PyPI - ea-agentgate - Versions diffs - 1.0.0__py3-none-any.whl - Mend

ea-agentgate 1.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (289) hide show

ea_agentgate/README.md +28 -0
ea_agentgate/__init__.py +60 -0
ea_agentgate/_version.py +7 -0
ea_agentgate/agent.py +604 -0
ea_agentgate/api_client.py +352 -0
ea_agentgate/backends/__init__.py +101 -0
ea_agentgate/backends/compliant.py +705 -0
ea_agentgate/backends/guardrail_backend.py +29 -0
ea_agentgate/backends/guardrail_memory.py +326 -0
ea_agentgate/backends/guardrail_redis.py +443 -0
ea_agentgate/backends/guardrail_types.py +123 -0
ea_agentgate/backends/memory.py +391 -0
ea_agentgate/backends/protocols.py +512 -0
ea_agentgate/backends/redis.py +560 -0
ea_agentgate/backends/redis_async.py +582 -0
ea_agentgate/backends/redis_common.py +84 -0
ea_agentgate/backends/types.py +30 -0
ea_agentgate/cli/__init__.py +171 -0
ea_agentgate/cli/__main__.py +5 -0
ea_agentgate/cli/cmd_approvals.py +155 -0
ea_agentgate/cli/cmd_audit.py +111 -0
ea_agentgate/cli/cmd_auth.py +73 -0
ea_agentgate/cli/cmd_costs.py +147 -0
ea_agentgate/cli/cmd_datasets.py +197 -0
ea_agentgate/cli/cmd_formal.py +382 -0
ea_agentgate/cli/cmd_overview.py +38 -0
ea_agentgate/cli/cmd_pii.py +264 -0
ea_agentgate/cli/cmd_settings.py +93 -0
ea_agentgate/cli/cmd_threats.py +164 -0
ea_agentgate/cli/cmd_traces.py +120 -0
ea_agentgate/cli/cmd_users.py +138 -0
ea_agentgate/cli/formatters.py +63 -0
ea_agentgate/cli/table_helpers.py +31 -0
ea_agentgate/client.py +612 -0
ea_agentgate/examples/demo.py +1 -0
ea_agentgate/examples/jinja2_templating_demo.py +1 -0
ea_agentgate/examples/openai/README.md +3 -0
ea_agentgate/examples/openai/__init__.py +1 -0
ea_agentgate/examples/openai/sdk_example.py +12 -0
ea_agentgate/examples/policy_engine_demo.py +1 -0
ea_agentgate/examples/prompt_guard_demo.py +1 -0
ea_agentgate/examples/resilience_demo.py +13 -0
ea_agentgate/exceptions.py +355 -0
ea_agentgate/feedback/__init__.py +49 -0
ea_agentgate/feedback/dpo_formatter.py +346 -0
ea_agentgate/feedback/models.py +108 -0
ea_agentgate/feedback/storage.py +316 -0
ea_agentgate/formal/__init__.py +44 -0
ea_agentgate/formal/helpers.py +47 -0
ea_agentgate/formal/models.py +292 -0
ea_agentgate/inference/__init__.py +14 -0
ea_agentgate/inference/sidecar.py +277 -0
ea_agentgate/integrations/__init__.py +8 -0
ea_agentgate/integrations/anthropic.py +140 -0
ea_agentgate/integrations/base.py +160 -0
ea_agentgate/integrations/openai.py +198 -0
ea_agentgate/integrations/request_utils.py +30 -0
ea_agentgate/integrations/types.py +30 -0
ea_agentgate/middleware/__init__.py +76 -0
ea_agentgate/middleware/approval.py +247 -0
ea_agentgate/middleware/audit_log.py +197 -0
ea_agentgate/middleware/base.py +251 -0
ea_agentgate/middleware/cost_tracker.py +107 -0
ea_agentgate/middleware/dashboard.py +144 -0
ea_agentgate/middleware/dataset_recorder.py +400 -0
ea_agentgate/middleware/feedback_collector.py +284 -0
ea_agentgate/middleware/guardrail.py +288 -0
ea_agentgate/middleware/input_extraction.py +20 -0
ea_agentgate/middleware/otel_exporter.py +243 -0
ea_agentgate/middleware/pii_vault.py +810 -0
ea_agentgate/middleware/pii_vault_detector.py +438 -0
ea_agentgate/middleware/pii_vault_manager.py +78 -0
ea_agentgate/middleware/pii_vault_models.py +31 -0
ea_agentgate/middleware/policy_middleware.py +213 -0
ea_agentgate/middleware/prompt_guard.py +690 -0
ea_agentgate/middleware/prompt_template.py +282 -0
ea_agentgate/middleware/proof_middleware.py +622 -0
ea_agentgate/middleware/rate_limiter.py +205 -0
ea_agentgate/middleware/semantic_cache.py +368 -0
ea_agentgate/middleware/semantic_validator.py +518 -0
ea_agentgate/middleware/validator.py +280 -0
ea_agentgate/prompts/JINJA2_QUICKSTART.md +122 -0
ea_agentgate/prompts/__init__.py +46 -0
ea_agentgate/prompts/filters.py +264 -0
ea_agentgate/prompts/manager.py +601 -0
ea_agentgate/prompts/registry.json +26 -0
ea_agentgate/prompts/registry.py +61 -0
ea_agentgate/prompts/templates/chain_of_thought.json +63 -0
ea_agentgate/prompts/templates/creative_steering.json +120 -0
ea_agentgate/prompts/templates/few_shot.json +80 -0
ea_agentgate/prompts/templates/role_based.json +102 -0
ea_agentgate/providers/__init__.py +80 -0
ea_agentgate/providers/anthropic_async.py +138 -0
ea_agentgate/providers/anthropic_base.py +92 -0
ea_agentgate/providers/anthropic_provider.py +138 -0
ea_agentgate/providers/base.py +90 -0
ea_agentgate/providers/google_provider.py +291 -0
ea_agentgate/providers/health.py +469 -0
ea_agentgate/providers/openai_async.py +111 -0
ea_agentgate/providers/openai_common.py +174 -0
ea_agentgate/providers/openai_provider.py +111 -0
ea_agentgate/providers/registry.py +409 -0
ea_agentgate/providers/routing.py +410 -0
ea_agentgate/py.typed +0 -0
ea_agentgate/resilience/__init__.py +15 -0
ea_agentgate/resilience/circuit_breaker.py +293 -0
ea_agentgate/security/__init__.py +76 -0
ea_agentgate/security/access_control.py +494 -0
ea_agentgate/security/audit.py +567 -0
ea_agentgate/security/audit_models.py +367 -0
ea_agentgate/security/encryption.py +402 -0
ea_agentgate/security/integrity.py +375 -0
ea_agentgate/security/policies/default_guardrails.json +109 -0
ea_agentgate/security/policies/pii_protection.json +88 -0
ea_agentgate/security/policy.py +422 -0
ea_agentgate/security/policy_engine.py +486 -0
ea_agentgate/security/policy_io.py +29 -0
ea_agentgate/security/policy_parser.py +237 -0
ea_agentgate/security/policy_types.py +130 -0
ea_agentgate/security/secure_delete.py +402 -0
ea_agentgate/tool_registry.py +102 -0
ea_agentgate/trace.py +133 -0
ea_agentgate/transaction_manager.py +261 -0
ea_agentgate/verification.py +404 -0
ea_agentgate/verification_manager.py +138 -0
ea_agentgate-1.0.0.dist-info/METADATA +1419 -0
ea_agentgate-1.0.0.dist-info/RECORD +289 -0
ea_agentgate-1.0.0.dist-info/WHEEL +4 -0
ea_agentgate-1.0.0.dist-info/entry_points.txt +2 -0
ea_agentgate-1.0.0.dist-info/licenses/LICENSE +21 -0
server/.env.example +69 -0
server/__init__.py +20 -0
server/adapters/__init__.py +1 -0
server/adapters/budget_deepseek.py +139 -0
server/adapters/mcp_policy/__init__.py +1 -0
server/adapters/mcp_policy/tools_policy_governance.py +397 -0
server/audit/__init__.py +50 -0
server/audit/bus.py +163 -0
server/audit/config.py +19 -0
server/audit/consumer.py +263 -0
server/config.py +80 -0
server/config_runtime.py +56 -0
server/config_secrets.py +179 -0
server/cors_config.py +57 -0
server/db/__init__.py +11 -0
server/db/readiness.py +248 -0
server/db/schema_guard.py +163 -0
server/lifespan.py +353 -0
server/logging_config.py +72 -0
server/main.py +872 -0
server/mcp/__init__.py +44 -0
server/mcp/__main__.py +82 -0
server/mcp/api_client.py +295 -0
server/mcp/auth_session.py +432 -0
server/mcp/azure_mfa_guard.py +60 -0
server/mcp/confirm.py +114 -0
server/mcp/execution_policy.py +294 -0
server/mcp/guardrails.py +552 -0
server/mcp/guardrails_sync.py +349 -0
server/mcp/job_store.py +247 -0
server/mcp/models.py +154 -0
server/mcp/monitoring.py +93 -0
server/mcp/policy_engine.py +274 -0
server/mcp/resources.py +198 -0
server/mcp/server.py +89 -0
server/mcp/tools_api.py +286 -0
server/mcp/tools_async.py +175 -0
server/mcp/tools_governance.py +633 -0
server/mcp/tools_safety.py +39 -0
server/mcp/types_ground_truth.py +47 -0
server/metrics.py +309 -0
server/middleware/__init__.py +19 -0
server/middleware/security_headers.py +100 -0
server/middleware/threat_detection.py +578 -0
server/migrations/add_failed_login_tracking.sql +5 -0
server/migrations/add_mfa_fields.sql +7 -0
server/migrations/add_webauthn_fields.sql +9 -0
server/models/__init__.py +164 -0
server/models/approval_schemas.py +85 -0
server/models/audit_schemas.py +177 -0
server/models/common_enums.py +27 -0
server/models/database.py +503 -0
server/models/dataset_schemas.py +380 -0
server/models/formal_security_schemas.py +336 -0
server/models/governance_schemas.py +68 -0
server/models/identity_schemas.py +275 -0
server/models/pii_schemas.py +345 -0
server/models/policy_input_schemas.py +82 -0
server/models/prompt_schemas.py +160 -0
server/models/schemas.py +236 -0
server/models/security_policy_schemas.py +75 -0
server/models/trace_schemas.py +79 -0
server/models/user_schemas.py +318 -0
server/policy_governance/__init__.py +1 -0
server/policy_governance/kernel/__init__.py +1 -0
server/policy_governance/kernel/alert_dispatch.py +341 -0
server/policy_governance/kernel/alert_models.py +249 -0
server/policy_governance/kernel/alerting_factory.py +289 -0
server/policy_governance/kernel/alerts.py +367 -0
server/policy_governance/kernel/consensus_verifier.py +685 -0
server/policy_governance/kernel/counterfactual_verifier.py +109 -0
server/policy_governance/kernel/credential_check.py +198 -0
server/policy_governance/kernel/deception_injector.py +590 -0
server/policy_governance/kernel/delegation_lineage.py +496 -0
server/policy_governance/kernel/detection_behavioral.py +143 -0
server/policy_governance/kernel/detection_input.py +226 -0
server/policy_governance/kernel/detection_ip_blocking.py +192 -0
server/policy_governance/kernel/distributed_health_monitor.py +561 -0
server/policy_governance/kernel/enforcement.py +452 -0
server/policy_governance/kernel/evidence_log.py +226 -0
server/policy_governance/kernel/formal_models.py +101 -0
server/policy_governance/kernel/gamma_builder.py +249 -0
server/policy_governance/kernel/master_key.py +463 -0
server/policy_governance/kernel/master_key_router.py +445 -0
server/policy_governance/kernel/patterns_injection.py +207 -0
server/policy_governance/kernel/patterns_traversal.py +90 -0
server/policy_governance/kernel/pii_token_service.py +653 -0
server/policy_governance/kernel/runtime_settings.py +86 -0
server/policy_governance/kernel/solver_engine.py +759 -0
server/policy_governance/kernel/spec_synthesizer.py +617 -0
server/policy_governance/kernel/threat_definitions.py +56 -0
server/policy_governance/kernel/threat_detector.py +641 -0
server/policy_governance/kernel/threat_detector_analysis.py +567 -0
server/policy_governance/kernel/threat_detector_config.py +134 -0
server/policy_governance/kernel/threat_detector_events.py +201 -0
server/policy_governance/kernel/threat_detector_utils.py +230 -0
server/policy_governance/kernel/threat_pattern_base.py +160 -0
server/policy_governance/kernel/threat_patterns.py +300 -0
server/policy_governance/kernel/verification_grants.py +162 -0
server/policy_governance/kernel/z3_runtime_engine.py +165 -0
server/rate_limiting.py +134 -0
server/routers/__init__.py +55 -0
server/routers/access_mode.py +71 -0
server/routers/api_keys.py +429 -0
server/routers/approvals.py +165 -0
server/routers/audit.py +219 -0
server/routers/auth.py +690 -0
server/routers/auth_helpers.py +336 -0
server/routers/auth_mfa.py +299 -0
server/routers/auth_registration.py +638 -0
server/routers/auth_utils.py +158 -0
server/routers/dataset_helpers.py +79 -0
server/routers/datasets.py +786 -0
server/routers/datasets_operations.py +219 -0
server/routers/device_auth.py +330 -0
server/routers/health.py +57 -0
server/routers/mcp_mfa_callback.py +240 -0
server/routers/passkey.py +517 -0
server/routers/pii.py +771 -0
server/routers/pii_compliance.py +514 -0
server/routers/pii_nlp.py +503 -0
server/routers/pii_utils.py +81 -0
server/routers/policies.py +776 -0
server/routers/policy_governance.py +678 -0
server/routers/policy_governance_verification.py +843 -0
server/routers/result_utils.py +40 -0
server/routers/settings.py +128 -0
server/routers/setup.py +444 -0
server/routers/test.py +658 -0
server/routers/traces.py +295 -0
server/routers/users.py +167 -0
server/routers/verification.py +165 -0
server/runtime/__init__.py +21 -0
server/runtime/profile.py +78 -0
server/security/__init__.py +1 -0
server/security/azure/__init__.py +17 -0
server/security/azure/credential_factory.py +86 -0
server/security/azure/postgres_token_provider.py +62 -0
server/security/identity/__init__.py +64 -0
server/security/identity/adapter.py +109 -0
server/security/identity/custom_oidc_provider.py +14 -0
server/security/identity/descope_provider.py +14 -0
server/security/identity/local_provider.py +73 -0
server/security/identity/mcp_access.py +100 -0
server/security/identity/oidc.py +106 -0
server/security/identity/policy.py +175 -0
server/security/identity/roles.py +59 -0
server/security/identity/service.py +125 -0
server/security/identity/store.py +281 -0
server/sentry_config.py +203 -0
server/static/vendor/scalar-api-reference-1.44.13.min.js +8 -0
server/utils/__init__.py +21 -0
server/utils/captcha.py +159 -0
server/utils/db.py +66 -0
server/utils/mfa.py +150 -0
server/utils/secret_loader.py +117 -0
server/utils/test_runner.py +401 -0
server/utils/time_buckets.py +65 -0
server/utils/webauthn_helper.py +278 -0

ea_agentgate/README.md ADDED Viewed

@@ -0,0 +1,28 @@
+# AgentGate Package Notes
+## Principal-Led Run Cleanup
+Principal-led cleanup is approval-gated and run-scoped. After the run is approved and reaches
+`gatekeeper PASS` with `state DONE`, execute:
+```bash
+python3 scripts/cleanup_completed_run_worktrees.py \
+  --run-dir tests/artifacts/workflow/<run_id> \
+  --apply
+```
+Only worktrees and branches declared for that `run_id` inside `plan_proposal.json lanes` are
+eligible for deletion.
+```mermaid
+flowchart TD
+  A["User approves run"] --> B["Gatekeeper PASS + state DONE"]
+  B --> C["cleanup_completed_run_worktrees.py for run_id"]
+  C --> D["Delete run-scoped lane branches/worktrees only"]
+```
+Codex app path:
+1. Open terminal with `Toggle Terminal` (top-right) or `Cmd+J` on macOS.
+2. Optional: right-click run in left sidebar and select `Fork into local`.
+3. Run cleanup command with the target `<run_id>`.

ea_agentgate/__init__.py ADDED Viewed

@@ -0,0 +1,60 @@
+"""Public package surface for AgentGate.
+Keep the top-level import lightweight so ``import ea_agentgate`` works
+from a base wheel install without requiring optional provider, crypto,
+or server dependencies. Public symbols are loaded lazily on demand.
+"""
+from __future__ import annotations
+from importlib import import_module
+from typing import Any
+from ._version import __version__
+_LAZY_EXPORTS: dict[str, tuple[str, str]] = {
+    "Agent": ("ea_agentgate.agent", "Agent"),
+    "ToolDef": ("ea_agentgate.tool_registry", "ToolDef"),
+    "providers": ("ea_agentgate", "providers"),
+    "Trace": ("ea_agentgate.trace", "Trace"),
+    "TraceStatus": ("ea_agentgate.trace", "TraceStatus"),
+    "UniversalClient": ("ea_agentgate.client", "UniversalClient"),
+    "AgentGate": ("ea_agentgate.client", "UniversalClient"),
+    "CompletionResult": ("ea_agentgate.client", "CompletionResult"),
+    "AllProvidersFailedError": ("ea_agentgate.client", "AllProvidersFailedError"),
+    "Metadata": ("ea_agentgate.client", "Metadata"),
+    "TokenUsage": ("ea_agentgate.client", "TokenUsage"),
+    "Performance": ("ea_agentgate.client", "Performance"),
+    "AgentGateError": ("ea_agentgate.exceptions", "AgentGateError"),
+    "AgentSafetyError": ("ea_agentgate.exceptions", "AgentSafetyError"),
+    "ValidationError": ("ea_agentgate.exceptions", "ValidationError"),
+    "RateLimitError": ("ea_agentgate.exceptions", "RateLimitError"),
+    "BudgetExceededError": ("ea_agentgate.exceptions", "BudgetExceededError"),
+    "ApprovalRequired": ("ea_agentgate.exceptions", "ApprovalRequired"),
+    "ApprovalDenied": ("ea_agentgate.exceptions", "ApprovalDenied"),
+    "ApprovalTimeout": ("ea_agentgate.exceptions", "ApprovalTimeout"),
+    "TransactionFailed": ("ea_agentgate.exceptions", "TransactionFailed"),
+    "GuardrailViolationError": ("ea_agentgate.exceptions", "GuardrailViolationError"),
+    "check_admissibility": ("ea_agentgate.verification", "check_admissibility"),
+    "verify_certificate": ("ea_agentgate.verification", "verify_certificate"),
+    "verify_plan": ("ea_agentgate.verification", "verify_plan"),
+    "AdmissibilityResult": ("ea_agentgate.verification", "AdmissibilityResult"),
+    "CertificateVerificationResult": (
+        "ea_agentgate.verification",
+        "CertificateVerificationResult",
+    ),
+    "PlanVerificationResult": ("ea_agentgate.verification", "PlanVerificationResult"),
+}
+__all__ = [*_LAZY_EXPORTS, "__version__"]
+def __getattr__(name: str) -> Any:
+    """Resolve public exports lazily."""
+    if name == "providers":
+        return import_module("ea_agentgate.providers")
+    if name in _LAZY_EXPORTS:
+        module_name, attr_name = _LAZY_EXPORTS[name]
+        module = import_module(module_name)
+        return getattr(module, attr_name)
+    raise AttributeError(f"module {__name__!r} has no attribute {name!r}")

ea_agentgate/_version.py ADDED Viewed

@@ -0,0 +1,7 @@
+"""Version information for AgentGate.
+This is in a separate file to avoid circular imports when server.main
+needs to access the version at module load time.
+"""
+__version__ = "1.0.0"

ea_agentgate/agent.py ADDED Viewed

@@ -0,0 +1,604 @@
+"""Main Agent class for safe tool execution."""
+from __future__ import annotations
+import asyncio
+import functools
+import inspect
+import uuid
+from contextlib import contextmanager, asynccontextmanager
+from dataclasses import dataclass, field, replace
+from typing import (
+    Any,
+    TypeVar,
+    ParamSpec,
+    cast,
+)
+from collections.abc import Callable, Generator, AsyncGenerator
+from .trace import Trace
+from .middleware.base import Middleware, MiddlewareChain, MiddlewareContext
+from .tool_registry import ToolDef, ToolRegistry
+from .transaction_manager import TransactionManager
+from .verification_manager import VerificationConfig, VerificationInputs, VerificationManager
+P = ParamSpec("P")
+R = TypeVar("R")
+@dataclass
+class AgentConfig:
+    """Configuration for Agent identifiers."""
+    agent_id: str = field(default_factory=lambda: str(uuid.uuid4())[:8])
+    session_id: str | None = None
+    user_id: str | None = None
+_VERIFICATION_KWARG_ALIASES = {
+    "formal_verification": "enabled",
+    "principal": "principal",
+    "tenant_id": "tenant_id",
+    "verification_mode": "mode",
+    "verification_provider": "provider",
+    "formal_api_client": "api_client",
+    "certificate_callback": "certificate_callback",
+}
+_VERIFICATION_INPUT_KWARG_ALIASES = {
+    "policies": "policies",
+    "grants": "grants",
+    "revocations": "revocations",
+    "obligations": "obligations",
+    "environment": "environment",
+}
+def _build_verification_config(
+    verification: VerificationConfig | None,
+    overrides: dict[str, Any],
+) -> VerificationConfig:
+    """Merge legacy verification kwargs into a VerificationConfig."""
+    config = verification or VerificationConfig()
+    if not overrides:
+        return config
+    remaining = dict(overrides)
+    updated_fields: dict[str, Any] = {}
+    for legacy_name, field_name in _VERIFICATION_KWARG_ALIASES.items():
+        if legacy_name in remaining:
+            updated_fields[field_name] = remaining.pop(legacy_name)
+    input_updates: dict[str, Any] = {}
+    for legacy_name, field_name in _VERIFICATION_INPUT_KWARG_ALIASES.items():
+        if legacy_name in remaining:
+            input_updates[field_name] = remaining.pop(legacy_name)
+    if remaining:
+        unknown_args = ", ".join(sorted(remaining))
+        raise TypeError(f"Unexpected verification arguments: {unknown_args}")
+    if input_updates:
+        verification_inputs = verification.inputs if verification else VerificationInputs()
+        updated_fields["inputs"] = replace(verification_inputs, **input_updates)
+    return replace(config, **updated_fields)
+def _convert_args_to_kwargs(
+    tool_def: ToolDef,
+    args: tuple[Any, ...],
+    kwargs: dict[str, Any],
+) -> dict[str, Any]:
+    """Convert positional args to keyword args using tool signature.
+    Inspects the function signature of the tool and maps positional
+    arguments to their corresponding parameter names.
+    Args:
+        tool_def: The tool definition whose function signature is used.
+        args: Positional arguments to convert.
+        kwargs: Existing keyword arguments (mutated in place).
+    Returns:
+        The updated kwargs dict with positional args merged in.
+    """
+    sig = inspect.signature(tool_def.fn)
+    params = list(sig.parameters.keys())
+    for i, arg in enumerate(args):
+        if i < len(params):
+            kwargs[params[i]] = arg
+    return kwargs
+class Agent:
+    """Agent with safe, traced tool execution.
