PyPI - agent_os_kernel - Versions diffs - 3.1.0__py3-none-any.whl - Mend

agent_os_kernel 3.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (337) hide show

agent_control_plane/__init__.py +662 -0
agent_control_plane/a2a_adapter.py +543 -0
agent_control_plane/adapter.py +417 -0
agent_control_plane/agent_hibernation.py +394 -0
agent_control_plane/agent_kernel.py +470 -0
agent_control_plane/compliance.py +720 -0
agent_control_plane/constraint_graphs.py +478 -0
agent_control_plane/control_plane.py +854 -0
agent_control_plane/example_executors.py +195 -0
agent_control_plane/execution_engine.py +231 -0
agent_control_plane/flight_recorder.py +846 -0
agent_control_plane/governance_layer.py +435 -0
agent_control_plane/hf_utils.py +563 -0
agent_control_plane/interfaces/__init__.py +55 -0
agent_control_plane/interfaces/kernel_interface.py +361 -0
agent_control_plane/interfaces/plugin_interface.py +497 -0
agent_control_plane/interfaces/protocol_interfaces.py +387 -0
agent_control_plane/kernel_space.py +1009 -0
agent_control_plane/langchain_adapter.py +424 -0
agent_control_plane/lifecycle.py +3113 -0
agent_control_plane/mcp_adapter.py +653 -0
agent_control_plane/ml_safety.py +563 -0
agent_control_plane/multimodal.py +727 -0
agent_control_plane/mute_agent.py +422 -0
agent_control_plane/observability.py +787 -0
agent_control_plane/orchestrator.py +482 -0
agent_control_plane/plugin_registry.py +750 -0
agent_control_plane/policy_engine.py +954 -0
agent_control_plane/process_isolation.py +777 -0
agent_control_plane/shadow_mode.py +310 -0
agent_control_plane/signals.py +493 -0
agent_control_plane/supervisor_agents.py +430 -0
agent_control_plane/time_travel_debugger.py +557 -0
agent_control_plane/tool_registry.py +452 -0
agent_control_plane/vfs.py +697 -0
agent_kernel/__init__.py +69 -0
agent_kernel/analyzer.py +435 -0
agent_kernel/auditor.py +36 -0
agent_kernel/completeness_auditor.py +237 -0
agent_kernel/detector.py +203 -0
agent_kernel/kernel.py +744 -0
agent_kernel/memory_manager.py +85 -0
agent_kernel/models.py +374 -0
agent_kernel/nudge_mechanism.py +263 -0
agent_kernel/outcome_analyzer.py +338 -0
agent_kernel/patcher.py +582 -0
agent_kernel/semantic_analyzer.py +316 -0
agent_kernel/semantic_purge.py +349 -0
agent_kernel/simulator.py +449 -0
agent_kernel/teacher.py +85 -0
agent_kernel/triage.py +152 -0
agent_os/__init__.py +409 -0
agent_os/_adversarial_impl.py +200 -0
agent_os/_circuit_breaker_impl.py +232 -0
agent_os/_mcp_metrics.py +193 -0
agent_os/adversarial.py +20 -0
agent_os/agents_compat.py +490 -0
agent_os/audit_logger.py +135 -0
agent_os/base_agent.py +651 -0
agent_os/circuit_breaker.py +34 -0
agent_os/cli/__init__.py +659 -0
agent_os/cli/cmd_audit.py +128 -0
agent_os/cli/cmd_init.py +152 -0
agent_os/cli/cmd_policy.py +41 -0
agent_os/cli/cmd_policy_gen.py +180 -0
agent_os/cli/cmd_validate.py +258 -0
agent_os/cli/mcp_scan.py +265 -0
agent_os/cli/output.py +192 -0
agent_os/cli/policy_checker.py +330 -0
agent_os/compat.py +74 -0
agent_os/constraint_graph.py +234 -0
agent_os/content_governance.py +140 -0
agent_os/context_budget.py +305 -0
agent_os/credential_redactor.py +224 -0
agent_os/diff_policy.py +89 -0
agent_os/egress_policy.py +159 -0
agent_os/escalation.py +276 -0
agent_os/event_bus.py +124 -0
