Python SDK for Kernel — deterministic governance for AI agents
Project description
onkernel
Python SDK for Kernel — deterministic governance for AI agents.
Install
pip install onkernel
For encrypted response decryption:
pip install onkernel[crypto]
Quick Start
from kernel import Kernel, KernelOutcome
k = Kernel(api_key="ok_live_acme_bot1_abc123")
resp = k.execute(action="send_email", target="user@example.com", params={"body": "Hello"})
match resp.outcome:
case KernelOutcome.ALLOWED:
# resp.result and resp.result_message are populated
print(resp.result_message)
case KernelOutcome.REQUIRES_HUMAN:
# 202 — escalate to your approval queue
approval_id = resp.approval_id
case KernelOutcome.BLOCKED:
# a scanner fired; resp.violations is populated
...
case KernelOutcome.DENIED:
# a policy rule denied; resp.reason explains why
...
ActionResponse always carries a non-empty result_message: str — a
human-readable summary that's safe to surface in an LLM tool-call result.
Handling errors
The denial path raises typed exceptions on 403:
from kernel import (
Kernel,
ScannerBlockedError, # scanner fired (PII, secrets, prompt injection, …)
PolicyDeniedError, # policy rule denied with no scanner involvement
KernelDeniedError, # base / alias — catch both
)
try:
k.execute(action="export_pii_report", target="customers")
except ScannerBlockedError as e:
# e.violation_type, e.violation_details, e.violations
pass
except PolicyDeniedError as e:
# e.rule_id, e.policy_id, e.reason
pass
3-step token flow
session = k.create_session(intent="onboard new customer")
token = k.request_token(session.id, action="create_account", target="stripe")
result = k.execute_token(token.token_id, agent_id="bot1")
Decrypting Responses
When a policy has encryption_enabled: true, responses arrive encrypted:
from kernel import Kernel
from kernel.crypto import load_private_key
k = Kernel(api_key="ok_live_acme_bot1_abc123")
private_key = load_private_key("path/to/private_key.pem")
resp = k.execute(action="fetch_records", target="db")
if resp.encrypted:
data = resp.decrypt(private_key)
Publishing (maintainers)
The SDK is published to PyPI as onkernel. Releases go out via tag push;
the publish.yml workflow handles build + Trusted-Publishing OIDC.
Always release to TestPyPI first. PyPI is fussy about metadata and artifact integrity; a TestPyPI dry-run catches mistakes before they're permanent (PyPI does not allow overwriting a released version).
One-time setup
- Create the project on PyPI:
pip install build twine && python -m build && twine upload --repository testpypi dist/*(first manual upload claims the namespace). - On PyPI → project → Publishing, add a pending publisher:
- Owner:
onkernel-ai - Repository:
kernel-python - Workflow:
publish.yml - Environment:
pypi
- Owner:
- Repeat the publisher binding on test.pypi.org with environment
testpypi. - In the GitHub repo Settings → Environments, create
pypiandtestpypi. Add required reviewers onpypiif you want a release gate.
Cutting a release
- Bump
pyproject.toml[project].versionandsrc/kernel/__init__.py__version__together. - Update
CHANGELOG.md. - Pre-release dry-run:
git tag v0.X.Y-rc.1 git push --tags
Thepublish.ymlworkflow detects the-rc.Nsuffix and routes to TestPyPI. Validate:pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple/ onkernel==0.X.Y-rc.1 python -c "from kernel import Kernel, KernelOutcome; print(KernelOutcome.ALLOWED)"
- Real release:
git tag v0.X.Y git push --tags
The same workflow routes the un-suffixed tag to real PyPI.
The workflow verifies that the tag matches pyproject.toml [project].version
before building — a mismatched tag fails fast instead of publishing the
wrong artifact.
Fallback: manual API token
If Trusted Publishing isn't yet bound, set repo secret PYPI_API_TOKEN
and replace the OIDC publish step with:
- run: twine upload -u __token__ -p "$PYPI_API_TOKEN" dist/*
Tokens carry blast-radius risk (leak = arbitrary release). Migrate to OIDC as soon as the binding is approved on the PyPI side.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file onkernel-0.2.0.tar.gz.
File metadata
- Download URL: onkernel-0.2.0.tar.gz
- Upload date:
- Size: 16.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
046ad5474091478b257c78fffe12c9bd39cc41184160661c3814a318d6a7a45a
|
|
| MD5 |
5540c9bcd91c644b7f38ae359cd84663
|
|
| BLAKE2b-256 |
281a4d93571b3911d00c4b80f7a65184386cd57caa7cfecced353d6028c931f7
|
Provenance
The following attestation bundles were made for onkernel-0.2.0.tar.gz:
Publisher:
publish.yml on onkernel-ai/kernel-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
onkernel-0.2.0.tar.gz -
Subject digest:
046ad5474091478b257c78fffe12c9bd39cc41184160661c3814a318d6a7a45a - Sigstore transparency entry: 1863327410
- Sigstore integration time:
-
Permalink:
onkernel-ai/kernel-python@8327867eee1e6da5fd90bd73458508d5aa1d8811 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/onkernel-ai
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@8327867eee1e6da5fd90bd73458508d5aa1d8811 -
Trigger Event:
push
-
Statement type:
File details
Details for the file onkernel-0.2.0-py3-none-any.whl.
File metadata
- Download URL: onkernel-0.2.0-py3-none-any.whl
- Upload date:
- Size: 17.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
81af70ff3f13c5a7405c3bcc989d23147745da7fd48537405090ed4796b2aa5d
|
|
| MD5 |
d23ac6fef5943dbca8f75e3775b7b1b6
|
|
| BLAKE2b-256 |
a3a48737e63eb618ff95b8421d9160266cdcff4cb25693d917df445f5bd2ce07
|
Provenance
The following attestation bundles were made for onkernel-0.2.0-py3-none-any.whl:
Publisher:
publish.yml on onkernel-ai/kernel-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
onkernel-0.2.0-py3-none-any.whl -
Subject digest:
81af70ff3f13c5a7405c3bcc989d23147745da7fd48537405090ed4796b2aa5d - Sigstore transparency entry: 1863327618
- Sigstore integration time:
-
Permalink:
onkernel-ai/kernel-python@8327867eee1e6da5fd90bd73458508d5aa1d8811 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/onkernel-ai
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@8327867eee1e6da5fd90bd73458508d5aa1d8811 -
Trigger Event:
push
-
Statement type: