flux7-mesh 0.1.0__tar.gz

flux7_mesh-0.1.0/.gitignore

@@ -0,0 +1,43 @@
+# Build / OS
+*.exe
+*.dll
+*.so
+*.dylib
+/agent-mesh
+/mesh
+.DS_Store
+
+# IDE
+.claude
+CLAUDE.md
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# Go
+vendor/
+
+# Python
+.venv/
+__pycache__/
+
+# Environment
+.env
+.env.*
+
+# Debug / Test artifacts
+*.debug
+*.test
+
+# Project
+docs/internal/
+docs/positioning.md
+docs/agent-landscape.md
+traces.jsonl
+traces-*.jsonl
+state.db
+*.db-wal
+*.db-shm
+*.local.yaml
+policies/*.local.yaml

flux7_mesh-0.1.0/PKG-INFO

@@ -0,0 +1,111 @@
+Metadata-Version: 2.4
+Name: flux7-mesh
+Version: 0.1.0
+Summary: Python SDK for agent-mesh — governance mesh for AI agent tool calls
+Project-URL: Homepage, https://github.com/KTCrisis/agent-mesh
+Project-URL: Repository, https://github.com/KTCrisis/agent-mesh
+License-Expression: MIT
+Requires-Python: >=3.10
+Requires-Dist: requests>=2.28
+Provides-Extra: anthropic
+Requires-Dist: anthropic>=0.40; extra == 'anthropic'
+Description-Content-Type: text/markdown
+
+# agent-mesh Python SDK
+
+Governance mesh for AI agent tool calls. Wraps any Python function with policy enforcement, human approval, and tracing via [agent-mesh](https://github.com/KTCrisis/agent-mesh).
+
+## Install
+
+```bash
+pip install agent-mesh
+pip install agent-mesh[anthropic]  # with Claude API support
+```
+
+## Quick start
+
+### Direct client
+
+```python
+from agent_mesh import AgentMesh
+
+mesh = AgentMesh("http://localhost:9090", agent="my-agent")
+
+# Check what's available
+tools = mesh.tools()
+health = mesh.health()
+
+# Policy check only (POST /decide) — no execution
+decision = mesh.decide("filesystem.write_file", {"path": "/tmp/x"})
+print(decision.action)  # allow | deny | human_approval
+
+# Full proxy (POST /tool/{name}) — policy + execute + trace
+decision = mesh.call_tool("filesystem.read_file", {"path": "/tmp/data.txt"})
+print(decision.result)
+
+# Manage grants
+mesh.create_grant("filesystem.*", "30m")
+mesh.revoke_grant("grant-id")
+```
+
+### GovernedToolkit (Claude API)
+
+```python
+from agent_mesh import GovernedToolkit
+
+toolkit = GovernedToolkit(agent="my-agent")
+
+@toolkit.tool
+def get_weather(city: str) -> str:
+    """Get current weather for a city."""
+    return fetch_weather(city)
+
+@toolkit.tool
+def send_email(to: str, subject: str, body: str) -> str:
+    """Send an email."""
+    return smtp_send(to, subject, body)
+
+# Generate tools[] for Claude API
+schemas = toolkit.schemas()
+
+# Process tool_use blocks with governance
+response = client.messages.create(model="claude-sonnet-4-6", tools=schemas, ...)
+results = toolkit.process_response([b.model_dump() for b in response.content])
+```
+
+The toolkit:
+1. **`schemas()`** — generates the `tools[]` array from Python function signatures
+2. **`process_response()`** — intercepts `tool_use` blocks, checks policy via agent-mesh, executes locally if allowed
+3. **`execute()`** — single tool call with governance
+
+## Prerequisites
+
+agent-mesh daemon running:
+
+```bash
+agent-mesh serve --config config.yaml
+```
+
+## API
+
+### `AgentMesh(url, agent, timeout)`
+
+| Method | Description |
+|---|---|
+| `decide(name, args)` | Evaluate policy without executing |
+| `call_tool(name, args)` | Execute tool through governance (proxy) |
+| `tools()` | List available tools |
+| `approvals()` | List pending approvals |
+| `approve(id)` / `deny(id)` | Resolve approval |
+| `grants()` | List active grants |
+| `create_grant(tools, duration)` | Create temporal grant |
+| `health()` / `is_healthy()` | Check mesh status |
+
+### `GovernedToolkit(agent, url)`
+
+| Method | Description |
+|---|---|
+| `@toolkit.tool` | Decorator to register a function |
+| `schemas()` | Generate Claude API tools array |
+| `execute(name, input)` | Governed execution |
+| `process_response(content)` | Process Claude response blocks |

