PyPI - agent_os_kernel - Versions diffs - 3.1.0__py3-none-any.whl - Mend

agent_os_kernel 3.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (337) hide show

agent_control_plane/__init__.py +662 -0
agent_control_plane/a2a_adapter.py +543 -0
agent_control_plane/adapter.py +417 -0
agent_control_plane/agent_hibernation.py +394 -0
agent_control_plane/agent_kernel.py +470 -0
agent_control_plane/compliance.py +720 -0
agent_control_plane/constraint_graphs.py +478 -0
agent_control_plane/control_plane.py +854 -0
agent_control_plane/example_executors.py +195 -0
agent_control_plane/execution_engine.py +231 -0
agent_control_plane/flight_recorder.py +846 -0
agent_control_plane/governance_layer.py +435 -0
agent_control_plane/hf_utils.py +563 -0
agent_control_plane/interfaces/__init__.py +55 -0
agent_control_plane/interfaces/kernel_interface.py +361 -0
agent_control_plane/interfaces/plugin_interface.py +497 -0
agent_control_plane/interfaces/protocol_interfaces.py +387 -0
agent_control_plane/kernel_space.py +1009 -0
agent_control_plane/langchain_adapter.py +424 -0
agent_control_plane/lifecycle.py +3113 -0
agent_control_plane/mcp_adapter.py +653 -0
agent_control_plane/ml_safety.py +563 -0
agent_control_plane/multimodal.py +727 -0
agent_control_plane/mute_agent.py +422 -0
agent_control_plane/observability.py +787 -0
agent_control_plane/orchestrator.py +482 -0
agent_control_plane/plugin_registry.py +750 -0
agent_control_plane/policy_engine.py +954 -0
agent_control_plane/process_isolation.py +777 -0
agent_control_plane/shadow_mode.py +310 -0
agent_control_plane/signals.py +493 -0
agent_control_plane/supervisor_agents.py +430 -0
agent_control_plane/time_travel_debugger.py +557 -0
agent_control_plane/tool_registry.py +452 -0
agent_control_plane/vfs.py +697 -0
agent_kernel/__init__.py +69 -0
agent_kernel/analyzer.py +435 -0
agent_kernel/auditor.py +36 -0
agent_kernel/completeness_auditor.py +237 -0
agent_kernel/detector.py +203 -0
agent_kernel/kernel.py +744 -0
agent_kernel/memory_manager.py +85 -0
agent_kernel/models.py +374 -0
agent_kernel/nudge_mechanism.py +263 -0
agent_kernel/outcome_analyzer.py +338 -0
agent_kernel/patcher.py +582 -0
agent_kernel/semantic_analyzer.py +316 -0
agent_kernel/semantic_purge.py +349 -0
agent_kernel/simulator.py +449 -0
agent_kernel/teacher.py +85 -0
agent_kernel/triage.py +152 -0
agent_os/__init__.py +409 -0
agent_os/_adversarial_impl.py +200 -0
agent_os/_circuit_breaker_impl.py +232 -0
agent_os/_mcp_metrics.py +193 -0
agent_os/adversarial.py +20 -0
agent_os/agents_compat.py +490 -0
agent_os/audit_logger.py +135 -0
agent_os/base_agent.py +651 -0
agent_os/circuit_breaker.py +34 -0
agent_os/cli/__init__.py +659 -0
agent_os/cli/cmd_audit.py +128 -0
agent_os/cli/cmd_init.py +152 -0
agent_os/cli/cmd_policy.py +41 -0
agent_os/cli/cmd_policy_gen.py +180 -0
agent_os/cli/cmd_validate.py +258 -0
agent_os/cli/mcp_scan.py +265 -0
agent_os/cli/output.py +192 -0
agent_os/cli/policy_checker.py +330 -0
agent_os/compat.py +74 -0
agent_os/constraint_graph.py +234 -0
agent_os/content_governance.py +140 -0
agent_os/context_budget.py +305 -0
agent_os/credential_redactor.py +224 -0
agent_os/diff_policy.py +89 -0
agent_os/egress_policy.py +159 -0
agent_os/escalation.py +276 -0
agent_os/event_bus.py +124 -0
agent_os/exceptions.py +180 -0
agent_os/execution_context_policy.py +141 -0
agent_os/github_enterprise.py +96 -0
agent_os/health.py +20 -0
agent_os/integrations/__init__.py +279 -0
agent_os/integrations/a2a_adapter.py +279 -0
