Constitutional AI governance for agents — enforce rules, audit decisions, MACI role separation, formal verification, and 18-framework compliance coverage.
Project description
ACGS-Lite: Constitutional AI Governance for Agents
The missing safety layer between your LLM and production.
acgs-lite is a deterministic governance engine for AI agents. Define rules in YAML, enforce them at runtime with MACI role separation, and prove compliance with tamper-evident audit trails. Every action is validated before it executes — violations are blocked, not just logged.
🚀 5-Line Quickstart
from acgs_lite import Constitution, GovernedAgent
constitution = Constitution.from_yaml("constitution.yaml")
agent = GovernedAgent(my_llm_agent, constitution=constitution)
result = agent.run("Process this high-risk transaction")
Rules in YAML (constitution.yaml):
constitutional_hash: "608508a9bd224290"
rules:
- id: no-pii
pattern: "SSN|social security|passport number"
severity: CRITICAL
description: Block PII exposure
- id: no-destructive
pattern: "delete|drop table|rm -rf"
severity: HIGH
description: Block destructive operations
- id: require-approval
pattern: "transfer|payment|wire"
severity: HIGH
description: Financial actions require human approval
📦 Installation
pip install acgs-lite
With framework integrations:
pip install "acgs-lite[openai]" # OpenAI
pip install "acgs-lite[anthropic]" # Anthropic Claude
pip install "acgs-lite[langchain]" # LangChain / LangGraph
pip install "acgs-lite[mcp]" # Model Context Protocol server
pip install "acgs-lite[autogen]" # AutoGen / AG2
pip install "acgs-lite[a2a]" # Google A2A protocol
pip install "acgs-lite[all]" # All integrations
🛡️ Core Concepts
Governance Engine
The GovernanceEngine sits between your agent and its tools. Every action passes through it before execution. Matching rules block or flag the action; the result is an immutable ValidationResult.
from acgs_lite import Constitution, GovernanceEngine, Rule, Severity
constitution = Constitution.from_rules([
Rule(id="no-pii", pattern=r"SSN|\bpassport\b", severity=Severity.CRITICAL),
Rule(id="no-delete", pattern=r"\bdelete\b|\bdrop\b", severity=Severity.HIGH),
])
engine = GovernanceEngine(constitution)
result = engine.validate("summarize the quarterly report", agent_id="analyst-01")
if not result.valid:
for v in result.violations:
print(f"[{v.severity}] {v.rule_id}: {v.description}")
MACI — Separation of Powers
MACI prevents a single agent from proposing, validating, and executing the same action:
from acgs_lite import MACIEnforcer, MACIRole
enforcer = MACIEnforcer()
# Assign roles
enforcer.assign(agent_id="planner", role=MACIRole.PROPOSER)
enforcer.assign(agent_id="reviewer", role=MACIRole.VALIDATOR)
enforcer.assign(agent_id="executor", role=MACIRole.EXECUTOR)
# Proposer creates; Validator checks; Executor runs — never the same agent
proposal = enforcer.propose("planner", action="deploy v2.1 to production")
approval = enforcer.validate("reviewer", proposal)
enforcer.execute("executor", approval)
Tamper-Evident Audit Trail
Every governance decision is written to an append-only, SHA-256-chained log:
from acgs_lite import AuditLog
log = AuditLog()
engine = GovernanceEngine(constitution, audit_log=log)
engine.validate("send email to user@example.com", agent_id="mailer")
for entry in log.entries():
print(entry.id, entry.valid, entry.constitutional_hash)
# Verify chain integrity
assert log.verify_chain(), "Audit log tampered!"
GovernedAgent — Drop-in Wrapper
from acgs_lite import Constitution, GovernedAgent
@GovernedAgent.decorate(constitution=constitution, agent_id="summarizer")
def summarize(text: str) -> str:
return my_llm.complete(f"Summarize: {text}")
# Raises ConstitutionalViolationError if text contains violations
result = summarize("Q4 revenue was $4.2M")
🌐 Integrations
OpenAI
from acgs_lite.integrations.openai import GovernedOpenAI
from openai import OpenAI
client = GovernedOpenAI(OpenAI(), constitution=constitution)
response = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Analyze the contract"}],
)
Anthropic Claude
from acgs_lite.integrations.anthropic import GovernedAnthropic
import anthropic
client = GovernedAnthropic(anthropic.Anthropic(), constitution=constitution)
message = client.messages.create(
model="claude-opus-4-5",
max_tokens=1024,
messages=[{"role": "user", "content": "Review this code"}],
)
LangChain
from acgs_lite.integrations.langchain import GovernanceRunnable
from langchain_openai import ChatOpenAI
governed_llm = GovernanceRunnable(
ChatOpenAI(model="gpt-4o"),
constitution=constitution,
)
result = governed_llm.invoke("Translate this document")
MCP Server
Start a governance server that any MCP-compatible agent can query:
acgs serve --host 0.0.0.0 --port 8080
from acgs_lite.integrations.mcp_server import create_mcp_server
app = create_mcp_server(constitution=constitution)
📋 Compliance Coverage
ACGS maps governance controls to 18 regulatory frameworks. Run acgs assess to generate a compliance report:
acgs assess --framework eu-ai-act --output report.pdf
| Framework | Coverage | Key Controls |
|---|---|---|
| EU AI Act (High-Risk) | Art. 9, 10, 13, 14, 17 | Risk management, human oversight, transparency |
| NIST AI RMF | 7 / 16 functions | Govern, Map, Measure, Manage |
| SOC 2 + AI | 10 / 16 criteria | CC6, CC7, CC9 trust service criteria |
| HIPAA + AI | 9 / 15 safeguards | PHI detection, access controls, audit controls |
| GDPR Art. 22 | 10 / 12 requirements | Automated decision-making, right to explanation |
| CCPA / CPRA | 8 / 10 rights | Opt-out, data minimisation, transparency |
| ISO 42001 | Clause 6, 8, 9, 10 | AI management system controls |
| OWASP LLM Top 10 | 9 / 10 risks | Prompt injection, insecure output, data poisoning |
🔬 Advanced: Formal Verification
For the highest-risk scenarios, ACGS supports mathematical proof of safety properties.