agent_os/exceptions.py +180 -0
agent_os/execution_context_policy.py +141 -0
agent_os/github_enterprise.py +96 -0
agent_os/health.py +20 -0
agent_os/integrations/__init__.py +279 -0
agent_os/integrations/a2a_adapter.py +279 -0
agent_os/integrations/agent_lightning/__init__.py +30 -0
agent_os/integrations/anthropic_adapter.py +420 -0
agent_os/integrations/autogen_adapter.py +620 -0
agent_os/integrations/base.py +1137 -0
agent_os/integrations/compat.py +229 -0
agent_os/integrations/config.py +98 -0
agent_os/integrations/conversation_guardian.py +957 -0
agent_os/integrations/crewai_adapter.py +467 -0
agent_os/integrations/drift_detector.py +425 -0
agent_os/integrations/dry_run.py +124 -0
agent_os/integrations/escalation.py +582 -0
agent_os/integrations/gemini_adapter.py +364 -0
agent_os/integrations/google_adk_adapter.py +633 -0
agent_os/integrations/guardrails_adapter.py +394 -0
agent_os/integrations/health.py +197 -0
agent_os/integrations/langchain_adapter.py +654 -0
agent_os/integrations/llamafirewall.py +343 -0
agent_os/integrations/llamaindex_adapter.py +188 -0
agent_os/integrations/logging.py +191 -0
agent_os/integrations/maf_adapter.py +631 -0
agent_os/integrations/mistral_adapter.py +365 -0
agent_os/integrations/openai_adapter.py +816 -0
agent_os/integrations/openai_agents_sdk.py +406 -0
agent_os/integrations/policy_compose.py +171 -0
agent_os/integrations/profiling.py +144 -0
agent_os/integrations/pydantic_ai_adapter.py +420 -0
agent_os/integrations/rate_limiter.py +130 -0
agent_os/integrations/rbac.py +143 -0
agent_os/integrations/registry.py +113 -0
agent_os/integrations/scope_guard.py +303 -0
agent_os/integrations/semantic_kernel_adapter.py +769 -0
agent_os/integrations/smolagents_adapter.py +629 -0
agent_os/integrations/templates.py +178 -0
agent_os/integrations/token_budget.py +134 -0
agent_os/integrations/tool_aliases.py +190 -0
agent_os/integrations/webhooks.py +177 -0
agent_os/lite.py +208 -0
agent_os/mcp_gateway.py +385 -0
agent_os/mcp_message_signer.py +273 -0
agent_os/mcp_protocols.py +161 -0
agent_os/mcp_response_scanner.py +232 -0
agent_os/mcp_security.py +924 -0
agent_os/mcp_session_auth.py +231 -0
agent_os/mcp_sliding_rate_limiter.py +184 -0
agent_os/memory_guard.py +409 -0
agent_os/metrics.py +134 -0
agent_os/mute.py +428 -0
agent_os/mute_agent.py +209 -0
agent_os/policies/__init__.py +77 -0
agent_os/policies/async_evaluator.py +275 -0
agent_os/policies/backends.py +670 -0
agent_os/policies/bridge.py +169 -0
agent_os/policies/budget.py +85 -0
agent_os/policies/cli.py +294 -0
agent_os/policies/conflict_resolution.py +270 -0
agent_os/policies/data_classification.py +252 -0
agent_os/policies/evaluator.py +239 -0
agent_os/policies/policy_schema.json +228 -0
agent_os/policies/rate_limiting.py +145 -0
agent_os/policies/schema.py +115 -0
agent_os/policies/shared.py +331 -0
agent_os/prompt_injection.py +694 -0
agent_os/providers.py +182 -0
agent_os/py.typed +0 -0
agent_os/retry.py +81 -0
agent_os/reversibility.py +251 -0
agent_os/sandbox.py +432 -0
agent_os/sandbox_provider.py +140 -0
agent_os/secure_codegen.py +525 -0
agent_os/security_skills.py +538 -0
agent_os/semantic_policy.py +422 -0
agent_os/server/__init__.py +15 -0
agent_os/server/__main__.py +25 -0
agent_os/server/app.py +277 -0