flux7_mesh-0.1.0/README.md

@@ -0,0 +1,98 @@
+# agent-mesh Python SDK
+
+Governance mesh for AI agent tool calls. Wraps any Python function with policy enforcement, human approval, and tracing via [agent-mesh](https://github.com/KTCrisis/agent-mesh).
+
+## Install
+
+```bash
+pip install agent-mesh
+pip install agent-mesh[anthropic]  # with Claude API support
+```
+
+## Quick start
+
+### Direct client
+
+```python
+from agent_mesh import AgentMesh
+
+mesh = AgentMesh("http://localhost:9090", agent="my-agent")
+
+# Check what's available
+tools = mesh.tools()
+health = mesh.health()
+
+# Policy check only (POST /decide) — no execution
+decision = mesh.decide("filesystem.write_file", {"path": "/tmp/x"})
+print(decision.action)  # allow | deny | human_approval
+
+# Full proxy (POST /tool/{name}) — policy + execute + trace
+decision = mesh.call_tool("filesystem.read_file", {"path": "/tmp/data.txt"})
+print(decision.result)
+
+# Manage grants
+mesh.create_grant("filesystem.*", "30m")
+mesh.revoke_grant("grant-id")
+```
+
+### GovernedToolkit (Claude API)
+
+```python
+from agent_mesh import GovernedToolkit
+
+toolkit = GovernedToolkit(agent="my-agent")
+
+@toolkit.tool
+def get_weather(city: str) -> str:
+    """Get current weather for a city."""
+    return fetch_weather(city)
+
+@toolkit.tool
+def send_email(to: str, subject: str, body: str) -> str:
+    """Send an email."""
+    return smtp_send(to, subject, body)
+
+# Generate tools[] for Claude API
+schemas = toolkit.schemas()
+
+# Process tool_use blocks with governance
+response = client.messages.create(model="claude-sonnet-4-6", tools=schemas, ...)
+results = toolkit.process_response([b.model_dump() for b in response.content])
+```
+
+The toolkit:
+1. **`schemas()`** — generates the `tools[]` array from Python function signatures
+2. **`process_response()`** — intercepts `tool_use` blocks, checks policy via agent-mesh, executes locally if allowed
+3. **`execute()`** — single tool call with governance
+
+## Prerequisites
+
+agent-mesh daemon running:
+
+```bash
+agent-mesh serve --config config.yaml
+```
+
+## API
+
+### `AgentMesh(url, agent, timeout)`
+
+| Method | Description |
+|---|---|
+| `decide(name, args)` | Evaluate policy without executing |
+| `call_tool(name, args)` | Execute tool through governance (proxy) |
+| `tools()` | List available tools |
+| `approvals()` | List pending approvals |
+| `approve(id)` / `deny(id)` | Resolve approval |
+| `grants()` | List active grants |
+| `create_grant(tools, duration)` | Create temporal grant |
+| `health()` / `is_healthy()` | Check mesh status |
+
+### `GovernedToolkit(agent, url)`
+
+| Method | Description |
+|---|---|
+| `@toolkit.tool` | Decorator to register a function |
+| `schemas()` | Generate Claude API tools array |
+| `execute(name, input)` | Governed execution |
+| `process_response(content)` | Process Claude response blocks |