+    Provides:
+    - Automatic tracing of all tool calls
+    - Middleware stack for validation, rate limiting, etc.
+    - Transaction support with automatic rollback
+    - Human-in-the-loop approvals
+    - Optional formal verification with proof-carrying authorization
+    Example:
+        agent = Agent(
+            middleware=[
+                Validator(block_paths=["/"]),
+                RateLimiter(max_calls=100, window="1m"),
+                AuditLog(destination="audit.jsonl"),
+            ]
+        )
+        @agent.tool
+        def delete_file(path: str) -> str:
+            os.remove(path)
+            return f"Deleted {path}"
+        # Execute with full tracing
+        result = agent.call("delete_file", path="/tmp/cache.txt")
+        # View traces
+        for trace in agent.traces:
+            print(trace)
+    Formal Verification:
+        agent = Agent(
+            formal_verification=True,
+            principal="agent:ops",
+            policies=[{"effect": "deny", "action": "delete", "resource": "/prod/*"}],
+        )
+        result = agent.call("read_data", resource="/api/users")
+        cert = agent.last_certificate  # DecisionCertificate dict
+    """
+    def __init__(
+        self,
+        middleware: list[Middleware] | None = None,
+        agent_id: str | None = None,
+        session_id: str | None = None,
+        user_id: str | None = None,
+        *,
+        verification: VerificationConfig | None = None,
+        **verification_kwargs: Any,
+    ) -> None:
+        """Initialize agent.
+        Args:
+            middleware: List of middleware to apply to all tool calls.
+            agent_id: Unique identifier for this agent.
+            session_id: Session identifier.
+            user_id: User identifier.
+            verification: Optional grouped formal verification config.
+            **verification_kwargs: Backward-compatible formal verification
+                keyword arguments such as
+                ``formal_verification``, ``principal``, ``tenant_id``,
+                ``verification_mode``, and ``formal_api_client``.
+        """
+        self.middleware = middleware or []
+        self.config = AgentConfig(
+            agent_id=agent_id or str(uuid.uuid4())[:8],
+            session_id=session_id,
+            user_id=user_id,
+        )
+        # Verification manager
+        self._verification = VerificationManager(
+            _build_verification_config(verification, verification_kwargs),
+        )
+        # Auto-inject ProofCarryingMiddleware when enabled
+        proof_mw = self._verification.build_middleware()
+        if proof_mw is not None:
+            self.middleware = [proof_mw] + self.middleware
+        self._tool_registry = ToolRegistry()
+        self._traces: list[Trace] = []
+        self._chain = MiddlewareChain(self.middleware)
+        self.txn = TransactionManager()
+    # ------------------------------------------------------------------
+    # Identity properties
+    # ------------------------------------------------------------------
+    @property
+    def agent_id(self) -> str:
+        """Current agent identifier."""
+        return self.config.agent_id
+    @agent_id.setter
+    def agent_id(self, value: str) -> None:
+        self.config.agent_id = value
+    @property
+    def session_id(self) -> str | None:
+        """Current session identifier."""
+        return self.config.session_id
+    @session_id.setter
+    def session_id(self, value: str | None) -> None:
+        self.config.session_id = value
+    @property
+    def user_id(self) -> str | None:
+        """Current user identifier."""
+        return self.config.user_id
+    @user_id.setter
+    def user_id(self, value: str | None) -> None:
+        self.config.user_id = value
+    # ------------------------------------------------------------------
+    # Tool and trace accessors
+    # ------------------------------------------------------------------
+    @property
+    def traces(self) -> list[Trace]:
+        """Return a copy of all traces from this agent."""
+        return self._traces.copy()
+    @property
+    def tools(self) -> dict[str, ToolDef]:
+        """Return registered tools as a dict copy."""
+        return self._tool_registry.tools
+    @property
+    def formal_verification(self) -> bool:
+        """Whether formal verification is enabled."""
+        return self._verification.enabled
+    @property
+    def last_certificate(self) -> dict[str, Any] | None:
+        """Most recent DecisionCertificate from formal verification.
+        Returns ``None`` if formal verification is disabled or no tool
+        call has been made yet.
+        The dict contains:
+        - ``decision_id``: Unique certificate ID
+        - ``result``: ``"ADMISSIBLE"`` or ``"INADMISSIBLE"``
+        - ``proof_type``: ``"CONSTRUCTIVE_TRACE"`` / ``"UNSAT_CORE"``
+          / ``"COUNTEREXAMPLE"``
+        - ``theorem_hash``: SHA-256 of the theorem expression
+        - ``alpha_hash``: SHA-256 of the action context
+        - ``gamma_hash``: SHA-256 of the knowledge base
+        - ``signature``: Ed25519 signature (base64)
+        """
+        return self._verification.last_certificate
+    # ------------------------------------------------------------------
+    # Verification
+    # ------------------------------------------------------------------
+    def verify_last_certificate(self) -> bool:
+        """Verify the most recent certificate's signature and theorem hash.