agent_os/integrations/agent_lightning/__init__.py +30 -0
agent_os/integrations/anthropic_adapter.py +420 -0
agent_os/integrations/autogen_adapter.py +620 -0
agent_os/integrations/base.py +1137 -0
agent_os/integrations/compat.py +229 -0
agent_os/integrations/config.py +98 -0
agent_os/integrations/conversation_guardian.py +957 -0
agent_os/integrations/crewai_adapter.py +467 -0
agent_os/integrations/drift_detector.py +425 -0
agent_os/integrations/dry_run.py +124 -0
agent_os/integrations/escalation.py +582 -0
agent_os/integrations/gemini_adapter.py +364 -0
agent_os/integrations/google_adk_adapter.py +633 -0
agent_os/integrations/guardrails_adapter.py +394 -0
agent_os/integrations/health.py +197 -0
agent_os/integrations/langchain_adapter.py +654 -0
agent_os/integrations/llamafirewall.py +343 -0
agent_os/integrations/llamaindex_adapter.py +188 -0
agent_os/integrations/logging.py +191 -0
agent_os/integrations/maf_adapter.py +631 -0
agent_os/integrations/mistral_adapter.py +365 -0
agent_os/integrations/openai_adapter.py +816 -0
agent_os/integrations/openai_agents_sdk.py +406 -0
agent_os/integrations/policy_compose.py +171 -0
agent_os/integrations/profiling.py +144 -0
agent_os/integrations/pydantic_ai_adapter.py +420 -0
agent_os/integrations/rate_limiter.py +130 -0
agent_os/integrations/rbac.py +143 -0
agent_os/integrations/registry.py +113 -0
agent_os/integrations/scope_guard.py +303 -0
agent_os/integrations/semantic_kernel_adapter.py +769 -0
agent_os/integrations/smolagents_adapter.py +629 -0
agent_os/integrations/templates.py +178 -0
agent_os/integrations/token_budget.py +134 -0
agent_os/integrations/tool_aliases.py +190 -0
agent_os/integrations/webhooks.py +177 -0
agent_os/lite.py +208 -0
agent_os/mcp_gateway.py +385 -0
agent_os/mcp_message_signer.py +273 -0
agent_os/mcp_protocols.py +161 -0
agent_os/mcp_response_scanner.py +232 -0
agent_os/mcp_security.py +924 -0
agent_os/mcp_session_auth.py +231 -0
agent_os/mcp_sliding_rate_limiter.py +184 -0
agent_os/memory_guard.py +409 -0
agent_os/metrics.py +134 -0
agent_os/mute.py +428 -0
agent_os/mute_agent.py +209 -0
agent_os/policies/__init__.py +77 -0
agent_os/policies/async_evaluator.py +275 -0
agent_os/policies/backends.py +670 -0
agent_os/policies/bridge.py +169 -0
agent_os/policies/budget.py +85 -0
agent_os/policies/cli.py +294 -0
agent_os/policies/conflict_resolution.py +270 -0
agent_os/policies/data_classification.py +252 -0
agent_os/policies/evaluator.py +239 -0
agent_os/policies/policy_schema.json +228 -0
agent_os/policies/rate_limiting.py +145 -0
agent_os/policies/schema.py +115 -0
agent_os/policies/shared.py +331 -0
agent_os/prompt_injection.py +694 -0
agent_os/providers.py +182 -0
agent_os/py.typed +0 -0
agent_os/retry.py +81 -0
agent_os/reversibility.py +251 -0
agent_os/sandbox.py +432 -0
agent_os/sandbox_provider.py +140 -0
agent_os/secure_codegen.py +525 -0
agent_os/security_skills.py +538 -0
agent_os/semantic_policy.py +422 -0
agent_os/server/__init__.py +15 -0
agent_os/server/__main__.py +25 -0
agent_os/server/app.py +277 -0
agent_os/server/models.py +104 -0
agent_os/shift_left_metrics.py +130 -0
agent_os/stateless.py +742 -0
agent_os/supervisor.py +148 -0
agent_os/task_outcome.py +148 -0
agent_os/transparency.py +181 -0
agent_os/trust_root.py +128 -0
agent_os_kernel-3.1.0.dist-info/METADATA +1269 -0
agent_os_kernel-3.1.0.dist-info/RECORD +337 -0
agent_os_kernel-3.1.0.dist-info/WHEEL +4 -0
agent_os_kernel-3.1.0.dist-info/entry_points.txt +2 -0