flux7_mesh-0.1.0/examples/claude_api.py

@@ -0,0 +1,53 @@
+"""Example: governed tool use with the Claude API.
+
+Requires: pip install agent-mesh[anthropic]
+Requires: agent-mesh daemon running on localhost:9090
+"""
+from agent_mesh import GovernedToolkit
+
+toolkit = GovernedToolkit(agent="my-agent")
+
+
+@toolkit.tool
+def get_weather(city: str) -> str:
+    """Get current weather for a city."""
+    return f"22C and sunny in {city}"
+
+
+@toolkit.tool
+def send_email(to: str, subject: str, body: str) -> str:
+    """Send an email to a recipient."""
+    print(f"  -> sending email to {to}")
+    return f"email sent to {to}"
+
+
+def main():
+    import anthropic
+
+    client = anthropic.Anthropic()
+    messages = [{"role": "user", "content": "What's the weather in Paris? Then email the result to alice@example.com"}]
+
+    while True:
+        response = client.messages.create(
+            model="claude-sonnet-4-6",
+            max_tokens=1024,
+            tools=toolkit.schemas(),
+            messages=messages,
+        )
+
+        if response.stop_reason == "end_turn":
+            for block in response.content:
+                if hasattr(block, "text"):
+                    print(block.text)
+            break
+
+        if response.stop_reason == "tool_use":
+            tool_results = toolkit.process_response(
+                [b.model_dump() for b in response.content]
+            )
+            messages.append({"role": "assistant", "content": [b.model_dump() for b in response.content]})
+            messages.append({"role": "user", "content": tool_results})
+
+
+if __name__ == "__main__":
+    main()

flux7_mesh-0.1.0/pyproject.toml

@@ -0,0 +1,22 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "flux7-mesh"
+version = "0.1.0"
+description = "Python SDK for agent-mesh — governance mesh for AI agent tool calls"
+readme = "README.md"
+license = "MIT"
+requires-python = ">=3.10"
+dependencies = ["requests>=2.28"]
+
+[project.optional-dependencies]
+anthropic = ["anthropic>=0.40"]
+
+[project.urls]
+Homepage = "https://github.com/KTCrisis/agent-mesh"
+Repository = "https://github.com/KTCrisis/agent-mesh"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/agent_mesh"]

flux7_mesh-0.1.0/src/agent_mesh/__init__.py

@@ -0,0 +1,5 @@
+from agent_mesh.client import AgentMesh, Decision
+from agent_mesh.toolkit import GovernedToolkit, tool
+
+__all__ = ["AgentMesh", "Decision", "GovernedToolkit", "tool"]
+__version__ = "0.1.0"

