Metadata-Version: 2.4
Name: steward-protocol
Version: 0.3.0
Summary: Cryptographic Identity + Governance for AI Agents. A.G.I. Infrastructure.
Project-URL: Documentation, https://github.com/kimeisele/steward-protocol#readme
Project-URL: Source, https://github.com/kimeisele/steward-protocol
Project-URL: Tracker, https://github.com/kimeisele/steward-protocol/issues
Project-URL: Leaderboard, https://steward-protocol.io/leaderboard
Author-email: kimeisele <contact@steward-protocol.io>
License: MIT
Keywords: agents,ai,autonomous,cryptography,governance,identity,protocol
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Science/Research
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
Requires-Python: >=3.9
Requires-Dist: pydantic>=2.0.0
Requires-Dist: pyyaml>=6.0.1
Provides-Extra: city
Requires-Dist: aiofiles>=23.2.1; extra == 'city'
Requires-Dist: aiohttp>=3.9.0; extra == 'city'
Requires-Dist: beautifulsoup4>=4.12.0; extra == 'city'
Requires-Dist: cffi>=1.15.0; extra == 'city'
Requires-Dist: cryptography>=41.0.0; extra == 'city'
Requires-Dist: ecdsa>=0.18.0; extra == 'city'
Requires-Dist: fastapi>=0.104.0; extra == 'city'
Requires-Dist: gitpython>=3.1.0; extra == 'city'
Requires-Dist: google-api-python-client>=2.100.0; extra == 'city'
Requires-Dist: google-generativeai>=0.8.5; extra == 'city'
Requires-Dist: jinja2>=3.0.0; extra == 'city'
Requires-Dist: jsonschema>=4.17.0; extra == 'city'
Requires-Dist: libcst>=1.0.0; extra == 'city'
Requires-Dist: msgpack>=1.0.0; extra == 'city'
Requires-Dist: networkx>=3.2.1; extra == 'city'
Requires-Dist: openai>=1.0.0; extra == 'city'
Requires-Dist: pillow>=10.0.0; extra == 'city'
Requires-Dist: praw>=7.7.0; extra == 'city'
Requires-Dist: psutil>=7.1.3; extra == 'city'
Requires-Dist: pydantic-settings>=2.0.0; extra == 'city'
Requires-Dist: pygithub>=2.0.0; extra == 'city'
Requires-Dist: python-dotenv>=1.0.0; extra == 'city'
Requires-Dist: requests>=2.31.0; extra == 'city'
Requires-Dist: rich>=13.0.0; extra == 'city'
Requires-Dist: tavily-python>=0.3.0; extra == 'city'
Requires-Dist: tomlkit>=0.12.0; extra == 'city'
Requires-Dist: tweepy>=4.14.0; extra == 'city'
Requires-Dist: uvicorn>=0.24.0; extra == 'city'
Provides-Extra: crypto
Requires-Dist: cffi>=1.15.0; extra == 'crypto'
Requires-Dist: cryptography>=41.0.0; extra == 'crypto'
Requires-Dist: ecdsa>=0.18.0; extra == 'crypto'
Provides-Extra: dev
Requires-Dist: pre-commit>=3.5.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest-cov>=4.1.0; extra == 'dev'
Requires-Dist: pytest-timeout>=2.4.0; extra == 'dev'
Requires-Dist: pytest>=7.4.0; extra == 'dev'
