Skip to main content

Agent OS MVP — agentos_kernel, MCP governance gateway, Neo4j semantic ontology

Project description

🛡️ Agent OS

CI Status License Python Versions Handbook

A secure, self-healing, and strictly governed runtime environment for LLM Agents.

🇨🇳 简体中文 (Chinese README)


💡 What is Agent OS?

LLM Agents are powerful, but giving them raw access to shell commands, filesystems, and databases invites disaster (e.g., prompt injection leading to file loss, looping code execution causing token overspend).

Agent OS is a lightweight, low-level runtime safety and governance framework that serves as a "Security Moat" between LLM agents and physical operating systems / databases. It intercepts, sanitizes, and cryptographic-governs all agent inputs, system executions, and data writes.


⚖️ Why Agent OS?

Security Features Raw Agent SDK (e.g. LangChain, LlamaIndex) Agent OS Runtime
Filesystem Safety ❌ None (raw path manipulation allowed) ✅ Strict sandbox directory restrictions (allowed_paths)
Command Execution ❌ Run any command (exec / system) ✅ Rigid whitelist control & shell argument sanitization
Prompt Injection ❌ Vulnerable to prompt jailbreaks ✅ Run-time SemanticFirewall input sanitization
Runaway Breaker ❌ Infinite loops leading to high API bill BillingFuse spending quotas & CircuitBreaker logic
Database Writes ❌ Raw Cypher/SQL queries execution ✅ Cryptographic WriteGate 3-stage validation + SHACL

🔌 MCP Server (Claude Desktop Integration)

Agent OS can run as a Model Context Protocol (MCP) server, providing a "Governance Gateway" for Claude Desktop and other MCP-compatible clients.

3-Line Setup for Claude Desktop

Edit your claude_desktop_config.json:

{
  "mcpServers": {
    "agent-os": {
      "command": "agentos",
      "args": ["start-mcp", "--port", "8100"]
    }
  }
}

That's it! Your Claude Desktop agent is now strictly governed by Agent OS's semantic firewall and write gates.


🚀 Quick Start (Local Development)

1. Spin up Safe Storage (Neo4j & Langfuse)

We provide a pre-configured community Docker stack:

docker compose -f docker/docker-compose.yml up -d

2. Install Dependencies

pip install -e ".[dev]"

3. Run the E2E Integration Verification

Test the entire safety cycle (firewall, billing fuse, and database write checks) in one go:

export RYUK_DISABLED=true
python3 -m pytest tests/ -v

4. Execute the Demo Script

Observe the runtime in action:

agentos loop run --task "Run demo"
# or python3 scripts/run_demo.py

🛡️ Three-Tier Testing Constitution

We enforce a strict quality gate in our development workflow:

  1. L1 Unit Tests: No external dependencies. Run logic check.
  2. L2 Integration Tests: Uses testcontainers to launch actual Neo4j instances to check actual transactional batch writes.
  3. L3 E2E Tests: Simulates full user flow (e.g. employee onboarding SOP card approvals).

Please read our Contributing Guide for more details.


🏗️ Architecture & Control Flow

Agent OS integrates safety hooks directly into the kernel dispatch cycle:

graph TD
    User([Agent Input]) -->|1. Dispatch| Kernel[AgentOSKernel]
    
    subgraph Pre-Dispatch Hooks
        Kernel -->|2. Scan| Firewall[SemanticFirewall]
        Kernel -->|3. Check Breaker| Breaker[CircuitBreaker]
    end
    
    subgraph Governance Moat
        Kernel -->|4. Validate| AutonomyPolicy[AutonomyPolicy]
        Kernel -->|5. Validate SHACL| WriteGate[WriteGate]
        WriteGate -->|6. Check Nonce| NonceCheck{Valid Nonce?}
    end
    
    NonceCheck -->|Yes| Database[(Neo4j Community)]
    NonceCheck -->|No| Block[Block Write & Fail]
    
    subgraph Post-Dispatch Hooks
        Kernel -->|7. Audit Token| Billing[BillingFuse]
    end
    
    Billing -->|Output| Response([Safe Action Output])

📄 License

Distributed under the MIT License. See LICENSE for more information.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_os_oss-0.1.0.tar.gz (257.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_os_oss-0.1.0-py3-none-any.whl (60.0 kB view details)

Uploaded Python 3

File details

Details for the file agent_os_oss-0.1.0.tar.gz.

File metadata

  • Download URL: agent_os_oss-0.1.0.tar.gz
  • Upload date:
  • Size: 257.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for agent_os_oss-0.1.0.tar.gz
Algorithm Hash digest
SHA256 b029cf40bac83298ce4670075f32c871b96f4e048dbfd9b5188c74305f004acf
MD5 a76ed187dc2929fd2381025d04dafb71
BLAKE2b-256 7d23bfc086e278612c2c669ae99a2bdc3a413694f38039efa382e742d6d0296e

See more details on using hashes here.

File details

Details for the file agent_os_oss-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: agent_os_oss-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 60.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for agent_os_oss-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 70c6294857642b6769c3e24cf950271e0c34ec6fb7388e3ace48c4f8065dd18e
MD5 51f2787dc48ebbd60290e4f18f65c472
BLAKE2b-256 133d26eacf3de4cb03e2eb23cf23db70aa436e7dca476ec835e6e82c793a1425

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page