flux7_mesh-0.1.0/src/agent_mesh/client.py

@@ -0,0 +1,191 @@
+"""agent-mesh Python SDK — governance mesh for AI agent tool calls.
+
+Usage::
+
+    from agent_mesh import AgentMesh
+
+    mesh = AgentMesh("http://localhost:9090", agent="my-agent")
+    decision = mesh.decide("filesystem.write_file", {"path": "/tmp/x"})
+    print(decision.action)  # "allow" | "deny" | "human_approval"
+
+    tools = mesh.tools()
+    health = mesh.health()
+"""
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from enum import Enum
+from typing import Any
+
+import requests
+
+
+class Action(str, Enum):
+    ALLOW = "allow"
+    DENY = "deny"
+    HUMAN_APPROVAL = "human_approval"
+    ERROR = "error"
+
+
+@dataclass
+class Decision:
+    action: Action
+    tool: str
+    result: str = ""
+    error: str = ""
+    approval_id: str = ""
+
+
+@dataclass
+class Tool:
+    name: str
+    description: str = ""
+    source: str = ""
+
+
+class AgentMeshError(Exception):
+    pass
+
+
+class AgentMesh:
+    def __init__(
+        self,
+        url: str = "http://localhost:9090",
+        agent: str = "default",
+        timeout: int = 300,
+    ) -> None:
+        self._url = url.rstrip("/")
+        self._agent = agent
+        self._timeout = timeout
+        self._session = requests.Session()
+        self._session.headers["Authorization"] = f"Bearer agent:{agent}"
+        self._session.headers["Content-Type"] = "application/json"
+
+    def decide(self, name: str, arguments: dict[str, Any] | None = None) -> Decision:
+        """Evaluate policy without executing. Returns allow/deny/human_approval."""
+        resp = self._session.post(
+            f"{self._url}/decide",
+            json={"agent": self._agent, "tool": name, "arguments": arguments or {}},
+            timeout=self._timeout,
+        )
+        body = resp.json() if resp.content else {}
+        action = body.get("action", "error")
+        try:
+            act = Action(action)
+        except ValueError:
+            act = Action.ERROR
+        return Decision(
+            action=act,
+            tool=name,
+            error=body.get("reason", "") if act == Action.DENY else "",
+        )
+
+    def call_tool(self, name: str, arguments: dict[str, Any] | None = None) -> Decision:
+        """Execute a tool call through agent-mesh (policy + execute + trace)."""
+        resp = self._session.post(
+            f"{self._url}/tool/{name}",
+            json=arguments or {},
+            timeout=self._timeout,
+        )
+        if resp.status_code == 403:
+            return Decision(action=Action.DENY, tool=name, error="denied by policy")
+        if resp.status_code == 202:
+            body = resp.json() if resp.content else {}
+            return Decision(
+                action=Action.HUMAN_APPROVAL,
+                tool=name,
+                approval_id=body.get("approval_id", ""),
+            )
+        if resp.status_code >= 400:
+            return Decision(
+                action=Action.ERROR,
+                tool=name,
+                error=f"HTTP {resp.status_code}: {resp.text}",
+            )
+        return Decision(
+            action=Action.ALLOW,
+            tool=name,
+            result=resp.text,
+        )
+
+    def tools(self) -> list[Tool]:
+        """List all available tools."""
+        resp = self._session.get(f"{self._url}/tools", timeout=self._timeout)
+        resp.raise_for_status()
+        items = resp.json()
+        return [
+            Tool(
+                name=t.get("name", ""),
+                description=t.get("description", ""),
+                source=t.get("source", ""),
+            )
+            for t in items
+        ]
+
+    def approvals(self) -> list[dict[str, Any]]:
+        """List pending approvals."""
+        resp = self._session.get(f"{self._url}/approvals", timeout=self._timeout)
+        resp.raise_for_status()
+        return resp.json()
+
+    def approve(self, approval_id: str) -> bool:
+        """Approve a pending request."""
+        resp = self._session.post(
+            f"{self._url}/approvals/{approval_id}/approve",
+            timeout=self._timeout,
+        )
+        return resp.status_code == 200
+
+    def deny(self, approval_id: str) -> bool:
+        """Deny a pending request."""
+        resp = self._session.post(
+            f"{self._url}/approvals/{approval_id}/deny",
+            timeout=self._timeout,
+        )
+        return resp.status_code == 200
+
+    def grants(self) -> list[dict[str, Any]]:
+        """List active grants."""
+        resp = self._session.get(f"{self._url}/grants", timeout=self._timeout)
+        resp.raise_for_status()
+        return resp.json()
+
+    def create_grant(self, tools: str, duration: str) -> dict[str, Any]:
+        """Create a temporal grant."""
+        resp = self._session.post(
+            f"{self._url}/grants",
+            json={"agent": self._agent, "tools": tools, "duration": duration},
+            timeout=self._timeout,
+        )
+        resp.raise_for_status()
+        return resp.json()
+
+    def revoke_grant(self, grant_id: str) -> bool:
+        """Revoke an active grant."""
+        resp = self._session.delete(
+            f"{self._url}/grants/{grant_id}",
+            timeout=self._timeout,
+        )
+        return resp.status_code == 200
+
+    def traces(self, limit: int = 100) -> list[dict[str, Any]]:
+        """Get recent traces."""
+        resp = self._session.get(
+            f"{self._url}/traces",
+            params={"limit": limit},
+            timeout=self._timeout,
+        )
+        resp.raise_for_status()
+        return resp.json()
+
+    def health(self) -> dict[str, Any]:
+        """Get mesh health status."""
+        try:
+            resp = self._session.get(f"{self._url}/health", timeout=5)
+            resp.raise_for_status()
+            return resp.json()
+        except requests.RequestException:
+            return {"status": "unreachable"}
+
+    def is_healthy(self) -> bool:
+        return self.health().get("status") == "ok"

flux7_mesh-0.1.0/src/agent_mesh/toolkit.py

@@ -0,0 +1,167 @@
+"""GovernedToolkit — wrap Python functions as governed tools for the Claude API.
+
+Usage::
+
+    from agent_mesh import GovernedToolkit
+
+    toolkit = GovernedToolkit(agent="my-agent")
+
+    @toolkit.tool
+    def get_weather(city: str) -> str:
+        \"\"\"Get current weather for a city.\"\"\"
+        return fetch_weather(city)
+
+    # Generate tools[] for Claude API
+    schemas = toolkit.schemas()
+
+    # Execute tool_use blocks with governance
+    result = toolkit.execute(tool_name, tool_input)
+"""
+from __future__ import annotations
+
+import inspect
+import json
+from typing import Any, Callable, get_type_hints
+
+from agent_mesh.client import Action, AgentMesh, AgentMeshError, Decision
+
+
+def _python_type_to_json(t: Any) -> str:
+    mapping = {str: "string", int: "integer", float: "number", bool: "boolean"}
+    return mapping.get(t, "string")
+
+
+def _build_schema(func: Callable) -> dict[str, Any]:
+    """Build a JSON Schema input_schema from a function's signature and type hints."""
+    hints = get_type_hints(func)
+    sig = inspect.signature(func)
+    properties: dict[str, Any] = {}
+    required: list[str] = []
+
+    for name, param in sig.parameters.items():
+        prop: dict[str, Any] = {"type": _python_type_to_json(hints.get(name, str))}
+        desc = ""
+        if func.__doc__:
+            for line in func.__doc__.splitlines():
+                stripped = line.strip()
+                if stripped.startswith(f":param {name}:") or stripped.startswith(f"{name}:"):
+                    desc = stripped.split(":", 2)[-1].strip()
+                    break
+        if desc:
+            prop["description"] = desc
+        properties[name] = prop
+        if param.default is inspect.Parameter.empty:
+            required.append(name)
+
+    schema: dict[str, Any] = {"type": "object", "properties": properties}
+    if required:
+        schema["required"] = required
+    return schema
+
+
+def tool(func: Callable) -> Callable:
+    """Standalone decorator — marks a function as a governed tool."""
+    func._is_governed_tool = True  # type: ignore[attr-defined]
+    return func
+
+
+class GovernedToolkit:
+    def __init__(
+        self,
+        agent: str = "default",
+        url: str = "http://localhost:9090",
+        mesh: AgentMesh | None = None,
+    ) -> None:
+        self._mesh = mesh or AgentMesh(url=url, agent=agent)
+        self._tools: dict[str, Callable] = {}
+
+    def tool(self, func: Callable) -> Callable:
+        """Register a function as a governed tool."""
+        self._tools[func.__name__] = func
+        func._is_governed_tool = True  # type: ignore[attr-defined]
+        return func
+
+    def register(self, func: Callable, name: str | None = None) -> None:
+        """Register a function programmatically."""
+        key = name or func.__name__
+        self._tools[key] = func
+
+    def schemas(self) -> list[dict[str, Any]]:
+        """Generate the tools[] array for the Claude API messages endpoint."""
+        result = []
+        for name, func in self._tools.items():
+            result.append({
+                "name": name,
+                "description": (func.__doc__ or "").strip().split("\n")[0],
+                "input_schema": _build_schema(func),
+            })
+        return result
+
+    def execute(self, tool_name: str, tool_input: dict[str, Any]) -> Decision:
+        """Execute a tool call with governance: decide via mesh, then run locally."""
+        if tool_name not in self._tools:
+            return Decision(
+                action=Action.ERROR,
+                tool=tool_name,
+                error=f"unknown tool: {tool_name}",
+            )
+        decision = self._mesh.decide(tool_name, tool_input)
+        if decision.action != Action.ALLOW:
+            return decision
+        try:
+            result = self._tools[tool_name](**tool_input)
+            decision.result = str(result) if result is not None else ""
+        except Exception as e:
+            decision.action = Action.ERROR
+            decision.error = str(e)
+        return decision
+
+    def execute_local(self, tool_name: str, tool_input: dict[str, Any]) -> Decision:
+        """Execute locally without going through mesh (for tools not proxied)."""
+        if tool_name not in self._tools:
+            return Decision(
+                action=Action.ERROR,
+                tool=tool_name,
+                error=f"unknown tool: {tool_name}",
+            )
+        try:
+            result = self._tools[tool_name](**tool_input)
+            return Decision(
+                action=Action.ALLOW,
+                tool=tool_name,
+                result=str(result) if result is not None else "",
+            )
+        except Exception as e:
+            return Decision(action=Action.ERROR, tool=tool_name, error=str(e))
+
+    def process_response(self, content: list[dict[str, Any]]) -> list[dict[str, Any]]:
+        """Process tool_use blocks from a Claude API response.
+
+        Returns tool_result blocks ready to send back.
+        """
+        results = []
+        for block in content:
+            if block.get("type") != "tool_use":
+                continue
+            decision = self.execute(block["name"], block.get("input", {}))
+            if decision.action in (Action.DENY, Action.ERROR):
+                results.append({
+                    "type": "tool_result",
+                    "tool_use_id": block["id"],
+                    "is_error": True,
+                    "content": decision.error or f"denied: {decision.tool}",
+                })
+            elif decision.action == Action.HUMAN_APPROVAL:
+                results.append({
+                    "type": "tool_result",
+                    "tool_use_id": block["id"],
+                    "is_error": True,
+                    "content": f"awaiting human approval (id: {decision.approval_id})",
+                })
+            else:
+                results.append({
+                    "type": "tool_result",
+                    "tool_use_id": block["id"],
+                    "content": decision.result,
+                })
+        return results

flux7_mesh-0.1.0/tests/test_client.py

@@ -0,0 +1,170 @@
+"""Tests for the agent-mesh Python SDK client."""
+from __future__ import annotations
+
+from unittest.mock import MagicMock, patch
+
+import pytest
+
+from agent_mesh import AgentMesh, Decision
+from agent_mesh.client import Action, AgentMeshError, Tool
+
+
+@pytest.fixture
+def mesh():
+    return AgentMesh("http://localhost:9090", agent="test-agent")
+
+
+class TestInit:
+    def test_url_trailing_slash(self):
+        m = AgentMesh("http://localhost:9090/")
+        assert m._url == "http://localhost:9090"
+
+    def test_auth_header(self):
+        m = AgentMesh(agent="bot")
+        assert m._session.headers["Authorization"] == "Bearer agent:bot"
+
+    def test_default_url(self):
+        m = AgentMesh()
+        assert m._url == "http://localhost:9090"
+
+
+class TestDecide:
+    def test_allow(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.status_code = 200
+        mock_resp.content = b'{"action":"allow","rule":"allow-all","agent":"test-agent","tool":"fs.read"}'
+        mock_resp.json.return_value = {"action": "allow", "rule": "allow-all", "agent": "test-agent", "tool": "fs.read"}
+        with patch.object(mesh._session, "post", return_value=mock_resp) as mock_post:
+            d = mesh.decide("fs.read", {"path": "/tmp"})
+        assert d.action == Action.ALLOW
+        assert d.tool == "fs.read"
+        body = mock_post.call_args[1]["json"]
+        assert body["agent"] == "test-agent"
+        assert body["tool"] == "fs.read"
+        assert mock_post.call_args[0][0] == "http://localhost:9090/decide"
+
+    def test_deny(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.status_code = 403
+        mock_resp.content = b'{"action":"deny","reason":"blocked by policy"}'
+        mock_resp.json.return_value = {"action": "deny", "reason": "blocked by policy"}
+        with patch.object(mesh._session, "post", return_value=mock_resp):
+            d = mesh.decide("dangerous.tool", {})
+        assert d.action == Action.DENY
+        assert "blocked" in d.error
+
+    def test_human_approval(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.status_code = 200
+        mock_resp.content = b'{"action":"human_approval","rule":"needs-approval"}'
+        mock_resp.json.return_value = {"action": "human_approval", "rule": "needs-approval"}
+        with patch.object(mesh._session, "post", return_value=mock_resp):
+            d = mesh.decide("fs.write", {})
+        assert d.action == Action.HUMAN_APPROVAL
+
+
+class TestCallTool:
+    def test_allowed(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.status_code = 200
+        mock_resp.text = '{"result": "ok"}'
+        with patch.object(mesh._session, "post", return_value=mock_resp) as mock_post:
+            d = mesh.call_tool("mesh.catalog", {})
+        assert d.action == Action.ALLOW
+        assert d.tool == "mesh.catalog"
+        assert d.result == '{"result": "ok"}'
+        assert mock_post.call_args[0][0] == "http://localhost:9090/tool/mesh.catalog"
+
+    def test_denied(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.status_code = 403
+        with patch.object(mesh._session, "post", return_value=mock_resp):
+            d = mesh.call_tool("dangerous.tool", {})
+        assert d.action == Action.DENY
+
