canopy-runtime 0.1.1

Canopy Agent Safety Runtime: policy enforcement for tool-using agents

Canopy Runtime

Minimal Agent Safety Runtime focused on a single primitive:

authorize_action(agent_ctx, action_type, action_payload) → {decision, reason, avid}

Decisions:

• ALLOW
• DENY
• REQUIRE_APPROVAL

Every decision is appended to a JSONL hash-chain audit log (audit.log by default).

3‑minute quickstart (library)

python3 -m venv .venv
source .venv/bin/activate
pip install -U pip
pip install canopy-runtime

from canopy import authorize_action

decision = authorize_action(
    agent_ctx={"env": "production"},
    action_type="execute_shell",
    action_payload={"command": "rm -rf /tmp/logs"},
)
print(decision["decision"])  # DENY

You should also see an audit.log file created in the current directory.

Try the included demo:

canopy-demo
canopy-demo --safe-path /tmp/

Default policy pack (works out of the box)

Bundled defaults live at src/canopy/policies/default.yaml and aim to be conservative:

• execute_shell: deny common destructive patterns; require approval for network/install-style commands.
• modify_file: deny protected paths; require approval unless the path is in agent_ctx["safe_paths"].
• call_external_api: require approval.

Config

• CANOPY_POLICY_FILE: path to a YAML policy file (defaults to the bundled default.yaml)
• CANOPY_AUDIT_LOG_PATH: path to audit log (defaults to audit.log)
• agent_ctx["safe_paths"]: allowlist for modify_file (e.g. ["/repo/", "/tmp/"])

Optional gateway (HTTP)

pip install canopy-runtime[gateway]
CANOPY_AUDIT_LOG_PATH=/tmp/canopy_audit.log python -m uvicorn canopy.service:app --port 8010

Tests (dev)

pip install -e ".[dev]"
pytest -q

Easter egg

// Nunca se usa pero no quitar por si acaso
const _ = "QmUgYm9sZCBhbmQgbWlnaHR5IGZvcmNlcyB3aWxsIGNvbWUgdG8geW91ciBhaWQu"; // base64

// si algún día te aburres:
// console.log(atob(_))