Metadata-Version: 2.4
Name: kevros-code
Version: 0.3.14
Summary: Governance MCP proxy for coding agents -- interposes Kevros verify/attest on every tool call.
Project-URL: Homepage, https://governance.taskhawktech.com
Project-URL: Documentation, https://docs.taskhawktech.com
Project-URL: Repository, https://github.com/taskhawk-systems/kevros
Author-email: TaskHawk Systems <governance@taskhawktech.com>
License: BSL-1.1
Keywords: ai-governance,code-agent,mcp,provenance,tool-proxy
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: Other/Proprietary License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.9
Requires-Dist: httpx>=0.24
Requires-Dist: kevros>=0.3.0
Description-Content-Type: text/markdown

# kevros-code

Governance MCP proxy for coding agents. Interposes Kevros `verify` and `attest` calls on every tool invocation, so every action a coding agent takes is cryptographically authorized before it executes and cryptographically recorded after.

## Why

Coding agents have root-equivalent blast radius on their target machine — they write files, run shell commands, install packages, push commits. A single untrusted action can exfiltrate secrets, corrupt source, or open a backdoor. Permission-before-power requires that every tool call be gated by a policy evaluation and recorded in an independently-verifiable audit chain. `kevros-code` is the thin proxy that sits between the agent and its tool layer to enforce that contract without changing the agent's code.

## Installation

```bash
pip install kevros-code
```

## Quick Start

```python
from kevros_code import GovernedMCPProxy

# Zero config — uses KEVROS_API_KEY env var or auto-signs up for the
# free tier (1,000 calls/month) on first use
proxy = GovernedMCPProxy(agent_id="coding-agent-001")

# Wrap a tool-call function. The proxy intercepts, verifies, and attests.
@proxy.governed_tool
def edit_file(path: str, content: str) -> dict:
    # Original tool implementation unchanged
    with open(path, "w") as f:
        f.write(content)
    return {"status": "ok", "path": path}

# Under the hood, every call to edit_file() now:
#   1. Calls verify() with {action: "edit_file", payload: {path, content}}
#   2. If the decision is ALLOW → executes the real tool, records attest()
#   3. If the decision is CONSTRAIN → clamps the payload and records attest()
#   4. If the decision is DENY → raises ToolBlockedByGovernance
```

## How it interposes

`kevros-code` is a passthrough proxy, not a replacement. The agent's tool code is unchanged; only the wrapper around it changes. The proxy:

1. **Normalizes the tool call** into a canonical request shape (action_type, payload, agent_id, context)
2. **Calls Kevros `verify`** to get a signed ALLOW / CONSTRAIN / DENY verdict
3. **On ALLOW**, forwards the call to the real tool and captures the result
4. **On CONSTRAIN**, clamps the payload (bounded fields only) and forwards
5. **On DENY**, raises `ToolBlockedByGovernance` — the agent sees a structured refusal, not a silent failure
6. **Records `attest()`** with the full context + decision + result for every call, producing a hash-chained provenance entry

The resulting audit trail can be verified independently by any auditor with the Kevros public key — no trust in the agent operator is required.

## MCP-native mode

If you're running the agent through an MCP (Model Context Protocol) transport, `kevros-code` can inject as an MCP middleware layer:

```python
from kevros_code.mcp_proxy import install_mcp_proxy

# Wraps every MCP tool call that passes through this server
install_mcp_proxy(
    server_name="my-coding-server",
    agent_id="coding-agent-001",
    policy_id="coding-agents-prod",
)
```

See `examples/mcp_proxy_example.py` in the source repo for a full working example.

## What you get

- **Cryptographic authorization** on every action — no action executes without a signed release token
- **Hash-chained provenance** — every action is recorded in an append-only, tamper-evident ledger
- **Dual post-quantum signatures** on attestation records (ML-DSA-87 FIPS 204 + SLH-DSA FIPS 205) so the audit trail remains verifiable against quantum-capable adversaries
- **Fail-closed** — if the governance layer is unreachable, the agent is blocked from acting; it never "defaults to allow"
- **Zero code change** in the agent itself beyond wrapping the tool calls

## Pricing

- **Free**: 1,000 governance calls per month, no credit card, auto-signup on first use
- **Starter** ($29/mo): 5,000 calls/month for individual developers
- **Professional** ($149/mo): 50,000 calls/month with priority support
- **Enterprise** ($499/mo): 500,000 calls/month with SLA and dedicated support

Higher-tier plans and Azure/AWS Marketplace Managed Application deployments are available at `https://marketplace.microsoft.com/en-us/marketplace/apps/taskhawk.kevros-ai-governance-gateway`.

## Documentation

- API reference: https://governance.taskhawktech.com/api
- Protocol spec: `docs/specs/` in the source repo
- Platform: https://www.taskhawktech.com/platform

## License

BSL-1.1 (Business Source License 1.1). Commercial use requires a license agreement with TaskHawk Systems, LLC. Contact sales@taskhawktech.com.

## Support

- GitHub Issues: https://github.com/taskhawk-systems/kevros/issues (private; request access)
- Email: support@taskhawktech.com
