Computational constitutional governance for AI agent systems
Project description
agentgov
Computational constitutional governance for AI agent systems.
agentgov provides algebraically-verified primitives for governing multi-agent systems: consent contracts, information flow control, principal delegation, provenance tracking, and compositional policy enforcement. Zero dependencies beyond PyYAML. Extracted from hapax-council, where it governs 200+ AI agents in production.
Install
pip install hapax-agentgov
Core Concepts
Principals
Actors in the system. Sovereign principals (humans) originate consent; bound principals (agents) operate under delegated authority with non-amplification guarantees.
from agentgov import Principal, PrincipalKind
operator = Principal(id="operator", kind=PrincipalKind.SOVEREIGN)
agent = operator.delegate("sync-agent", frozenset({"email", "calendar"}))
sub = agent.delegate("sub-agent", frozenset({"email"})) # narrows authority
Consent Labels (DLM Join-Semilattice)
Information flow labels track who may read data. Labels combine via join — combining data with different consent requirements produces the most restrictive combination.
from agentgov import ConsentLabel
public = ConsentLabel.bottom() # no restrictions
restricted = ConsentLabel(frozenset({("alice", frozenset({"bob"}))}))
combined = public.join(restricted) # most restrictive wins
assert public.can_flow_to(combined) # less restrictive flows to more
Labeled Values (LIO-Style)
Wrap any value with its consent label and why-provenance.
from agentgov import Labeled, ConsentLabel
data = Labeled(value="secret", label=restricted, provenance=frozenset({"contract-1"}))
transformed = data.map(str.upper) # label preserved through transformations
Provenance Semirings
Track WHY data exists using algebraic provenance (Green et al., PODS 2007). Supports tensor (both required) and plus (either sufficient) composition.
from agentgov import ProvenanceExpr
combined = ProvenanceExpr.leaf("c1").tensor(ProvenanceExpr.leaf("c2"))
assert combined.evaluate(frozenset({"c1", "c2"})) # both active: survives
assert not combined.evaluate(frozenset({"c1"})) # one revoked: purged
Governor (Per-Agent Policy Enforcement)
Each agent gets a governance wrapper that validates inputs/outputs at boundaries. Pure validation layer — allows or denies, never modifies.
from agentgov import GovernorWrapper, GovernorPolicy, Labeled, ConsentLabel
gov = GovernorWrapper("my-agent")
gov.add_input_policy(GovernorPolicy(
name="require-consent",
check=lambda agent_id, data: data.label != ConsentLabel.bottom(),
axiom_id="consent",
))
result = gov.check_input(Labeled(value="data", label=ConsentLabel.bottom()))
assert not result.allowed
VetoChain (Deny-Wins Composition)
Order-independent constraint composition. Any denial blocks the action.
from agentgov import VetoChain, Veto
chain = VetoChain([
Veto("budget", lambda ctx: ctx["budget"] > 0),
Veto("auth", lambda ctx: ctx["authenticated"]),
])
result = chain.evaluate({"budget": 100, "authenticated": False})
assert not result.allowed
assert "auth" in result.denied_by
Says Monad (DCC Attribution)
Principal-annotated assertions following Abadi's DCC formalism. Threads authority through data transformations.
from agentgov import Says, Principal, PrincipalKind
operator = Principal(id="op", kind=PrincipalKind.SOVEREIGN)
assertion = Says.unit(operator, "approved")
delegated = assertion.handoff(operator.delegate("agent", frozenset({"approve"})))
Revocation Cascade
When a consent contract is revoked, all data whose provenance includes that contract is automatically purged across registered subsystems.
from agentgov import ConsentRegistry, RevocationPropagator, CarrierRegistry
registry = ConsentRegistry()
propagator = RevocationPropagator(registry)
propagator.register_carrier_registry(carrier_reg)
report = propagator.revoke("alice") # cascading purge
Algebraic Properties (Hypothesis-Verified)
- ConsentLabel: join-semilattice (associative, commutative, idempotent, bottom identity)
- Labeled[T]: functor laws (identity, composition)
- Principal: non-amplification (bound authority <= delegator authority)
- ProvenanceExpr: PosBool(X) semiring (plus/tensor commutativity, associativity, distributivity, annihilation)
- VetoChain: monotonic (adding vetoes only restricts, never permits)
- Governor: consistent with can_flow_to
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file hapax_agentgov-0.2.0.tar.gz.
File metadata
- Download URL: hapax_agentgov-0.2.0.tar.gz
- Upload date:
- Size: 34.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.9 {"installer":{"name":"uv","version":"0.10.9","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"CachyOS Linux","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
56f48a6c57639f817c5b288f7bc9f38a082313a99f9197d77eaf34d606c6ef40
|
|
| MD5 |
b2041d61cc001255f69c597bbb0f2009
|
|
| BLAKE2b-256 |
b8181c8db7dae445776fc0b43dd0ac391e0b133196fac5fc18ad3f6404bbce1a
|
File details
Details for the file hapax_agentgov-0.2.0-py3-none-any.whl.
File metadata
- Download URL: hapax_agentgov-0.2.0-py3-none-any.whl
- Upload date:
- Size: 24.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.9 {"installer":{"name":"uv","version":"0.10.9","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"CachyOS Linux","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2fb6926aca0364529eb690cc638afbd897d53b669d12fcc4fb1ab31021ca90ef
|
|
| MD5 |
9d5d62b1adea3494516b492aaf0563ea
|
|
| BLAKE2b-256 |
b2aec04bcb58b312a7684745b5998d0c503ff4cd5b8fa901535152c1bdb84d3c
|