+        Returns:
+            ``True`` if the certificate is valid, ``False`` if invalid
+            or no certificate exists.
+        """
+        return self._verification.verify_last_certificate()
+    # ------------------------------------------------------------------
+    # Tool registration
+    # ------------------------------------------------------------------
+    def tool(
+        self,
+        fn: Callable[P, R] | None = None,
+        *,
+        name: str | None = None,
+        requires_approval: bool = False,
+        cost: float | None = None,
+    ) -> Callable[P, R] | Callable[[Callable[P, R]], Callable[P, R]]:
+        """Decorator to register a tool with the agent.
+        Example:
+            @agent.tool
+            def my_tool(x: int) -> int:
+                return x * 2
+            @agent.tool(requires_approval=True, cost=0.10)
+            def expensive_tool(data: str) -> str:
+                ...
+        """
+        def decorator(func: Callable[P, R]) -> Callable[P, R]:
+            """Register *func* in the tool registry."""
+            tool_name = name or func.__name__
+            self._tool_registry.register(
+                tool_name,
+                func,
+                requires_approval=requires_approval,
+                cost=cost,
+            )
+            @functools.wraps(func)
+            def wrapper(*args: P.args, **kwargs: P.kwargs) -> R:
+                """Delegate to ``Agent.call`` for traced execution."""
+                return cast(R, self.call(tool_name, *args, **kwargs))
+            return wrapper
+        if fn is not None:
+            return decorator(fn)
+        return decorator
+    def register_tool(
+        self,
+        name: str,
+        fn: Callable[..., Any],
+        requires_approval: bool = False,
+        cost: float | None = None,
+    ) -> None:
+        """Register a tool with the agent.
+        Args:
+            name: Name to register the tool under.
+            fn: The tool function.
+            requires_approval: Whether tool requires human approval.
+            cost: Optional cost per invocation.
+        """
+        self._tool_registry.register(
+            name,
+            fn,
+            requires_approval=requires_approval,
+            cost=cost,
+        )
+    def compensate(
+        self,
+        tool_name: str,
+        compensation: Callable[..., Any],
+    ) -> None:
+        """Register a compensation function for a tool.
+        Compensation is called during rollback if the tool succeeded
+        but a later step failed.
+        Args:
+            tool_name: Name of the tool.
+            compensation: Callable invoked with the tool output during
+                rollback.
+        Example:
+            agent.compensate(
+                "create_user",
+                lambda ctx: db.delete_user(ctx["user_id"]),
+            )
+        """
+        self.txn.set_compensation(tool_name, compensation)
+        self._tool_registry.set_compensation(tool_name, compensation)
+    # ------------------------------------------------------------------
+    # Synchronous execution
+    # ------------------------------------------------------------------
+    def call(self, tool_name: str, *args: Any, **kwargs: Any) -> Any:
+        """Call a tool by name with tracing and middleware.
+        Args:
+            tool_name: Name of the registered tool.
+            *args: Positional arguments (converted to kwargs via sig).
+            **kwargs: Keyword arguments.
+        Returns:
+            Tool's return value.
+        Raises:
+            Various exceptions from middleware (ValidationError, etc.)
+            RuntimeError: If tool is async and called from async context.
+        """
+        tool_def = self._tool_registry.get(tool_name)
+        # Async tool guard
+        if inspect.iscoroutinefunction(tool_def.fn):
+            try:
+                asyncio.get_running_loop()
+            except RuntimeError:
+                return asyncio.run(
+                    self.acall(tool_name, *args, **kwargs),
+                )
+            raise RuntimeError(
+                f"Tool '{tool_name}' is async. Use agent.acall() "
+                f"instead of agent.call() when in an async context."
+            )
+        if args:
+            kwargs = _convert_args_to_kwargs(tool_def, args, kwargs)
+        trace, ctx = self._prepare_call(tool_name, tool_def, kwargs)
+        trace.start()
+        try:
+            result = self._chain.execute(ctx, tool_def.fn)
+            trace.succeed(result)
+        except Exception as exc:
+            self._verification.extract_certificate(ctx)
+            trace.fail(str(exc))
+            self._traces.append(trace)
+            self.txn.record_trace(trace)
+            raise
+        self._verification.extract_certificate(ctx)
+        self._traces.append(trace)
+        self.txn.record_trace(trace)
+        return result
+    # ------------------------------------------------------------------
+    # Transaction delegation
+    # ------------------------------------------------------------------
+    @contextmanager
+    def transaction(self) -> Generator[None, None, None]:
+        """Execute tools in a transaction with automatic rollback.
+        If any tool fails, all previously successful tools have
+        their compensation functions called in reverse order.
