevrosFunctionMiddleware(config=config, client=client),
    ],
)
```

## What It Does

Every agent invocation and tool call is cryptographically governed:

- **Precision decisioning** -- Each agent run is verified against governance policy (ALLOW / CLAMP / DENY) with an HMAC-signed release token
- **Intent binding** -- Each function call gets a cryptographic intent-to-command binding before execution
- **Hash-chained provenance** -- Every decision is logged to an append-only, tamper-evident ledger
- **Outcome verification** -- Confirm the executed action achieved its declared intent, closing the governance loop
- **Compliance bundling** -- Generate certifier-grade evidence packages on demand, independently verifiable

## Comparison with Purview Policy Middleware

| Aspect | Purview | Kevros |
|--------|---------|--------|
| Purpose | Content-level DLP (redact PII, block topics) | Cryptographic authorization + audit evidence |
| Proof | None (rule-based decision) | HMAC release tokens, hash-chained provenance |
| Scope | Message content filtering | Action authorization, intent binding, provenance |
| Relationship | Complementary | Complementary |

Use both: Purview for content safety, Kevros for authorization and evidence.

## Links

- [Kevros Governance Gateway](https://governance.taskhawktech.com)
- [Agent Card](https://governance.taskhawktech.com/.well-known/agent.json)
- [Website](https://taskhawktech.com)

## License

BSL-1.1 -- See LICENSE for details.