agent_os/server/models.py +104 -0
agent_os/shift_left_metrics.py +130 -0
agent_os/stateless.py +742 -0
agent_os/supervisor.py +148 -0
agent_os/task_outcome.py +148 -0
agent_os/transparency.py +181 -0
agent_os/trust_root.py +128 -0
agent_os_kernel-3.1.0.dist-info/METADATA +1269 -0
agent_os_kernel-3.1.0.dist-info/RECORD +337 -0
agent_os_kernel-3.1.0.dist-info/WHEEL +4 -0
agent_os_kernel-3.1.0.dist-info/entry_points.txt +2 -0
agent_os_kernel-3.1.0.dist-info/licenses/LICENSE +21 -0
agent_os_observability/__init__.py +27 -0
agent_os_observability/dashboards.py +898 -0
agent_os_observability/metrics.py +398 -0
agent_os_observability/server.py +223 -0
agent_os_observability/tracer.py +232 -0
agent_primitives/__init__.py +24 -0
agent_primitives/failures.py +84 -0
agent_primitives/py.typed +0 -0
amb_core/__init__.py +177 -0
amb_core/adapters/__init__.py +57 -0
amb_core/adapters/aws_sqs_broker.py +376 -0
amb_core/adapters/azure_servicebus_broker.py +340 -0
amb_core/adapters/kafka_broker.py +260 -0
amb_core/adapters/nats_broker.py +285 -0
amb_core/adapters/rabbitmq_broker.py +235 -0
amb_core/adapters/redis_broker.py +262 -0
amb_core/broker.py +145 -0
amb_core/bus.py +481 -0
amb_core/cloudevents.py +509 -0
amb_core/dlq.py +345 -0
amb_core/hf_utils.py +536 -0
amb_core/memory_broker.py +410 -0
amb_core/models.py +141 -0
amb_core/persistence.py +529 -0
amb_core/schema.py +294 -0
amb_core/tracing.py +358 -0
atr/__init__.py +640 -0
atr/access.py +348 -0
atr/composition.py +645 -0
atr/decorator.py +357 -0
atr/executor.py +384 -0
atr/health.py +557 -0
atr/hf_utils.py +449 -0
atr/injection.py +422 -0
atr/metrics.py +440 -0
atr/policies.py +403 -0
atr/py.typed +2 -0
atr/registry.py +452 -0
atr/schema.py +480 -0
atr/tools/safe/__init__.py +75 -0
atr/tools/safe/calculator.py +467 -0
atr/tools/safe/datetime_tool.py +443 -0
atr/tools/safe/file_reader.py +402 -0
atr/tools/safe/http_client.py +316 -0
atr/tools/safe/json_parser.py +374 -0
atr/tools/safe/text_tool.py +537 -0
atr/tools/safe/toolkit.py +175 -0
caas/__init__.py +162 -0
caas/api/__init__.py +7 -0
caas/api/server.py +1328 -0
caas/caching.py +834 -0
caas/cli.py +210 -0
caas/conversation.py +223 -0
caas/decay.py +72 -0
caas/detection/__init__.py +9 -0
caas/detection/detector.py +238 -0
caas/enrichment.py +130 -0
caas/gateway/__init__.py +27 -0
caas/gateway/trust_gateway.py +474 -0
caas/hf_utils.py +479 -0
caas/ingestion/__init__.py +23 -0
caas/ingestion/processors.py +253 -0
caas/ingestion/structure_parser.py +188 -0
caas/models.py +356 -0
caas/pragmatic_truth.py +444 -0
caas/routing/__init__.py +10 -0
caas/routing/heuristic_router.py +58 -0
caas/storage/__init__.py +9 -0
caas/storage/store.py +389 -0
caas/triad.py +213 -0
caas/tuning/__init__.py +9 -0
caas/tuning/tuner.py +329 -0
caas/vfs/__init__.py +14 -0
caas/vfs/filesystem.py +452 -0
cmvk/__init__.py +218 -0
cmvk/audit.py +402 -0
cmvk/benchmarks.py +478 -0
cmvk/constitutional.py +904 -0
cmvk/hf_utils.py +301 -0
cmvk/metrics.py +473 -0
cmvk/profiles.py +300 -0
cmvk/py.typed +0 -0
cmvk/types.py +12 -0
cmvk/verification.py +956 -0
emk/__init__.py +89 -0
emk/causal.py +352 -0
emk/hf_utils.py +421 -0
emk/indexer.py +83 -0
emk/py.typed +0 -0
emk/schema.py +204 -0
emk/sleep_cycle.py +347 -0
emk/store.py +281 -0
iatp/__init__.py +166 -0