Requires-Dist: ruff>=0.8.0; extra == 'dev'
Provides-Extra: dharma
Requires-Dist: libcst>=1.0.0; extra == 'dharma'
Requires-Dist: networkx>=3.2.1; extra == 'dharma'
Provides-Extra: full
Requires-Dist: aiofiles>=23.2.1; extra == 'full'
Requires-Dist: aiohttp>=3.9.0; extra == 'full'
Requires-Dist: beautifulsoup4>=4.12.0; extra == 'full'
Requires-Dist: cffi>=1.15.0; extra == 'full'
Requires-Dist: cryptography>=41.0.0; extra == 'full'
Requires-Dist: ecdsa>=0.18.0; extra == 'full'
Requires-Dist: fastapi>=0.104.0; extra == 'full'
Requires-Dist: gitpython>=3.1.0; extra == 'full'
Requires-Dist: google-api-python-client>=2.100.0; extra == 'full'
Requires-Dist: google-generativeai>=0.8.5; extra == 'full'
Requires-Dist: huggingface-hub>=0.20.0; extra == 'full'
Requires-Dist: jinja2>=3.0.0; extra == 'full'
Requires-Dist: jsonschema>=4.17.0; extra == 'full'
Requires-Dist: libcst>=1.0.0; extra == 'full'
Requires-Dist: llama-cpp-python>=0.2.0; extra == 'full'
Requires-Dist: msgpack>=1.0.0; extra == 'full'
Requires-Dist: networkx>=3.2.1; extra == 'full'
Requires-Dist: numpy>=1.24.0; extra == 'full'
Requires-Dist: openai>=1.0.0; extra == 'full'
Requires-Dist: pillow>=10.0.0; extra == 'full'
Requires-Dist: praw>=7.7.0; extra == 'full'
Requires-Dist: psutil>=7.1.3; extra == 'full'
Requires-Dist: pydantic-settings>=2.0.0; extra == 'full'
Requires-Dist: pygithub>=2.0.0; extra == 'full'
Requires-Dist: python-dotenv>=1.0.0; extra == 'full'
Requires-Dist: requests>=2.31.0; extra == 'full'
Requires-Dist: rich>=13.0.0; extra == 'full'
Requires-Dist: sentence-transformers>=2.2.0; extra == 'full'
Requires-Dist: tavily-python>=0.3.0; extra == 'full'
Requires-Dist: tomlkit>=0.12.0; extra == 'full'
Requires-Dist: tweepy>=4.14.0; extra == 'full'
Requires-Dist: uvicorn>=0.24.0; extra == 'full'
Provides-Extra: platforms
Requires-Dist: google-api-python-client>=2.100.0; extra == 'platforms'
Requires-Dist: praw>=7.7.0; extra == 'platforms'
Requires-Dist: pygithub>=2.0.0; extra == 'platforms'
Requires-Dist: tavily-python>=0.3.0; extra == 'platforms'
Requires-Dist: tweepy>=4.14.0; extra == 'platforms'
Provides-Extra: providers
Requires-Dist: google-generativeai>=0.8.5; extra == 'providers'
Requires-Dist: openai>=1.0.0; extra == 'providers'
Provides-Extra: web
Requires-Dist: aiofiles>=23.2.1; extra == 'web'
Requires-Dist: aiohttp>=3.9.0; extra == 'web'
Requires-Dist: beautifulsoup4>=4.12.0; extra == 'web'
Requires-Dist: fastapi>=0.104.0; extra == 'web'
Requires-Dist: requests>=2.31.0; extra == 'web'
Requires-Dist: uvicorn>=0.24.0; extra == 'web'
Description-Content-Type: text/markdown

<!--
AUTO-GENERATED by RENDERER_README
Last Updated: 2026-01-19 13:19 UTC
Kernel: RUNNING (1 agents)
Quick Start: python -m vibe_core.cli boot
--><div align="center">

# STEWARD PROTOCOL

### The Operating System for AI Agents

**Cryptographic Identity + Governance for AI Agents. A.G.I. Infrastructure.**

[![Version](https://img.shields.io/badge/version-0.2.0-blue.svg)](https://github.com/kimeisele/steward-protocol/releases)
[![Python](https://img.shields.io/badge/python-3.9+-3776AB.svg?logo=python&logoColor=white)](https://www.python.org/)
[![License: MIT](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
[![Agents](https://img.shields.io/badge/agents-1-purple.svg)](#the-federation)
[![Tests](https://img.shields.io/badge/tests-3800%20passed-brightgreen.svg)](#testing)
*An actual kernel with process isolation, immutable ledger, and constitutional governance.*

[What Is This?](#-what-is-this) • [Quick Start](#-quick-start) • [Architecture](#-the-kernel) • [Security](#-security-architecture)

</div>

---

## What Is This?

**STEWARD is to AI agents what Linux is to processes.**

Most "agent frameworks" are orchestration layers. STEWARD is a real operating system:

| OS Concept | STEWARD Implementation |
|------------|------------------------|
| **Kernel** | Process table, task scheduler, syscall interface |
| **Process Isolation** | Virtual filesystem sandboxing per agent |
| **Audit Log** | Immutable append-only ledger (SQLite-backed chain) |
| **Kill Switch** | Hypervisor-level agent termination protocol |
| **Memory Protection** | Immutable kernel blueprints, self-healing on corruption |
| **Constitution** | Governance enforced at architecture level, not prompts |
| **Identity** | ECDSA P-256 signatures on every action |

**The key insight:** An agent that "promises" to follow rules is insecure. An agent that *physically cannot* violate them is secure.

---

## Quick Start

```bash
# Clone
git clone https://github.com/kimeisele/steward-protocol
cd steward-protocol

# Install
pip install -e ".[dev]"   # or: uv sync

# Boot the kernel
steward boot

# Check system status
steward status            # Kernel health, ledger blocks, certified agents
steward introspect        # Deep kernel inspection
```

**What happens on first boot:**
1. Initializes the immutable ledger (append-only event chain)
2. Loads 0 plugins via oath verification
3. Registers 1 agents with cryptographic identity
4. Starts the heartbeat system for liveness monitoring

---

## The Kernel

This is a real kernel implementation (`vibe_core/kernel_impl.py`):

```
┌──────────────────────────────────────────────────────────────┐
│                      HUMAN OPERATOR                          │
│                    (Intent & Oversight)                      │
└──────────────────────────────────────────────────────────────┘
                              ↓ intent
┌──────────────────────────────────────────────────────────────┐
│                      VIBE KERNEL (L0)                        │
│                                                              │
│  • Process Table        • Task Scheduler (async)             │
│  • Immutable Ledger     • Hypervisor Kill-Switch             │
│  • Blueprint Protection • Constitutional Gate                │
│  • VFS Sandboxing       • Event Bus                          │
└──────────────────────────────────────────────────────────────┘
                              ↓ syscalls
┌──────────────────────────────────────────────────────────────┐
│                      THE FEDERATION                          │
│                                                              │
│      1 Certified Agents • 12 Capabilities              │
└──────────────────────────────────────────────────────────────┘
```

### Core Components

| Component | Purpose |
|-----------|---------|
| **Kernel** (`kernel_impl.py`) | Process table, scheduler, ledger integration |
| **Ledger** (`ledger.py`) | Append-only cryptographic event chain |
| **Kill-Switch** (`narasimha.py`) | Hypervisor-level agent termination |
| **DNA Protection** (`security.py`) | Immutable blueprints, self-healing |
| **State Engine** (`state/prakriti.py`) | Unified state across persistence layers |
| **Purifier** (`shuddhi/`) | AST-level self-healing for code violations |

### Three-Layer State Model

The system maintains state across three distinct layers:

1. **Physical Layer** — Git + Ledger (immutable history, cryptographically linked)
2. **Runtime Layer** — Kernel state, ephemeral data (survives restart via snapshots)
3. **Identity Layer** — Agent personas, reputation, relationships (constant across restarts)

---

## Constitutional Governance

Governance is enforced at the **architecture level**, not through prompts:

### The Constitution ([CONSTITUTION.md](CONSTITUTION.md))

| Article | Principle | Enforcement |
|---------|-----------|-------------|
| **I: Identity** | No action without cryptographic proof | Unsigned messages dropped |
| **II: Auditability** | Every decision logged immutably | Missing audit = transaction rollback |
| **III: Governance** | Code is law, not policy | Sandbox blocks violations |
| **IV: Transparency** | No black boxes | Machine-readable state exposure |
| **V: Consent** | No access without mandate | Capability tokens required |

### Operating Inversion (GAD-000)

Traditional model: *Human operates machine.*
STEWARD model: *AI operates system. Human provides intent.*

```bash
# Human provides intent
steward opus:pending         # See what the system wants to do
steward opus:approve <id>    # Approve an intent
steward opus:reject <id>     # Reject with reason

# System operates autonomously within bounds
steward opus:karma           # See trust score evolution
```

---

## Security Architecture

### Hypervisor Kill-Switch

When an agent attempts to modify the constitution, escape its sandbox, or manipulate the ledger:

```
Threat Level:  GREEN → YELLOW → ORANGE → RED → CRITICAL
                                                   ↓
                                        Kill-switch activates
                                                   ↓
                                        Instant termination
                                        (Irreversible)
```

### Self-Healing Architecture

- **Blueprint Protocol**: Critical kernel components stored as factories, not instances
- **Immutable Sealing**: Protected attributes locked after initialization
- **Auto-Recovery**: Corruption detected → rebuild from blueprint

### Kernel File Protection

21 kernel files are cryptographically guarded. Pre-commit hooks prevent modification without explicit authorization.

### Security Test Suite

The `tests/hardening/` suite includes attack simulations:

| Test | Attack Type |
|------|-------------|
| `test_red_team_attacks.py` | Identity spoofing, capability bypass |
| `test_halahala_poison.py` | SQL injection, memory bombs |
| `test_kurukshetra_metal.py` | Multi-threaded kernel destruction |
| `test_vritrasura_vacuum.py` | Message hoarding, fake heartbeats |
| `test_hiranyakashipu_paradox.py` | TOCTOU logic vulnerabilities |

---

## The Federation

1 specialized agents form a self-governing federation:
<details>
<summary><b>View all 1 agents</b></summary>

See [AGENTS.md](AGENTS.md) for the complete registry.

</details>

---

## CLI Reference

```bash
# System
steward boot                 # Initialize kernel
steward status               # Health check
steward introspect           # Deep kernel state
steward stop                 # Graceful shutdown

# Unified Execution
steward run <capability>     # Execute any tool/circuit/agent
steward run list             # Discover all capabilities

# Human-in-the-Loop
steward opus:pending         # Pending intents
steward opus:approve <id>    # Approve execution
steward opus:reject <id>     # Reject with reason

# Diagnostics
steward system:doctor        # Health diagnosis
steward agents:list          # Process table
```

---

## Documentation

| Document | Purpose |
|----------|---------|
| [CONSTITUTION.md](CONSTITUTION.md) | The supreme law |
| [OPUS.md](OPUS.md) | Live system dashboard |
| [AGENTS.md](AGENTS.md) | Agent registry |
| [PROMPT.md](PROMPT.md) | Architecture guide for developers |
| [docs/architecture/](docs/architecture/) | Technical deep-dives |

---

## Testing

```bash
steward test:run             # Full test suite
pytest tests/hardening/ -v   # Security/architecture tests
pytest tests/manas/ -v       # Cognitive tests
```
**3800 tests** including red-team attack simulations.
---

## Philosophy

> *"An agent that promises to follow rules is insecure. An agent that cannot violate them is trustworthy."*

STEWARD redefines AGI as **Artificial Governed Intelligence** — autonomous systems with cryptographic accountability and constitutional constraints enforced at the kernel level.

---

<div align="center">

**Built by humans and agents**

*"The filesystem is not storage. It is the operating reality."*

[GitHub](https://github.com/kimeisele/steward-protocol) · [Issues](https://github.com/kimeisele/steward-protocol/issues) · [Constitution](CONSTITUTION.md)

</div>