+    def test_human_approval(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.status_code = 202
+        mock_resp.content = b'{"approval_id": "abc123"}'
+        mock_resp.json.return_value = {"approval_id": "abc123"}
+        with patch.object(mesh._session, "post", return_value=mock_resp):
+            d = mesh.call_tool("fs.write", {"path": "/etc/passwd"})
+        assert d.action == Action.HUMAN_APPROVAL
+        assert d.approval_id == "abc123"
+
+    def test_server_error(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.status_code = 500
+        mock_resp.text = "internal error"
+        with patch.object(mesh._session, "post", return_value=mock_resp):
+            d = mesh.call_tool("broken", {})
+        assert d.action == Action.ERROR
+        assert "500" in d.error
+
+
+class TestTools:
+    def test_list_tools(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.json.return_value = [
+            {"name": "fs.read", "description": "Read a file", "source": "filesystem"},
+            {"name": "git.status", "description": "Git status", "source": "git"},
+        ]
+        mock_resp.raise_for_status = MagicMock()
+        with patch.object(mesh._session, "get", return_value=mock_resp):
+            tools = mesh.tools()
+        assert len(tools) == 2
+        assert isinstance(tools[0], Tool)
+        assert tools[0].name == "fs.read"
+        assert tools[1].source == "git"
+
+
+class TestApprovals:
+    def test_approve(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.status_code = 200
+        with patch.object(mesh._session, "post", return_value=mock_resp) as mock_post:
+            assert mesh.approve("abc123") is True
+        assert "/approvals/abc123/approve" in mock_post.call_args[0][0]
+
+    def test_deny(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.status_code = 200
+        with patch.object(mesh._session, "post", return_value=mock_resp):
+            assert mesh.deny("abc123") is True
+
+
+class TestGrants:
+    def test_create_grant(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.json.return_value = {"id": "g1", "tools": "fs.*", "duration": "30m"}
+        mock_resp.raise_for_status = MagicMock()
+        with patch.object(mesh._session, "post", return_value=mock_resp) as mock_post:
+            g = mesh.create_grant("fs.*", "30m")
+        assert g["id"] == "g1"
+        body = mock_post.call_args[1]["json"]
+        assert body["agent"] == "test-agent"
+        assert body["tools"] == "fs.*"
+
+    def test_revoke_grant(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.status_code = 200
+        with patch.object(mesh._session, "delete", return_value=mock_resp):
+            assert mesh.revoke_grant("g1") is True
+
+
+class TestHealth:
+    def test_healthy(self, mesh):
+        mock_resp = MagicMock()
+        mock_resp.json.return_value = {"status": "ok", "tools": 42}
+        mock_resp.raise_for_status = MagicMock()
+        with patch.object(mesh._session, "get", return_value=mock_resp):
+            assert mesh.is_healthy() is True
+
+    def test_unreachable(self, mesh):
+        with patch.object(mesh._session, "get", side_effect=requests.ConnectionError):
+            h = mesh.health()
+            assert h["status"] == "unreachable"
+            assert mesh.is_healthy() is False
+
+
+import requests