iatp/attestation.py +461 -0
iatp/cli.py +317 -0
iatp/hf_utils.py +472 -0
iatp/ipc_pipes.py +580 -0
iatp/main.py +412 -0
iatp/models/__init__.py +447 -0
iatp/policy_engine.py +337 -0
iatp/py.typed +2 -0
iatp/recovery.py +321 -0
iatp/security/__init__.py +270 -0
iatp/sidecar/__init__.py +519 -0
iatp/telemetry/__init__.py +164 -0
iatp/tests/__init__.py +1 -0
iatp/tests/test_attestation.py +370 -0
iatp/tests/test_cli.py +131 -0
iatp/tests/test_ed25519_attestation.py +211 -0
iatp/tests/test_models.py +130 -0
iatp/tests/test_policy_engine.py +347 -0
iatp/tests/test_recovery.py +281 -0
iatp/tests/test_security.py +222 -0
iatp/tests/test_sidecar.py +167 -0
iatp/tests/test_telemetry.py +175 -0
mcp_kernel_server/__init__.py +28 -0
mcp_kernel_server/cli.py +274 -0
mcp_kernel_server/resources.py +217 -0
mcp_kernel_server/server.py +564 -0
mcp_kernel_server/tools.py +1174 -0
mute_agent/__init__.py +68 -0
mute_agent/core/__init__.py +1 -0
mute_agent/core/execution_agent.py +166 -0
mute_agent/core/handshake_protocol.py +201 -0
mute_agent/core/reasoning_agent.py +238 -0
mute_agent/knowledge_graph/__init__.py +1 -0
mute_agent/knowledge_graph/graph_elements.py +65 -0
mute_agent/knowledge_graph/multidimensional_graph.py +170 -0
mute_agent/knowledge_graph/subgraph.py +224 -0
mute_agent/listener/__init__.py +43 -0
mute_agent/listener/adapters/__init__.py +31 -0
mute_agent/listener/adapters/base_adapter.py +189 -0
mute_agent/listener/adapters/caas_adapter.py +344 -0
mute_agent/listener/adapters/control_plane_adapter.py +436 -0
mute_agent/listener/adapters/iatp_adapter.py +332 -0
mute_agent/listener/adapters/scak_adapter.py +251 -0
mute_agent/listener/listener.py +610 -0
mute_agent/listener/state_observer.py +436 -0
mute_agent/listener/threshold_config.py +313 -0
mute_agent/super_system/__init__.py +1 -0
mute_agent/super_system/router.py +204 -0
mute_agent/visualization/__init__.py +10 -0
mute_agent/visualization/graph_debugger.py +502 -0
nexus/README.md +60 -0
nexus/__init__.py +51 -0
nexus/arbiter.py +359 -0
nexus/client.py +466 -0
nexus/dmz.py +444 -0
nexus/escrow.py +430 -0
nexus/exceptions.py +286 -0
nexus/pyproject.toml +36 -0
nexus/registry.py +393 -0
nexus/reputation.py +425 -0
nexus/schemas/__init__.py +51 -0
nexus/schemas/compliance.py +276 -0
nexus/schemas/escrow.py +251 -0
nexus/schemas/manifest.py +225 -0
nexus/schemas/receipt.py +208 -0
nexus/tests/__init__.py +0 -0
nexus/tests/conftest.py +146 -0
nexus/tests/test_arbiter.py +192 -0
nexus/tests/test_dmz.py +194 -0
nexus/tests/test_escrow.py +276 -0
nexus/tests/test_exceptions.py +225 -0
nexus/tests/test_registry.py +232 -0
nexus/tests/test_reputation.py +328 -0
nexus/tests/test_schemas.py +295 -0

nexus/dmz.py ADDED Viewed

@@ -0,0 +1,444 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+"""
+DMZ Protocol
+Extension of IATP for secure data handoff between agents.
+Implements the REQUEST_ESCROW verb and data handling policies.
+"""
+from datetime import datetime, timedelta, timezone
+from typing import Optional, Literal
+from pydantic import BaseModel, Field
+import hashlib
+import uuid
+from dataclasses import dataclass, field
+class DataHandlingPolicy(BaseModel):
+    """
+    Policy that receiving agent must sign before getting decryption key.
+    Ensures data handling compliance between agents.
+    """
+    policy_id: str = Field(
+        default_factory=lambda: f"policy_{uuid.uuid4().hex[:12]}"
+    )
+    # Retention
+    max_retention_seconds: int = Field(
+        default=3600,
+        ge=0,
+        le=2592000,  # 30 days max
+        description="Maximum time to retain data (0 = process and delete)"
+    )
+    # Permissions
+    allow_persistence: bool = Field(
+        default=False,
+        description="Whether data can be persisted to storage"
+    )
+    allow_training: bool = Field(
+        default=False,
+        description="Whether data can be used for model training"
+    )
+    allow_forwarding: bool = Field(
+        default=False,
+        description="Whether data can be forwarded to other agents"
+    )
+    allow_logging: bool = Field(
+        default=True,
+        description="Whether metadata can be logged (not content)"
+    )
+    # Audit
+    audit_required: bool = Field(
+        default=True,
+        description="Whether all data access must be audited"
+    )
+    # Encryption
+    require_encryption_at_rest: bool = Field(
+        default=True,
+        description="Whether data must be encrypted when stored"
+    )
+    def compute_hash(self) -> str:
+        """Compute deterministic policy hash."""
+        data = self.model_dump(exclude={"policy_id"})
+        import json
+        canonical = json.dumps(data, sort_keys=True)
+        return hashlib.sha256(canonical.encode()).hexdigest()
+class DMZRequest(BaseModel):
+    """Request to share data through the secure DMZ."""
+    verb: Literal["REQUEST_ESCROW"] = "REQUEST_ESCROW"
+    request_id: str = Field(
+        default_factory=lambda: f"dmz_{uuid.uuid4().hex[:16]}"
+    )
+    # Parties
+    sender_did: str
+    receiver_did: str
+    # Data (only hash, not actual content)
+    data_hash: str = Field(
+        ...,
+        description="SHA-256 hash of the actual data"
+    )
+    data_size_bytes: int = Field(
+        ...,
+        ge=0,
+        description="Size of the data in bytes"
+    )
+    data_classification: Literal["public", "internal", "confidential", "pii"] = Field(
+        default="internal",
+        description="Classification level of the data"
+    )
+    # Policy
+    required_policy: DataHandlingPolicy
+    # Encryption
+    encrypted_data_location: Optional[str] = Field(
+        default=None,
+        description="URL/URI where encrypted data is stored"
+    )
+    encryption_algorithm: str = Field(
+        default="AES-256-GCM",
+        description="Encryption algorithm used"
+    )
+    # Timestamps
+    created_at: datetime = Field(default_factory=datetime.utcnow)
+    expires_at: Optional[datetime] = Field(
+        default=None,
+        description="When this request expires"
+    )
+@dataclass
+class SignedPolicy:
+    """A policy that has been signed by the receiving agent."""
+    policy: DataHandlingPolicy
+    policy_hash: str
+    # Signer
+    signer_did: str
+    signed_at: datetime = field(default_factory=datetime.utcnow)
+    # Signature
+    signature: str = ""
+    # Verification
+    verified: bool = False
+    verified_at: Optional[datetime] = None
+@dataclass
+class DMZTransfer:
+    """Record of a DMZ data transfer."""
+    transfer_id: str
+    request: DMZRequest
+    # Policy signing
+    policy_signed: bool = False
+    signed_policy: Optional[SignedPolicy] = None
+    # Key release
+    key_released: bool = False
+    key_released_at: Optional[datetime] = None
+    # Data access
+    data_accessed: bool = False
+    data_accessed_at: Optional[datetime] = None
+    # Completion
+    completed: bool = False
+    completed_at: Optional[datetime] = None
+    # Audit
+    audit_trail: list[dict] = field(default_factory=list)
+class DMZProtocol:
+    """
+    Implements the DMZ (Demilitarized Zone) protocol for secure data sharing.
+    Flow:
+    1. Agent A sends REQUEST_ESCROW with data hash to Nexus
+    2. Nexus holds the encrypted data reference
+    3. Agent B signs the DataHandlingPolicy
+    4. Nexus releases decryption key to Agent B
+    5. All operations are logged for compliance
+    """
+    def __init__(self):
+        # Storage
+        self._transfers: dict[str, DMZTransfer] = {}
+        self._signed_policies: dict[str, SignedPolicy] = {}
+        self._encryption_keys: dict[str, bytes] = {}  # transfer_id -> key
+    async def initiate_transfer(
+        self,
+        sender_did: str,
+        receiver_did: str,
+        data: bytes,
+        classification: Literal["public", "internal", "confidential", "pii"],
+        policy: DataHandlingPolicy,
+        expiry_hours: int = 24,
+    ) -> DMZRequest:
+        """
+        Initiate a secure data transfer through DMZ.
+        Args:
+            sender_did: DID of sending agent
+            receiver_did: DID of receiving agent
+            data: The actual data to transfer (will be encrypted)
+            classification: Data classification level
+            policy: Required data handling policy
+            expiry_hours: Hours until request expires
+        """
+        # Compute data hash
+        data_hash = hashlib.sha256(data).hexdigest()
+        # Generate encryption key
+        import secrets
+        encryption_key = secrets.token_bytes(32)  # AES-256
+        # Encrypt data (placeholder - would use proper encryption)
+        encrypted_data = self._encrypt_data(data, encryption_key)
+        # Create request
+        request = DMZRequest(
+            sender_did=sender_did,
+            receiver_did=receiver_did,
+            data_hash=data_hash,
+            data_size_bytes=len(data),
+            data_classification=classification,
+            required_policy=policy,
+            expires_at=datetime.now(timezone.utc) + timedelta(hours=expiry_hours),
+        )
+        # Create transfer record
+        transfer = DMZTransfer(
+            transfer_id=request.request_id,
+            request=request,
+        )
+        # Store
+        self._transfers[request.request_id] = transfer
+        self._encryption_keys[request.request_id] = encryption_key
+        # Add audit entry
+        transfer.audit_trail.append({
+            "event": "transfer_initiated",
+            "timestamp": datetime.now(timezone.utc).isoformat(),
+            "sender": sender_did,
+            "receiver": receiver_did,
+            "data_hash": data_hash,
+        })
+        return request
+    async def sign_policy(
+        self,
+        transfer_id: str,
+        signer_did: str,
+        signature: str,
+    ) -> SignedPolicy:
+        """
+        Sign a data handling policy to receive access.
+        The receiving agent must sign the policy before getting
+        the decryption key.
+        """
+        if transfer_id not in self._transfers:
+            raise ValueError(f"Transfer not found: {transfer_id}")
+        transfer = self._transfers[transfer_id]
+        request = transfer.request
+        # Verify signer is the intended receiver
+        if signer_did != request.receiver_did:
+            raise ValueError("Only intended receiver can sign policy")
+        # Verify transfer hasn't expired
+        if request.expires_at and datetime.now(timezone.utc) > request.expires_at:
+            raise ValueError("Transfer has expired")
+        # Create signed policy
+        signed = SignedPolicy(
+            policy=request.required_policy,
+            policy_hash=request.required_policy.compute_hash(),
+            signer_did=signer_did,
+            signature=signature,
+            verified=True,  # Would verify signature in production
+            verified_at=datetime.now(timezone.utc),
+        )
+        # Update transfer
+        transfer.policy_signed = True
+        transfer.signed_policy = signed
+        # Add audit entry
+        transfer.audit_trail.append({
+            "event": "policy_signed",
+            "timestamp": datetime.now(timezone.utc).isoformat(),
+            "signer": signer_did,
+            "policy_hash": signed.policy_hash,
+        })
+        # Store signed policy
+        self._signed_policies[f"{transfer_id}:{signer_did}"] = signed
+        return signed
+    async def release_key(
+        self,
+        transfer_id: str,
+        requester_did: str,
+    ) -> bytes:
+        """
+        Release decryption key after policy is signed.
