Agent OS MVP — agentos_kernel, MCP governance gateway, Neo4j semantic ontology
Project description
🛡️ Agent OS
A secure, self-healing, and strictly governed runtime environment for LLM Agents.
💡 What is Agent OS?
LLM Agents are powerful, but giving them raw access to shell commands, filesystems, and databases invites disaster (e.g., prompt injection leading to file loss, looping code execution causing token overspend).
Agent OS is a lightweight, low-level runtime safety and governance framework that serves as a "Security Moat" between LLM agents and physical operating systems / databases. It intercepts, sanitizes, and cryptographic-governs all agent inputs, system executions, and data writes.
⚖️ Why Agent OS?
| Security Features | Raw Agent SDK (e.g. LangChain, LlamaIndex) | Agent OS Runtime |
|---|---|---|
| Filesystem Safety | ❌ None (raw path manipulation allowed) | ✅ Strict sandbox directory restrictions (allowed_paths) |
| Command Execution | ❌ Run any command (exec / system) | ✅ Rigid whitelist control & shell argument sanitization |
| Prompt Injection | ❌ Vulnerable to prompt jailbreaks | ✅ Run-time SemanticFirewall input sanitization |
| Runaway Breaker | ❌ Infinite loops leading to high API bill | ✅ BillingFuse spending quotas & CircuitBreaker logic |
| Database Writes | ❌ Raw Cypher/SQL queries execution | ✅ Cryptographic WriteGate 3-stage validation + SHACL |
🔌 MCP Server (Claude Desktop Integration)
Agent OS can run as a Model Context Protocol (MCP) server, providing a "Governance Gateway" for Claude Desktop and other MCP-compatible clients.
3-Line Setup for Claude Desktop
Edit your claude_desktop_config.json:
{
"mcpServers": {
"agent-os": {
"command": "agentos",
"args": ["start-mcp", "--port", "8100"]
}
}
}
That's it! Your Claude Desktop agent is now strictly governed by Agent OS's semantic firewall and write gates.
🚀 Quick Start (Local Development)
1. Spin up Safe Storage (Neo4j & Langfuse)
We provide a pre-configured community Docker stack:
docker compose -f docker/docker-compose.yml up -d
2. Install Dependencies
pip install -e ".[dev]"
3. Run the E2E Integration Verification
Test the entire safety cycle (firewall, billing fuse, and database write checks) in one go:
export RYUK_DISABLED=true
python3 -m pytest tests/ -v
4. Execute the Demo Script
Observe the runtime in action:
agentos loop run --task "Run demo"
# or python3 scripts/run_demo.py
🛡️ Three-Tier Testing Constitution
We enforce a strict quality gate in our development workflow:
- L1 Unit Tests: No external dependencies. Run logic check.
- L2 Integration Tests: Uses
testcontainersto launch actual Neo4j instances to check actual transactional batch writes. - L3 E2E Tests: Simulates full user flow (e.g. employee onboarding SOP card approvals).
Please read our Contributing Guide for more details.
🏗️ Architecture & Control Flow
Agent OS integrates safety hooks directly into the kernel dispatch cycle:
graph TD
User([Agent Input]) -->|1. Dispatch| Kernel[AgentOSKernel]
subgraph Pre-Dispatch Hooks
Kernel -->|2. Scan| Firewall[SemanticFirewall]
Kernel -->|3. Check Breaker| Breaker[CircuitBreaker]
end
subgraph Governance Moat
Kernel -->|4. Validate| AutonomyPolicy[AutonomyPolicy]
Kernel -->|5. Validate SHACL| WriteGate[WriteGate]
WriteGate -->|6. Check Nonce| NonceCheck{Valid Nonce?}
end
NonceCheck -->|Yes| Database[(Neo4j Community)]
NonceCheck -->|No| Block[Block Write & Fail]
subgraph Post-Dispatch Hooks
Kernel -->|7. Audit Token| Billing[BillingFuse]
end
Billing -->|Output| Response([Safe Action Output])
📄 License
Distributed under the MIT License. See LICENSE for more information.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent_os_oss-0.1.0.tar.gz.
File metadata
- Download URL: agent_os_oss-0.1.0.tar.gz
- Upload date:
- Size: 257.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b029cf40bac83298ce4670075f32c871b96f4e048dbfd9b5188c74305f004acf
|
|
| MD5 |
a76ed187dc2929fd2381025d04dafb71
|
|
| BLAKE2b-256 |
7d23bfc086e278612c2c669ae99a2bdc3a413694f38039efa382e742d6d0296e
|
File details
Details for the file agent_os_oss-0.1.0-py3-none-any.whl.
File metadata
- Download URL: agent_os_oss-0.1.0-py3-none-any.whl
- Upload date:
- Size: 60.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
70c6294857642b6769c3e24cf950271e0c34ec6fb7388e3ace48c4f8065dd18e
|
|
| MD5 |
51f2787dc48ebbd60290e4f18f65c472
|
|
| BLAKE2b-256 |
133d26eacf3de4cb03e2eb23cf23db70aa436e7dca476ec835e6e82c793a1425
|