PaloNexus SDK — one typed, framework-aware front door over the agent control plane (facade + 10 models + typed errors + DID/VC crypto + idp client). One install: the agentdid + idp_sdk foundations are bundled in. Framework weight is opt-in via extras.
Project description
palonexus
The consolidated, typed, framework-aware PaloNexus SDK — one installable front door over the agent control plane. It wraps (does not replace) the three existing packages, per Appendix B.1 of the SDK & Documentation Update Plan: a lean core plus optional framework extras in a uv/pip workspace.
pip install palonexus # core: facade, 10 models, typed errors, idp client, crypto
pip install 'palonexus[langchain]' # + middleware(), guarded_tool()
pip install 'palonexus[langgraph]' # + governed_node, resume_after_approval
pip install 'palonexus[deepagents]' # + tool_guard, governance middleware, skill loader
pip install 'palonexus[server]' # + FastAPI host
pip install 'palonexus[all]' # everything
What's in the core
| Module | Purpose |
|---|---|
palonexus.client |
The PaloNexus facade (from_env, explicit ctor, offline()), pn.agents, pn.audit, pn.revocation, and the pn.task(...) context manager. |
palonexus.models |
The ten typed abstractions: AgentIdentity, HumanOwner, Delegation, TaskSession, PolicyDecision, Credential, AuditEvent, Resource, AssetType (+ PolicyDecisionLog). |
palonexus.errors |
The typed exception tree (PolicyDenied, ApprovalRequired, DelegationExpired, CredentialRevoked, IdentityNotProvisioned, ControlPlaneUnavailable, GovernanceError). |
palonexus.context |
contextvars + header propagation graduated from the palonexus_agent scaffold. |
palonexus.crypto |
Re-export of the standalone agentdid crypto primitive (ordinary dependency). |
palonexus.idp |
Re-export of the vendored idp_sdk HTTP client (formerly venv-only). |
palonexus.testing |
FakeControlPlane (deny-by-default, seeded Northstar personas), run_hero_flow, SEED_SCENARIOS — the offline seam (no network). |
palonexus.pytest_plugin |
Reusable fixtures offline_pn, fake_control_plane, devops_personas (auto-loaded via the palonexus pytest11 entry point). |
palonexus.langchain |
REM-152 — middleware(pn) + guarded_tool(...): gates tool calls via /authz, interrupts for approval or substitutes a deny ToolMessage. |
palonexus.langgraph |
REM-153 — governed_node(...) + resume_after_approval(pn): deny → interrupt() → approve → re-read, durable checkpointer required. |
palonexus.langchain (REM-152) and palonexus.langgraph (REM-153) are
implemented; palonexus.deepagents is the seam for REM-154. Each is importable on
a base install but requires its extra (palonexus[langchain] / [langgraph]) to
use — the lean-core / opt-in-weight contract (Appendix B.1). Runnable offline
examples live under examples/.
Ten-minute first success (offline)
from palonexus import PaloNexus, PolicyDenied, ApprovalRequired
pn = PaloNexus.offline() # no cluster needed
agent = pn.agents.register(
name="northstar-devops-incident-agent",
owner="ethan.park@northstar.example", # mandatory (governance)
sponsor="maya.chen@northstar.example", # mandatory
scenario="devops-incident",
)
agent.provision()
with pn.task(subject="ethan.park@northstar.example",
task_id="INC-4821", scenario="devops-incident",
actor="northstar-devops-incident-agent") as task:
decision = task.check(action="runbooks:read",
resource="runbooks-api:/runbooks/db-failover")
assert decision.needs_approval # deny-by-default until delegated
Develop in the workspace
# from platform/ (the workspace root)
pip install -e ./agentdid -e ./idp-sdk -e './palonexus[test]'
cd palonexus && python -m pytest
mypy --strict src/palonexus
Deny-by-default
Every governed failure mode is a typed exception. An unreachable decision point
raises ControlPlaneUnavailable — it is never swallowed into a silent allow.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file palonexus-0.1.0-py3-none-any.whl.
File metadata
- Download URL: palonexus-0.1.0-py3-none-any.whl
- Upload date:
- Size: 69.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
91cc0337caac23dad64a13e042cebd9f1106240550b75c466f2b91863d547fcc
|
|
| MD5 |
30931c26e40fae2ac3160e32aa617358
|
|
| BLAKE2b-256 |
9f04953f43631ce3b25567d612f40a038f43572a79569f472f5aae6817aa8959
|
Provenance
The following attestation bundles were made for palonexus-0.1.0-py3-none-any.whl:
Publisher:
release-pypi.yml on rogerchucker/palonexus-platform
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
palonexus-0.1.0-py3-none-any.whl -
Subject digest:
91cc0337caac23dad64a13e042cebd9f1106240550b75c466f2b91863d547fcc - Sigstore transparency entry: 2030417287
- Sigstore integration time:
-
Permalink:
rogerchucker/palonexus-platform@bf2583467af74286206440eb2152d116b611f130 -
Branch / Tag:
refs/tags/palonexus-v0.1.0 - Owner: https://github.com/rogerchucker
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release-pypi.yml@bf2583467af74286206440eb2152d116b611f130 -
Trigger Event:
push
-
Statement type: