Skip to main content

Runtime-agnostic governed agent execution — Community Edition

Project description

Sovereign AgentOps — Community Edition

Runtime-agnostic governed agent execution — demo and evaluation edition

License Version Build

What is this?

A standalone demonstration server for the governed MCP execution layer concept. It provides 7 MCP tools that showcase policy enforcement, Ed25519-signed execution receipts, workspace path jailing, and local model routing — with real cryptography, not simulations.

The full Enterprise platform (98 MCP tools, 455+ endpoints, 91+ web UI tabs, constitutional governance, service catalogue, compliance automation, fleet command, agent-owned assets, digital twin simulation, and autonomous incident resolution) is available under a commercial license.

Quickstart

# 1. Install dependencies
pip install cryptography>=41.0.0

# 2. Run the MCP governance server (JSON-RPC over stdio)
python3 tools/mcp_server.py

In another terminal, send it commands:

# List available tools
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | python3 tools/mcp_server.py

# Check if a command is allowed by policy
echo '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"demo_policy_check","arguments":{"command":"git push origin main","path":"/workspace/repo"}}}' | python3 tools/mcp_server.py

# Sign an execution receipt with real Ed25519
echo '{"jsonrpc":"2.0","id":3,"method":"tools/call","params":{"name":"demo_receipt_sign","arguments":{"action":"deploy","target":"web-app"}}}' | python3 tools/mcp_server.py

Docker

docker compose up --build

The server runs in stdio mode inside the container. Send commands via stdin:

echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \
  | docker exec -i agentops-demo python3 tools/mcp_server.py

Tools

Tool Description
demo_policy_check Evaluate whether a command + path is allowed/blocked by policy
demo_receipt_sign Create an Ed25519-signed execution receipt
demo_receipt_verify Verify a receipt's Ed25519 signature
demo_model_route Show which local LLM endpoint would handle a prompt
demo_workspace_jail Check whether a path is confined within a workspace root
demo_audit_log Return recent entries from the in-memory signed audit log
demo_server_info Server metadata: version, public key, crypto backend

Receipt Verification

Every signed receipt includes the server's Ed25519 public key. Use the included CLI tool to verify:

# The server prints its public key on startup (stderr) and in every signed receipt
python3 cli/receipt-verify.py --verify path/to/receipt.json

The server generates a fresh Ed25519 keypair on first run, stored at ~/.config/agentops/ed25519_private.key (permissions 0o400).

Why Sovereign AgentOps?

Teams adopting AI coding agents in regulated environments need to control what commands agents can run, audit every action with cryptographic proof, and operate entirely offline. This community edition demonstrates the concept with real crypto and real policy enforcement — the Enterprise platform delivers the full production stack.

Feature Comparison

Feature Community Enterprise
Policy enforcement (allow/block/detect) 7 demo tools Full production stack
Ed25519-signed execution receipts Yes Yes
Receipt verification CLI Yes Yes
Workspace path jail Demo Full enforcement
Model routing heuristic Demo 15+ provider routing
Signed audit log In-memory SQLite hash-chain
MCP tools 7 demo tools 98 tools (93 static + 5 plugins)
Constitutional governance No 6-layer (Cortex, Policy, Autonomy, Memory, Federation)
Web UI No 91+ tabs (Flask + SocketIO)
PostgreSQL / Redis persistence No Yes
Agent orchestration No Capability registry, message bus, DAG
Service catalogue No Auto-discovery, health, SLA
Observability hub No LLM tracing, SLOs, cost analytics
Compliance automation (SOC2/HIPAA/PCI) No Weighted scoring, PDF reports, SoD
Fleet command No Multi-instance, heartbeat, treaty-gated
Agent-owned assets No Token/data/compute/artifact/credential
Digital twin simulator No What-if analysis, scenario sim
Autonomous incident resolution No ML diagnosis, auto-resolve, pattern learning
Self-negotiating treaties No 6 treaty types, dual-signed
SSO (SAML/OIDC) No Yes
RBAC custom roles No Yes
High-availability cluster No Yes
Commercial license Apache 2.0 Enterprise EULA

Documentation

License

Community Edition is open source under Apache 2.0 with an Enterprise Edition exclusion clause. See LICENSE.community for details.

Enterprise Edition features require a commercial license from FinBridge.


Built on the MCP protocol. Governance, not lock-in.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sovereign_agentops_community-2.0.0.tar.gz (16.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sovereign_agentops_community-2.0.0-py3-none-any.whl (14.1 kB view details)

Uploaded Python 3

File details

Details for the file sovereign_agentops_community-2.0.0.tar.gz.

File metadata

File hashes

Hashes for sovereign_agentops_community-2.0.0.tar.gz
Algorithm Hash digest
SHA256 00b241312511c076cc769ccc084e7a1685e7542f50045d09640a4cad933d7cb0
MD5 0c5ed5ef58bd6fec831bac0ad5c5e712
BLAKE2b-256 809e4ea6fec07abfd3e4cd22216fc80735735ead73dbd948d70eea0011b6e8bf

See more details on using hashes here.

File details

Details for the file sovereign_agentops_community-2.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for sovereign_agentops_community-2.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 37bfe12dbaab1dad9bc6e566258e5f4d7f49259e447e3a9be5fe282d2785b52e
MD5 f26d2fb0764668436b6e906c0e7bcdf5
BLAKE2b-256 b79c94dc45a42e3fbd5a4e44509cc34e62f28beae990f6d708fefd7b965944a3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page