agent_os_kernel-3.1.0.dist-info/licenses/LICENSE +21 -0
agent_os_observability/__init__.py +27 -0
agent_os_observability/dashboards.py +898 -0
agent_os_observability/metrics.py +398 -0
agent_os_observability/server.py +223 -0
agent_os_observability/tracer.py +232 -0
agent_primitives/__init__.py +24 -0
agent_primitives/failures.py +84 -0
agent_primitives/py.typed +0 -0
amb_core/__init__.py +177 -0
amb_core/adapters/__init__.py +57 -0
amb_core/adapters/aws_sqs_broker.py +376 -0
amb_core/adapters/azure_servicebus_broker.py +340 -0
amb_core/adapters/kafka_broker.py +260 -0
amb_core/adapters/nats_broker.py +285 -0
amb_core/adapters/rabbitmq_broker.py +235 -0
amb_core/adapters/redis_broker.py +262 -0
amb_core/broker.py +145 -0
amb_core/bus.py +481 -0
amb_core/cloudevents.py +509 -0
amb_core/dlq.py +345 -0
amb_core/hf_utils.py +536 -0
amb_core/memory_broker.py +410 -0
amb_core/models.py +141 -0
amb_core/persistence.py +529 -0
amb_core/schema.py +294 -0
amb_core/tracing.py +358 -0
atr/__init__.py +640 -0
atr/access.py +348 -0
atr/composition.py +645 -0
atr/decorator.py +357 -0
atr/executor.py +384 -0
atr/health.py +557 -0
atr/hf_utils.py +449 -0
atr/injection.py +422 -0
atr/metrics.py +440 -0
atr/policies.py +403 -0
atr/py.typed +2 -0
atr/registry.py +452 -0
atr/schema.py +480 -0
atr/tools/safe/__init__.py +75 -0
atr/tools/safe/calculator.py +467 -0
atr/tools/safe/datetime_tool.py +443 -0
atr/tools/safe/file_reader.py +402 -0
atr/tools/safe/http_client.py +316 -0
atr/tools/safe/json_parser.py +374 -0
atr/tools/safe/text_tool.py +537 -0
atr/tools/safe/toolkit.py +175 -0
caas/__init__.py +162 -0
caas/api/__init__.py +7 -0
caas/api/server.py +1328 -0
caas/caching.py +834 -0
caas/cli.py +210 -0
caas/conversation.py +223 -0
caas/decay.py +72 -0
caas/detection/__init__.py +9 -0
caas/detection/detector.py +238 -0
caas/enrichment.py +130 -0
caas/gateway/__init__.py +27 -0
caas/gateway/trust_gateway.py +474 -0
caas/hf_utils.py +479 -0
caas/ingestion/__init__.py +23 -0
caas/ingestion/processors.py +253 -0
caas/ingestion/structure_parser.py +188 -0
caas/models.py +356 -0
caas/pragmatic_truth.py +444 -0
caas/routing/__init__.py +10 -0
caas/routing/heuristic_router.py +58 -0
caas/storage/__init__.py +9 -0
caas/storage/store.py +389 -0
caas/triad.py +213 -0
caas/tuning/__init__.py +9 -0
caas/tuning/tuner.py +329 -0
caas/vfs/__init__.py +14 -0
caas/vfs/filesystem.py +452 -0
cmvk/__init__.py +218 -0
cmvk/audit.py +402 -0
cmvk/benchmarks.py +478 -0
cmvk/constitutional.py +904 -0
cmvk/hf_utils.py +301 -0
cmvk/metrics.py +473 -0
cmvk/profiles.py +300 -0
cmvk/py.typed +0 -0
cmvk/types.py +12 -0
cmvk/verification.py +956 -0
emk/__init__.py +89 -0
emk/causal.py +352 -0
emk/hf_utils.py +421 -0
emk/indexer.py +83 -0
emk/py.typed +0 -0
emk/schema.py +204 -0
emk/sleep_cycle.py +347 -0
emk/store.py +281 -0
iatp/__init__.py +166 -0
iatp/attestation.py +461 -0
iatp/cli.py +317 -0
iatp/hf_utils.py +472 -0
iatp/ipc_pipes.py +580 -0
iatp/main.py +412 -0
iatp/models/__init__.py +447 -0
iatp/policy_engine.py +337 -0
iatp/py.typed +2 -0
iatp/recovery.py +321 -0
iatp/security/__init__.py +270 -0
iatp/sidecar/__init__.py +519 -0
iatp/telemetry/__init__.py +164 -0
iatp/tests/__init__.py +1 -0
iatp/tests/test_attestation.py +370 -0
iatp/tests/test_cli.py +131 -0
iatp/tests/test_ed25519_attestation.py +211 -0
iatp/tests/test_models.py +130 -0
iatp/tests/test_policy_engine.py +347 -0
iatp/tests/test_recovery.py +281 -0
iatp/tests/test_security.py +222 -0