Z3 SMT Solver
from acgs_lite.integrations.z3_verifier import Z3ConstraintVerifier
verifier = Z3ConstraintVerifier()
result = verifier.verify(
action="transfer $50,000 to external account",
constraints=["amount <= 10000", "recipient in approved_list"],
)
print(result.satisfiable, result.counterexample)
Lean 4 Proof Certificates (Leanstral)
from acgs_lite import LeanstralVerifier
verifier = LeanstralVerifier() # requires mistralai extra
certificate = await verifier.verify(
property="∀ action : Action, action.amount ≤ 10000",
context={"action": "transfer $5,000"},
)
print(certificate.kernel_verified) # True only if Lean kernel accepted proof
print(certificate.to_audit_dict()) # attach to AuditEntry
⚡ Performance
| Operation | Latency | Notes |
|---|---|---|
| Rule validation (Python) | < 1 ms | Aho-Corasick multi-pattern |
| Rule validation (Rust) | ~560 ns | Optional Rust extension |
| Engine batch (100 rules) | ~2 ms | Parallel severity evaluation |
| Audit write (JSONL) | ~50 µs | Append-only, SHA-256 chained |
| Compliance report | < 500 ms | 18 frameworks, cached |
🖥️ CLI
# Validate a single action
acgs validate "send email to user@corp.com" --constitution rules.yaml
# Run governance status check
acgs status
# Generate compliance report
acgs assess --framework hipaa --output hipaa_report.pdf
# Audit log inspection
acgs audit --tail 20
acgs audit --verify-chain
# Start MCP governance server
acgs serve --port 8080
# EU AI Act Art. 14(3) kill switch
acgs halt --agent-id agent-01 --reason "anomalous behaviour detected"
acgs resume --agent-id agent-01
📖 Documentation
| Guide | Description |
|---|---|
| Quickstart | Up and running in 5 minutes |
| Architecture | Engine internals, MACI deep dive |
| Integrations | OpenAI, Anthropic, LangChain, MCP, A2A |
| Compliance | 18-framework regulatory mapping |
| CLI Reference | Full command reference |
| Why Governance? | The case for deterministic guardrails |
| OWASP LLM Top 10 | ACGS coverage of each risk |
| Testing Guide | Testing governed agents |
🤝 Contributing
We welcome contributions! See CONTRIBUTING.md for guidelines.
git clone https://github.com/dislovelhl/acgs-lite
cd acgs-lite/packages/acgs-lite
pip install -e ".[dev]"
pytest tests/ --import-mode=importlib
📄 License
Apache-2.0. See LICENSE for details.
Commercial enterprise licences (SLA, support, air-gapped deployment) available at acgs.ai.
Constitutional Hash: 608508a9bd224290 — embedded in every validation path.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
acgs_lite-2.6.0.tar.gz
(929.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
acgs_lite-2.6.0-py3-none-any.whl
(724.4 kB
view details)
File details
Details for the file acgs_lite-2.6.0.tar.gz.
File metadata
- Download URL: acgs_lite-2.6.0.tar.gz
- Upload date:
- Size: 929.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b18dd9a8f72fc131e65d36b6bc1d49ed0de1b5510d80d2384aaa76c8a7101f24
|
|
| MD5 |
0177cf63704e1bbc7b0030c2f6731472
|
|
| BLAKE2b-256 |
ed73c4278b19c0e9868e1c029bceb66dc8fe2778edbda5fb552412a7830ef8ec
|
File details
Details for the file acgs_lite-2.6.0-py3-none-any.whl.
File metadata
- Download URL: acgs_lite-2.6.0-py3-none-any.whl
- Upload date:
- Size: 724.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
111bd3abb3cb2141921863e14fbcc49f2427a79b169e5bc2b6f48d3e0b2020d6
|
|
| MD5 |
adf11bda394a16e3fdb4286d9ac18a12
|
|
| BLAKE2b-256 |
e4cb654f11207115c3b5af367077ba79ffa8d871ba33d8e506b3fffad0ed112e
|
