Skip to main content

Runtime-agnostic governed agent execution — Community Edition

Project description

Sovereign AgentOps — Community Edition

Runtime-agnostic governed agent execution — demo and evaluation edition

License Version Build

What is this?

A standalone demonstration server for the governed MCP execution layer concept. It provides 7 MCP tools that showcase policy enforcement, Ed25519-signed execution receipts, workspace path jailing, and local model routing — with real cryptography, not simulations.

The full Enterprise platform (98 MCP tools, 455+ endpoints, 91+ web UI tabs, constitutional governance, service catalogue, compliance automation, fleet command, agent-owned assets, digital twin simulation, and autonomous incident resolution) is available under a commercial license.

Quickstart

# 1. Install dependencies
pip install cryptography>=41.0.0

# 2. Run the MCP governance server (JSON-RPC over stdio)
python3 tools/mcp_server.py

In another terminal, send it commands:

# List available tools
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | python3 tools/mcp_server.py

# Check if a command is allowed by policy
echo '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"demo_policy_check","arguments":{"command":"git push origin main","path":"/workspace/repo"}}}' | python3 tools/mcp_server.py

# Sign an execution receipt with real Ed25519
echo '{"jsonrpc":"2.0","id":3,"method":"tools/call","params":{"name":"demo_receipt_sign","arguments":{"action":"deploy","target":"web-app"}}}' | python3 tools/mcp_server.py

Docker

docker compose up --build

The server runs in stdio mode inside the container. Send commands via stdin:

echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \
  | docker exec -i agentops-demo python3 tools/mcp_server.py

Tools

Tool Description
demo_policy_check Evaluate whether a command + path is allowed/blocked by policy
demo_receipt_sign Create an Ed25519-signed execution receipt
demo_receipt_verify Verify a receipt's Ed25519 signature
demo_model_route Show which local LLM endpoint would handle a prompt
demo_workspace_jail Check whether a path is confined within a workspace root
demo_audit_log Return recent entries from the in-memory signed audit log
demo_server_info Server metadata: version, public key, crypto backend

Receipt Verification

Every signed receipt includes the server's Ed25519 public key. Use the included CLI tool to verify:

# The server prints its public key on startup (stderr) and in every signed receipt
python3 cli/receipt-verify.py --verify path/to/receipt.json

The server generates a fresh Ed25519 keypair on first run, stored at ~/.config/agentops/ed25519_private.key (permissions 0o400).

Why Sovereign AgentOps?

Teams adopting AI coding agents in regulated environments need to control what commands agents can run, audit every action with cryptographic proof, and operate entirely offline. This community edition demonstrates the concept with real crypto and real policy enforcement — the Enterprise platform delivers the full production stack.

Feature Comparison

Feature Community Enterprise
Policy enforcement (allow/block/detect) 7 demo tools Full production stack
Ed25519-signed execution receipts Yes Yes
Receipt verification CLI Yes Yes
Workspace path jail Demo Full enforcement
Model routing heuristic Demo 15+ provider routing
Signed audit log In-memory SQLite hash-chain
MCP tools 7 demo tools 98 tools (93 static + 5 plugins)
Constitutional governance No 6-layer (Cortex, Policy, Autonomy, Memory, Federation)
Web UI No 91+ tabs (Flask + SocketIO)
PostgreSQL / Redis persistence No Yes
Agent orchestration No Capability registry, message bus, DAG
Service catalogue No Auto-discovery, health, SLA
Observability hub No LLM tracing, SLOs, cost analytics
Compliance automation (SOC2/HIPAA/PCI) No Weighted scoring, PDF reports, SoD
Fleet command No Multi-instance, heartbeat, treaty-gated
Agent-owned assets No Token/data/compute/artifact/credential
Digital twin simulator No What-if analysis, scenario sim
Autonomous incident resolution No ML diagnosis, auto-resolve, pattern learning
Self-negotiating treaties No 6 treaty types, dual-signed
SSO (SAML/OIDC) No Yes
RBAC custom roles No Yes
High-availability cluster No Yes
Commercial license Apache 2.0 Enterprise EULA

Documentation

License

Community Edition is open source under Apache 2.0 with an Enterprise Edition exclusion clause. See LICENSE.community for details.

Enterprise Edition features require a commercial license from FinBridge.


Built on the MCP protocol. Governance, not lock-in.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sovereign_agentops_community-2.1.1.tar.gz (16.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sovereign_agentops_community-2.1.1-py3-none-any.whl (14.1 kB view details)

Uploaded Python 3

File details

Details for the file sovereign_agentops_community-2.1.1.tar.gz.

File metadata

File hashes

Hashes for sovereign_agentops_community-2.1.1.tar.gz
Algorithm Hash digest
SHA256 2e4505cb520be85513715595bfa113ce84090479549ff73823a6e52a0857a4fb
MD5 66459d9a2a00df8834063a2f6750c187
BLAKE2b-256 939f67a94e4d7a7259f1e764beb8b273ad8042e41eba3bf2a92b4e57fa47b5e2

See more details on using hashes here.

File details

Details for the file sovereign_agentops_community-2.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for sovereign_agentops_community-2.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 a5f9f7ea1355aa303106ddc6a53084b179c975b0c873606f9b712050ba41fc67
MD5 8149cc94edfbb3dad46f3cb205ac7150
BLAKE2b-256 d1b9131e8ce47eaceb8c9a5111749968a144d10bd833c5e914912c32f6edf19c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page