iatp/tests/test_sidecar.py +167 -0
iatp/tests/test_telemetry.py +175 -0
mcp_kernel_server/__init__.py +28 -0
mcp_kernel_server/cli.py +274 -0
mcp_kernel_server/resources.py +217 -0
mcp_kernel_server/server.py +564 -0
mcp_kernel_server/tools.py +1174 -0
mute_agent/__init__.py +68 -0
mute_agent/core/__init__.py +1 -0
mute_agent/core/execution_agent.py +166 -0
mute_agent/core/handshake_protocol.py +201 -0
mute_agent/core/reasoning_agent.py +238 -0
mute_agent/knowledge_graph/__init__.py +1 -0
mute_agent/knowledge_graph/graph_elements.py +65 -0
mute_agent/knowledge_graph/multidimensional_graph.py +170 -0
mute_agent/knowledge_graph/subgraph.py +224 -0
mute_agent/listener/__init__.py +43 -0
mute_agent/listener/adapters/__init__.py +31 -0
mute_agent/listener/adapters/base_adapter.py +189 -0
mute_agent/listener/adapters/caas_adapter.py +344 -0
mute_agent/listener/adapters/control_plane_adapter.py +436 -0
mute_agent/listener/adapters/iatp_adapter.py +332 -0
mute_agent/listener/adapters/scak_adapter.py +251 -0
mute_agent/listener/listener.py +610 -0
mute_agent/listener/state_observer.py +436 -0
mute_agent/listener/threshold_config.py +313 -0
mute_agent/super_system/__init__.py +1 -0
mute_agent/super_system/router.py +204 -0
mute_agent/visualization/__init__.py +10 -0
mute_agent/visualization/graph_debugger.py +502 -0
nexus/README.md +60 -0
nexus/__init__.py +51 -0
nexus/arbiter.py +359 -0
nexus/client.py +466 -0
nexus/dmz.py +444 -0
nexus/escrow.py +430 -0
nexus/exceptions.py +286 -0
nexus/pyproject.toml +36 -0
nexus/registry.py +393 -0
nexus/reputation.py +425 -0
nexus/schemas/__init__.py +51 -0
nexus/schemas/compliance.py +276 -0
nexus/schemas/escrow.py +251 -0
nexus/schemas/manifest.py +225 -0
nexus/schemas/receipt.py +208 -0
nexus/tests/__init__.py +0 -0
nexus/tests/conftest.py +146 -0
nexus/tests/test_arbiter.py +192 -0
nexus/tests/test_dmz.py +194 -0
nexus/tests/test_escrow.py +276 -0
nexus/tests/test_exceptions.py +225 -0
nexus/tests/test_registry.py +232 -0
nexus/tests/test_reputation.py +328 -0
nexus/tests/test_schemas.py +295 -0

agent_os/integrations/llamafirewall.py ADDED Viewed

@@ -0,0 +1,343 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+"""LlamaFirewall integration adapter — chain Meta's LlamaFirewall with Agent OS for defense-in-depth."""
+from __future__ import annotations
+import logging
+from dataclasses import dataclass, field
+from enum import Enum
+from typing import Any
+from agent_os.prompt_injection import (
+    DetectionConfig,
+    DetectionResult,
+    PromptInjectionDetector,
+    ThreatLevel,
+)
+logger = logging.getLogger(__name__)
+# ---------------------------------------------------------------------------
+# Enums
+# ---------------------------------------------------------------------------
+class FirewallMode(Enum):
+    """Operating mode for the combined firewall."""
+    LLAMAFIREWALL_ONLY = "llamafirewall_only"
+    AGENT_OS_ONLY = "agent_os_only"
+    CHAIN_BOTH = "chain_both"
+    VOTE_MAJORITY = "vote_majority"
+class FirewallVerdict(Enum):
+    """Unified verdict across scanners."""
+    SAFE = "safe"
+    SUSPICIOUS = "suspicious"
+    BLOCKED = "blocked"
+    ERROR = "error"
+# ---------------------------------------------------------------------------
+# Result dataclass
+# ---------------------------------------------------------------------------
+@dataclass
+class FirewallResult:
+    """Combined result from LlamaFirewall and/or Agent OS scanning."""