+        Example:
+            with agent.transaction():
+                agent.call("create_user", email="test@example.com")
+                agent.call("charge_card", amount=99.00)
+        """
+        with self.txn.transaction():
+            yield
+    def rollback(self) -> None:
+        """Rollback the current transaction synchronously."""
+        self.txn.rollback()
+    # ------------------------------------------------------------------
+    # Trace management
+    # ------------------------------------------------------------------
+    def record_trace(self, trace: Trace) -> None:
+        """Record a trace from an integration or external validation path."""
+        self._record_trace(trace)
+    def clear_traces(self) -> None:
+        """Clear all traces."""
+        self._traces.clear()
+    def _record_trace(self, trace: Trace) -> None:
+        """Record a trace and keep transaction state in sync."""
+        self._traces.append(trace)
+        self.txn.record_trace(trace)
+    # ------------------------------------------------------------------
+    # Middleware management
+    # ------------------------------------------------------------------
+    def add_middleware(self, middleware: Middleware) -> None:
+        """Add middleware to the stack."""
+        self.middleware.append(middleware)
+        self._chain = MiddlewareChain(self.middleware)
+    # ------------------------------------------------------------------
+    # Lifecycle
+    # ------------------------------------------------------------------
+    def _close(self) -> None:
+        """Close the agent and release middleware resources."""
+        for mw in self.middleware:
+            closer = getattr(mw, "close", None)
+            if callable(closer):
+                closer()
+    def __enter__(self) -> "Agent":
+        """Enter context manager."""
+        return self
+    def __exit__(self, *_: Any) -> None:
+        """Exit context manager and close resources."""
+        self._close()
+    # ------------------------------------------------------------------
+    # Async methods
+    # ------------------------------------------------------------------
+    async def acall(
+        self,
+        tool_name: str,
+        *args: Any,
+        **kwargs: Any,
+    ) -> Any:
+        """Async call a tool by name with tracing and middleware.
+        Supports both sync and async tool functions. This method should
+        be used when running in an async context (e.g., FastAPI).
+        Args:
+            tool_name: Name of the registered tool.
+            *args: Positional arguments (converted to kwargs via sig).
+            **kwargs: Keyword arguments.
+        Returns:
+            Tool's return value.
+        Example:
+            result = await agent.acall(
+                "fetch_data", url="https://api.example.com",
+            )
+        """
+        tool_def = self._tool_registry.get(tool_name)
+        if args:
+            kwargs = _convert_args_to_kwargs(tool_def, args, kwargs)
+        trace, ctx = self._prepare_call(tool_name, tool_def, kwargs)
+        trace.start()
+        try:
+            result = await self._chain.aexecute(ctx, tool_def.fn)
+            trace.succeed(result)
+        except Exception as exc:
+            self._verification.extract_certificate(ctx)
+            trace.fail(str(exc))
+            self._traces.append(trace)
+            self.txn.record_trace(trace)
+            raise
+        self._verification.extract_certificate(ctx)
+        self._traces.append(trace)
+        self.txn.record_trace(trace)
+        return result
+    @asynccontextmanager
+    async def atransaction(self) -> AsyncGenerator[None, None]:
+        """Async transaction with automatic rollback.
+        If any tool fails, all previously successful tools have
+        their compensation functions called in reverse order.
+        Supports both sync and async compensation functions.
+        Example:
+            async with agent.atransaction():
+                await agent.acall("create_user", email="test@example.com")
+                await agent.acall("charge_card", amount=99.00)
+        """
+        async with self.txn.atransaction():
+            yield
+    async def arollback(self) -> None:
+        """Async rollback the current transaction."""
+        await self.txn.arollback()
+    # ------------------------------------------------------------------
+    # Private helpers
+    # ------------------------------------------------------------------
+    def _prepare_call(
+        self,
+        tool_name: str,
+        tool_def: ToolDef,
+        kwargs: dict[str, Any],
+    ) -> tuple[Trace, MiddlewareContext]:
+        """Build Trace and MiddlewareContext for a tool call.
+        Args:
+            tool_name: Name of the tool being called.
+            tool_def: The tool definition.
+            kwargs: Resolved keyword arguments.
+        Returns:
+            A (Trace, MiddlewareContext) tuple ready for execution.
+        """
+        trace = Trace(tool=tool_name, inputs=kwargs)
+        trace.context.compensation = (
+            tool_def.compensation.__name__ if tool_def.compensation else None
+        )
+        ctx = MiddlewareContext(
+            tool=tool_name,
+            inputs=kwargs,
+            trace=trace,
+            agent_id=self.config.agent_id,
+            session_id=self.config.session_id,
+            user_id=self.config.user_id,
+            metadata={
+                "requires_approval": tool_def.requires_approval,
+            },
+        )
+        if tool_def.cost is not None:
+            ctx.cost = tool_def.cost
+        return trace, ctx