+        Only releases key if:
+        1. Requester is the intended receiver
+        2. Policy has been signed
+        3. Transfer hasn't expired
+        """
+        if transfer_id not in self._transfers:
+            raise ValueError(f"Transfer not found: {transfer_id}")
+        transfer = self._transfers[transfer_id]
+        request = transfer.request
+        # Verify requester
+        if requester_did != request.receiver_did:
+            raise ValueError("Only intended receiver can get key")
+        # Verify policy signed
+        if not transfer.policy_signed:
+            raise ValueError("Policy must be signed before key release")
+        # Verify not expired
+        if request.expires_at and datetime.now(timezone.utc) > request.expires_at:
+            raise ValueError("Transfer has expired")
+        # Get key
+        if transfer_id not in self._encryption_keys:
+            raise ValueError("Encryption key not found")
+        key = self._encryption_keys[transfer_id]
+        # Update transfer
+        transfer.key_released = True
+        transfer.key_released_at = datetime.now(timezone.utc)
+        # Add audit entry
+        transfer.audit_trail.append({
+            "event": "key_released",
+            "timestamp": datetime.now(timezone.utc).isoformat(),
+            "recipient": requester_did,
+        })
+        return key
+    async def record_data_access(
+        self,
+        transfer_id: str,
+        accessor_did: str,
+    ) -> None:
+        """Record that data was accessed (for audit)."""
+        if transfer_id not in self._transfers:
+            raise ValueError(f"Transfer not found: {transfer_id}")
+        transfer = self._transfers[transfer_id]
+        transfer.data_accessed = True
+        transfer.data_accessed_at = datetime.now(timezone.utc)
+        transfer.audit_trail.append({
+            "event": "data_accessed",
+            "timestamp": datetime.now(timezone.utc).isoformat(),
+            "accessor": accessor_did,
+        })
+    async def complete_transfer(
+        self,
+        transfer_id: str,
+    ) -> DMZTransfer:
+        """Mark transfer as complete."""
+        if transfer_id not in self._transfers:
+            raise ValueError(f"Transfer not found: {transfer_id}")
+        transfer = self._transfers[transfer_id]
+        transfer.completed = True
+        transfer.completed_at = datetime.now(timezone.utc)
+        transfer.audit_trail.append({
+            "event": "transfer_completed",
+            "timestamp": datetime.now(timezone.utc).isoformat(),
+        })
+        # Clean up key (data should be deleted per policy)
+        if transfer_id in self._encryption_keys:
+            del self._encryption_keys[transfer_id]
+        return transfer
+    def get_transfer(self, transfer_id: str) -> DMZTransfer:
+        """Get transfer by ID."""
+        if transfer_id not in self._transfers:
+            raise ValueError(f"Transfer not found: {transfer_id}")
+        return self._transfers[transfer_id]
+    def get_audit_trail(self, transfer_id: str) -> list[dict]:
+        """Get audit trail for a transfer."""
+        transfer = self.get_transfer(transfer_id)
+        return transfer.audit_trail
+    def has_signed_policy(self, transfer_id: str, agent_did: str) -> bool:
+        """Check if agent has signed policy for a transfer."""
+        key = f"{transfer_id}:{agent_did}"
+        return key in self._signed_policies
+    def _encrypt_data(self, data: bytes, key: bytes) -> bytes:
+        """Encrypt data with AES-256-GCM.
+        Requires the ``cryptography`` package (``pip install cryptography``).
+        Falls back to a clearly-marked no-op if not installed.
+        """
+        try:
+            from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+        except ImportError:
+            raise ImportError(
+                "DMZ encryption requires the 'cryptography' package. "
+                "Install with: pip install cryptography"
+            )
+        # Derive a 256-bit key via SHA-256 to ensure correct length
+        derived = hashlib.sha256(key).digest()
+        nonce = hashlib.sha256(data[:16] + key).digest()[:12]  # 96-bit nonce
+        aesgcm = AESGCM(derived)
+        return nonce + aesgcm.encrypt(nonce, data, None)
+    def _decrypt_data(self, encrypted: bytes, key: bytes) -> bytes:
+        """Decrypt data encrypted with AES-256-GCM."""
+        try:
+            from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+        except ImportError:
+            raise ImportError(
+                "DMZ decryption requires the 'cryptography' package. "
+                "Install with: pip install cryptography"
+            )
+        derived = hashlib.sha256(key).digest()
+        nonce = encrypted[:12]
+        ciphertext = encrypted[12:]
+        aesgcm = AESGCM(derived)
+        return aesgcm.decrypt(nonce, ciphertext, None)