+    verdict: FirewallVerdict
+    source: str  # "llamafirewall", "agent_os", "combined"
+    score: float  # 0.0 (safe) to 1.0 (blocked)
+    details: dict[str, Any] = field(default_factory=dict)
+    prompt_guard_result: dict[str, Any] | None = None
+    alignment_check_result: dict[str, Any] | None = None
+    code_shield_result: dict[str, Any] | None = None
+    agent_os_result: DetectionResult | None = None
+# ---------------------------------------------------------------------------
+# LlamaFirewallAdapter
+# ---------------------------------------------------------------------------
+class LlamaFirewallAdapter:
+    """Adapter that chains Meta's LlamaFirewall with Agent OS prompt injection detection.
+    Usage::
+        adapter = LlamaFirewallAdapter(mode=FirewallMode.CHAIN_BOTH)
+        result = await adapter.scan_prompt("ignore previous instructions")
+        if result.verdict == FirewallVerdict.BLOCKED:
+            print("Blocked!")
+    """
+    def __init__(
+        self,
+        mode: FirewallMode = FirewallMode.CHAIN_BOTH,
+        agent_os_config: DetectionConfig | None = None,
+    ) -> None:
+        self._mode = mode
+        self._detector = PromptInjectionDetector(config=agent_os_config)
+        self._llama_available = False
+        # Lazy import of llamafirewall
+        try:
+            import llamafirewall  # noqa: F401
+            self._llama_available = True
+        except ImportError:
+            self._llama_available = False
+        # Fallback if llama is required but not installed
+        if mode in (FirewallMode.LLAMAFIREWALL_ONLY, FirewallMode.CHAIN_BOTH, FirewallMode.VOTE_MAJORITY):
+            if not self._llama_available:
+                logger.warning(
+                    "llamafirewall package not installed — falling back to AGENT_OS_ONLY mode"
+                )
+                if mode == FirewallMode.LLAMAFIREWALL_ONLY:
+                    self._mode = FirewallMode.AGENT_OS_ONLY
+    # -- public API ---------------------------------------------------------
+    async def scan_prompt(
+        self,
+        prompt: str,
+        context: str | None = None,
+    ) -> FirewallResult:
+        """Scan a prompt using the configured mode (async)."""
+        mode = self._mode
+        if mode == FirewallMode.AGENT_OS_ONLY:
+            aos_result = self._run_agent_os(prompt)
+            return self._combine_results(None, aos_result, mode)
+        if mode == FirewallMode.LLAMAFIREWALL_ONLY:
+            llama_result = self._run_llamafirewall(prompt, context)
+            return self._combine_results(llama_result, None, mode)
+        # CHAIN_BOTH or VOTE_MAJORITY — run both
+        llama_result = self._run_llamafirewall(prompt, context) if self._llama_available else None
+        aos_result = self._run_agent_os(prompt)
+        return self._combine_results(llama_result, aos_result, mode)
+    def scan_prompt_sync(
+        self,
+        prompt: str,
+        context: str | None = None,
+    ) -> FirewallResult:
+        """Scan a prompt using the configured mode (synchronous)."""
+        mode = self._mode
+        if mode == FirewallMode.AGENT_OS_ONLY:
+            aos_result = self._run_agent_os(prompt)
+            return self._combine_results(None, aos_result, mode)
+        if mode == FirewallMode.LLAMAFIREWALL_ONLY:
+            llama_result = self._run_llamafirewall(prompt, context)
+            return self._combine_results(llama_result, None, mode)
+        # CHAIN_BOTH or VOTE_MAJORITY
+        llama_result = self._run_llamafirewall(prompt, context) if self._llama_available else None
+        aos_result = self._run_agent_os(prompt)
+        return self._combine_results(llama_result, aos_result, mode)
+    async def scan_code(
+        self,
+        code: str,
+        language: str = "python",
+    ) -> FirewallResult:
+        """Scan code using CodeShield if available, otherwise return SAFE with warning."""