flux7_mesh-0.1.0/tests/test_toolkit.py

@@ -0,0 +1,134 @@
+"""Tests for the GovernedToolkit."""
+from __future__ import annotations
+
+from unittest.mock import MagicMock, patch
+
+import pytest
+
+from agent_mesh import GovernedToolkit
+from agent_mesh.client import Action, AgentMesh, Decision
+
+
+@pytest.fixture
+def toolkit():
+    tk = GovernedToolkit(agent="test", url="http://localhost:9090")
+
+    @tk.tool
+    def get_weather(city: str, units: str = "celsius") -> str:
+        """Get current weather for a city."""
+        return f"sunny in {city}"
+
+    @tk.tool
+    def add_numbers(a: int, b: int) -> int:
+        """Add two numbers."""
+        return a + b
+
+    return tk
+
+
+class TestSchemas:
+    def test_generates_schemas(self, toolkit):
+        schemas = toolkit.schemas()
+        assert len(schemas) == 2
+        weather = next(s for s in schemas if s["name"] == "get_weather")
+        assert weather["description"] == "Get current weather for a city."
+        assert weather["input_schema"]["properties"]["city"]["type"] == "string"
+        assert weather["input_schema"]["properties"]["units"]["type"] == "string"
+        assert "city" in weather["input_schema"]["required"]
+        assert "units" not in weather["input_schema"]["required"]
+
+    def test_integer_types(self, toolkit):
+        schemas = toolkit.schemas()
+        add = next(s for s in schemas if s["name"] == "add_numbers")
+        assert add["input_schema"]["properties"]["a"]["type"] == "integer"
+        assert add["input_schema"]["required"] == ["a", "b"]
+
+
+class TestExecute:
+    def test_allowed_runs_locally(self, toolkit):
+        mock_decision = Decision(action=Action.ALLOW, tool="get_weather", result="")
+        with patch.object(toolkit._mesh, "decide", return_value=mock_decision):
+            d = toolkit.execute("get_weather", {"city": "Paris"})
+        assert d.action == Action.ALLOW
+        assert d.result == "sunny in Paris"
+
+    def test_denied_does_not_run(self, toolkit):
+        mock_decision = Decision(action=Action.DENY, tool="get_weather", error="denied")
+        with patch.object(toolkit._mesh, "decide", return_value=mock_decision):
+            d = toolkit.execute("get_weather", {"city": "Paris"})
+        assert d.action == Action.DENY
+        assert d.result == ""
+
+    def test_unknown_tool(self, toolkit):
+        d = toolkit.execute("nonexistent", {})
+        assert d.action == Action.ERROR
+        assert "unknown tool" in d.error
+
+    def test_function_exception(self, toolkit):
+        def failing_tool():
+            raise ValueError("boom")
+
+        toolkit.register(failing_tool, "failing")
+        mock_decision = Decision(action=Action.ALLOW, tool="failing", result="")
+        with patch.object(toolkit._mesh, "decide", return_value=mock_decision):
+            d = toolkit.execute("failing", {})
+        assert d.action == Action.ERROR
+        assert "boom" in d.error
+
+
+class TestProcessResponse:
+    def test_processes_tool_use_blocks(self, toolkit):
+        mock_decision = Decision(action=Action.ALLOW, tool="get_weather", result="")
+        with patch.object(toolkit._mesh, "decide", return_value=mock_decision):
+            results = toolkit.process_response([
+                {"type": "text", "text": "Let me check the weather."},
+                {"type": "tool_use", "id": "tu_1", "name": "get_weather", "input": {"city": "Lyon"}},
+            ])
+        assert len(results) == 1
+        assert results[0]["type"] == "tool_result"
+        assert results[0]["tool_use_id"] == "tu_1"
+        assert results[0]["content"] == "sunny in Lyon"
+
+    def test_denied_tool_returns_error(self, toolkit):
+        mock_decision = Decision(action=Action.DENY, tool="get_weather", error="denied by policy")
+        with patch.object(toolkit._mesh, "decide", return_value=mock_decision):
+            results = toolkit.process_response([
+                {"type": "tool_use", "id": "tu_2", "name": "get_weather", "input": {"city": "Lyon"}},
+            ])
+        assert results[0]["is_error"] is True
+        assert "denied" in results[0]["content"]
+
+    def test_approval_pending(self, toolkit):
+        mock_decision = Decision(
+            action=Action.HUMAN_APPROVAL, tool="get_weather", approval_id="ap_123"
+        )
+        with patch.object(toolkit._mesh, "decide", return_value=mock_decision):
+            results = toolkit.process_response([
+                {"type": "tool_use", "id": "tu_3", "name": "get_weather", "input": {"city": "Lyon"}},
+            ])
+        assert results[0]["is_error"] is True
+        assert "ap_123" in results[0]["content"]
+
+
+class TestRegister:
+    def test_register_programmatic(self):
+        tk = GovernedToolkit(agent="test")
+
+        def my_func(x: str) -> str:
+            """Do something."""
+            return x.upper()
+
+        tk.register(my_func, "custom_name")
+        schemas = tk.schemas()
+        assert schemas[0]["name"] == "custom_name"
+
+
+class TestExecuteLocal:
+    def test_runs_without_mesh(self, toolkit):
+        d = toolkit.execute_local("add_numbers", {"a": 3, "b": 4})
+        assert d.action == Action.ALLOW
+        assert d.result == "7"
+
+    def test_unknown_tool(self, toolkit):
+        d = toolkit.execute_local("nope", {})
+        assert d.action == Action.ERROR