+        if not self._llama_available:
+            return FirewallResult(
+                verdict=FirewallVerdict.SAFE,
+                source="agent_os",
+                score=0.0,
+                details={"warning": "CodeShield not available — llamafirewall not installed"},
+            )
+        try:
+            from llamafirewall import CodeShield  # type: ignore[import-untyped]
+            shield = CodeShield()
+            result = shield.scan(code, language=language)
+            verdict = self._map_llama_verdict(result.get("verdict", "safe"))
+            return FirewallResult(
+                verdict=verdict,
+                source="llamafirewall",
+                score=result.get("score", 0.0),
+                details={"language": language},
+                code_shield_result=result,
+            )
+        except ImportError:
+            return FirewallResult(
+                verdict=FirewallVerdict.SAFE,
+                source="agent_os",
+                score=0.0,
+                details={"warning": "CodeShield import failed"},
+            )
+        except Exception as exc:
+            logger.error("CodeShield scan error: %s", exc, exc_info=True)
+            return FirewallResult(
+                verdict=FirewallVerdict.ERROR,
+                source="llamafirewall",
+                score=0.0,
+                details={"error": str(exc)},
+            )
+    # -- internal scanners --------------------------------------------------
+    def _run_llamafirewall(
+        self,
+        prompt: str,
+        context: str | None = None,
+    ) -> dict[str, Any]:
+        """Call LlamaFirewall's scan API with graceful error handling."""
+        try:
+            from llamafirewall import LlamaFirewall as LF  # type: ignore[import-untyped]
+            fw = LF()
+            result = fw.scan(prompt, context=context)
+            return {
+                "verdict": result.get("verdict", "safe"),
+                "score": result.get("score", 0.0),
+                "prompt_guard": result.get("prompt_guard"),
+                "alignment_check": result.get("alignment_check"),
+            }
+        except ImportError:
+            logger.warning("llamafirewall not importable — returning empty result")
+            return {"verdict": "error", "score": 0.0, "error": "import_failed"}
+        except Exception as exc:
+            logger.error("LlamaFirewall scan error: %s", exc, exc_info=True)
+            return {"verdict": "error", "score": 0.0, "error": str(exc)}
+    def _run_agent_os(self, prompt: str) -> DetectionResult:
+        """Run Agent OS PromptInjectionDetector — always available."""
+        return self._detector.detect(prompt, source="llamafirewall_adapter")
+    # -- result combination -------------------------------------------------
+    def _combine_results(
+        self,
+        llama_result: dict[str, Any] | None,
+        aos_result: DetectionResult | None,
+        mode: FirewallMode,
+    ) -> FirewallResult:
+        """Merge results from both scanners based on the operating mode."""
+        llama_score = llama_result.get("score", 0.0) if llama_result else 0.0
+        llama_verdict_str = llama_result.get("verdict", "safe") if llama_result else "safe"
+        llama_verdict = self._map_llama_verdict(llama_verdict_str)
+        aos_score = aos_result.confidence if aos_result else 0.0
+        aos_verdict = self._agent_os_verdict(aos_result) if aos_result else FirewallVerdict.SAFE
+        # Single-scanner modes
+        if mode == FirewallMode.AGENT_OS_ONLY:
+            return FirewallResult(
+                verdict=aos_verdict,
+                source="agent_os",
+                score=aos_score,
+                details={"mode": mode.value},
+                agent_os_result=aos_result,
+            )
+        if mode == FirewallMode.LLAMAFIREWALL_ONLY:
+            return FirewallResult(
+                verdict=llama_verdict,
+                source="llamafirewall",
+                score=llama_score,
+                details={"mode": mode.value},
+                prompt_guard_result=llama_result.get("prompt_guard") if llama_result else None,
+                alignment_check_result=llama_result.get("alignment_check") if llama_result else None,
+            )
+        # CHAIN_BOTH: block if either blocks, use max score (most conservative)
+        if mode == FirewallMode.CHAIN_BOTH:
+            combined_score = max(llama_score, aos_score)
+            if llama_verdict == FirewallVerdict.BLOCKED or aos_verdict == FirewallVerdict.BLOCKED:
+                combined_verdict = FirewallVerdict.BLOCKED
+            elif llama_verdict == FirewallVerdict.SUSPICIOUS or aos_verdict == FirewallVerdict.SUSPICIOUS:
+                combined_verdict = FirewallVerdict.SUSPICIOUS
+            elif llama_verdict == FirewallVerdict.ERROR or aos_verdict == FirewallVerdict.ERROR:
+                combined_verdict = FirewallVerdict.ERROR
+            else:
+                combined_verdict = FirewallVerdict.SAFE
+            return FirewallResult(
+                verdict=combined_verdict,
+                source="combined",
+                score=combined_score,
+                details={"mode": mode.value, "llama_verdict": llama_verdict_str, "aos_verdict": aos_verdict.value},
+                prompt_guard_result=llama_result.get("prompt_guard") if llama_result else None,
+                alignment_check_result=llama_result.get("alignment_check") if llama_result else None,
+                agent_os_result=aos_result,
+            )
+        # VOTE_MAJORITY: require both to agree for block, use average score
+        if mode == FirewallMode.VOTE_MAJORITY:
+            combined_score = (llama_score + aos_score) / 2.0
+            block_votes = sum([
+                llama_verdict == FirewallVerdict.BLOCKED,
+                aos_verdict == FirewallVerdict.BLOCKED,
+            ])
+            if block_votes >= 2:
+                combined_verdict = FirewallVerdict.BLOCKED
+            elif block_votes == 1:
+                combined_verdict = FirewallVerdict.SUSPICIOUS
+            else:
+                combined_verdict = FirewallVerdict.SAFE
+            return FirewallResult(
+                verdict=combined_verdict,
+                source="combined",
+                score=combined_score,
+                details={
+                    "mode": mode.value,
+                    "block_votes": block_votes,
+                    "llama_verdict": llama_verdict_str,
+                    "aos_verdict": aos_verdict.value,
+                },
+                prompt_guard_result=llama_result.get("prompt_guard") if llama_result else None,
+                alignment_check_result=llama_result.get("alignment_check") if llama_result else None,
+                agent_os_result=aos_result,
+            )
+        # Fallback (should not reach here)
+        return FirewallResult(
+            verdict=FirewallVerdict.ERROR,
+            source="combined",
+            score=0.0,
+            details={"error": f"unknown mode: {mode}"},
+        )
+    # -- helpers ------------------------------------------------------------
+    @staticmethod
+    def _map_llama_verdict(verdict_str: str) -> FirewallVerdict:
+        """Map LlamaFirewall string verdict to FirewallVerdict."""
+        mapping = {
+            "safe": FirewallVerdict.SAFE,
+            "suspicious": FirewallVerdict.SUSPICIOUS,
+            "blocked": FirewallVerdict.BLOCKED,
+            "error": FirewallVerdict.ERROR,
+            "malicious": FirewallVerdict.BLOCKED,
+            "benign": FirewallVerdict.SAFE,
+        }
+        return mapping.get(verdict_str.lower(), FirewallVerdict.SUSPICIOUS)
+    @staticmethod
+    def _agent_os_verdict(result: DetectionResult) -> FirewallVerdict:
+        """Map Agent OS DetectionResult to FirewallVerdict."""
+        if not result.is_injection:
+            return FirewallVerdict.SAFE
+        if result.threat_level in (ThreatLevel.HIGH, ThreatLevel.CRITICAL):
+            return FirewallVerdict.BLOCKED
+        return FirewallVerdict.SUSPICIOUS
+    @property
+    def available_scanners(self) -> list[str]:
+        """Return list of active scanner names."""
+        scanners: list[str] = []
+        if self._mode in (FirewallMode.AGENT_OS_ONLY, FirewallMode.CHAIN_BOTH, FirewallMode.VOTE_MAJORITY):
+            scanners.append("agent_os")
+        if self._llama_available and self._mode in (
+            FirewallMode.LLAMAFIREWALL_ONLY, FirewallMode.CHAIN_BOTH, FirewallMode.VOTE_MAJORITY,
+        ):
+            scanners.append("llamafirewall")
+        return scanners

agent_os/integrations/llamaindex_adapter.py ADDED Viewed

@@ -0,0 +1,188 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+"""
+LlamaIndex Integration
+Wraps LlamaIndex query engines, retrievers, and agents with Agent OS governance.
+Usage:
+    from agent_os.integrations import LlamaIndexKernel
+    kernel = LlamaIndexKernel()
+    governed_engine = kernel.wrap(my_query_engine)
+    # Now all queries go through Agent OS governance
+    result = governed_engine.query("What is the meaning of life?")
+"""
+from typing import Any, Optional
+from .base import BaseIntegration, GovernancePolicy
+from .langchain_adapter import PolicyViolationError
+class LlamaIndexKernel(BaseIntegration):
+    """
+    LlamaIndex adapter for Agent OS.
+    Supports:
+    - QueryEngine (query, aquery)
+    - RetrieverQueryEngine
+    - ChatEngine (chat, achat, stream_chat)
+    - AgentRunner (chat, query)
+    """
+    def __init__(self, policy: Optional[GovernancePolicy] = None):
+        super().__init__(policy)
+        self._wrapped_agents: dict[int, Any] = {}
+        self._stopped: dict[str, bool] = {}
+    def wrap(self, agent: Any) -> Any:
+        """
+        Wrap a LlamaIndex query engine, chat engine, or agent with governance.
+        Intercepts:
+        - query() / aquery()
+        - chat() / achat()
+        - stream_chat()
+        - retrieve()
+        """
+        agent_id = getattr(agent, 'name', None) or f"llamaindex-{id(agent)}"
+        ctx = self.create_context(agent_id)
+        self._wrapped_agents[id(agent)] = agent
+        self._stopped[agent_id] = False
+        original = agent
+        kernel = self
+        class GovernedLlamaIndexAgent:
+            """LlamaIndex engine wrapped with Agent OS governance"""
+            def __init__(self):
+                self._original = original
+                self._ctx = ctx
+                self._kernel = kernel
+                self._agent_id = agent_id
+            def _check_stopped(self):
+                if kernel._stopped.get(self._agent_id):
+                    raise PolicyViolationError(
+                        f"Agent '{self._agent_id}' is stopped (SIGSTOP)"
+                    )
+            def query(self, query_str: Any, **kwargs) -> Any:
+                """Governed query"""
+                self._check_stopped()
+                allowed, reason = self._kernel.pre_execute(self._ctx, query_str)
+                if not allowed:
+                    raise PolicyViolationError(reason)
+                result = self._original.query(query_str, **kwargs)
+                valid, reason = self._kernel.post_execute(self._ctx, result)
+                if not valid:
+                    raise PolicyViolationError(reason)
+                return result
+            async def aquery(self, query_str: Any, **kwargs) -> Any:
+                """Governed async query"""
+                self._check_stopped()
+                allowed, reason = self._kernel.pre_execute(self._ctx, query_str)
+                if not allowed:
+                    raise PolicyViolationError(reason)
+                result = await self._original.aquery(query_str, **kwargs)
+                valid, reason = self._kernel.post_execute(self._ctx, result)
+                if not valid:
+                    raise PolicyViolationError(reason)
+                return result
+            def chat(self, message: str, **kwargs) -> Any:
+                """Governed chat"""
+                self._check_stopped()
+                allowed, reason = self._kernel.pre_execute(self._ctx, message)
+                if not allowed:
+                    raise PolicyViolationError(reason)
+                result = self._original.chat(message, **kwargs)
+                valid, reason = self._kernel.post_execute(self._ctx, result)
+                if not valid:
+                    raise PolicyViolationError(reason)
+                return result
+            async def achat(self, message: str, **kwargs) -> Any:
+                """Governed async chat"""
+                self._check_stopped()
+                allowed, reason = self._kernel.pre_execute(self._ctx, message)
+                if not allowed:
+                    raise PolicyViolationError(reason)
+                result = await self._original.achat(message, **kwargs)
+                valid, reason = self._kernel.post_execute(self._ctx, result)
+                if not valid:
+                    raise PolicyViolationError(reason)
+                return result
+            def stream_chat(self, message: str, **kwargs):
+                """Governed streaming chat"""
+                self._check_stopped()
+                allowed, reason = self._kernel.pre_execute(self._ctx, message)
+                if not allowed:
+                    raise PolicyViolationError(reason)
+                response = self._original.stream_chat(message, **kwargs)
+                self._kernel.post_execute(self._ctx, None)
+                return response
+            def retrieve(self, query_str: Any, **kwargs) -> Any:
+                """Governed retrieve"""
+                self._check_stopped()
+                allowed, reason = self._kernel.pre_execute(self._ctx, query_str)
+                if not allowed:
+                    raise PolicyViolationError(reason)
+                result = self._original.retrieve(query_str, **kwargs)
+                self._kernel.post_execute(self._ctx, result)
+                return result
+            def __getattr__(self, name):
+                return getattr(self._original, name)
+        return GovernedLlamaIndexAgent()
+    def unwrap(self, governed_agent: Any) -> Any:
+        """Get original engine from wrapped version"""
+        return governed_agent._original
+    def signal(self, agent_id: str, signal: str):
+        """Send signal to a governed agent"""
+        if signal == "SIGSTOP":
+            self._stopped[agent_id] = True
+        elif signal == "SIGCONT":
+            self._stopped[agent_id] = False
+        elif signal == "SIGKILL":
+            self._stopped[agent_id] = True
+        super().signal(agent_id, signal)
+# Convenience function
+def wrap(agent: Any, policy: Optional[GovernancePolicy] = None) -> Any:
+    """Quick wrapper for LlamaIndex engines"""
+    return LlamaIndexKernel(policy).wrap(agent)