PyPI - hexgate - Versions diffs - 0.2.1__tar.gz → 0.2.3__tar.gz - Mend

hexgate 0.2.1tar.gz → 0.2.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

hexgate-0.2.3/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Hexamind
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

{hexgate-0.2.1/hexgate.egg-info → hexgate-0.2.3}/PKG-INFO RENAMED Viewed

@@ -1,9 +1,11 @@
 Metadata-Version: 2.4
 Name: hexgate
-Version: 0.2.1
-Summary: HexaGate — authorization infrastructure for AI agents (agent runtime + cloud client).
+Version: 0.2.3
+Summary: Hexgate — authorization infrastructure for AI agents (agent runtime + cloud client).
+License-Expression: MIT
 Requires-Python: >=3.13
 Description-Content-Type: text/markdown
+License-File: LICENSE
 Requires-Dist: bashlex>=0.18
 Requires-Dist: biscuit-python>=0.4
 Requires-Dist: cryptography>=42
@@ -33,21 +35,86 @@ Requires-Dist: jupyter; extra == "dev"
 Requires-Dist: pytest>=8.4.1; extra == "dev"
 Requires-Dist: pytest-asyncio>=1.0.0; extra == "dev"
 Requires-Dist: ruff>=0.12.2; extra == "dev"
+Dynamic: license-file
-# hexgate
+<div align="center">
-`hexgate` is a lightweight LangChain-based agent runtime built around:
+<img src="./icon.svg" alt="Hexgate" width="96" height="96" />
-- `langchain`
-- `gpt-5.4`
-- `Linkup` web search
-- Tavily-based page fetch
-- `Langfuse` tracing
+# Hexgate
-This package is intentionally small. The first milestone is a single assistant with:
+**Authorization infrastructure for AI agents.**
+Policy enforcement, signed policy bundles, per-request user scope, audit trail — for OpenAI Agents, LangChain, Google ADK, Pydantic AI, or a native runtime.
-- `web_search`
-- `fetch`
+[**Website**](https://hexgate.ai) · [Docs](https://docs.hexgate.ai) · [PyPI](https://pypi.org/project/hexgate/) · [Discussions](https://github.com/HexamindOrganisation/hexgate/discussions)
+[![PyPI](https://img.shields.io/pypi/v/hexgate?color=blue&logo=pypi&logoColor=white)](https://pypi.org/project/hexgate/)
+[![CI](https://github.com/HexamindOrganisation/hexgate/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/HexamindOrganisation/hexgate/actions/workflows/tests.yml)
+[![Downloads](https://img.shields.io/pypi/dm/hexgate?color=blueviolet)](https://pypi.org/project/hexgate/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+<br />
+<img src="./assets/hero.png" alt="Control what your agents do — not just what they say. Policy decisions streaming live from the PolicyEnforcer." />
+<br />
+[Quick Start](#-quick-start--local-cli) · [Two paths](#-which-path-do-i-pick) · [Framework adapters](#-framework-agent-wrapping) · [Policy bundles](#-policy-bundles--compile-sign-enforce-wasm) · [User scope](#-user-scope--roles) · [Platform](#-hexgate-platform)
+</div>
+---
+## What is Hexgate?
+Hexgate is two things that move together:
+- **`hexgate` — the SDK.** A Python runtime that gates every tool call through a typed `Decision` (allow / deny / approval-required), wraps your existing OpenAI / LangChain / Google ADK / Pydantic AI agent without rewriting it, and threads per-request user identity through tracing + audit.
+- **The Hexgate platform** *(optional)* — a FastAPI control plane + React dashboard for editing policy in a browser, minting per-project tokens, watching live decisions stream from a serving agent, and shipping signed WASM policy bundles to production.
+You can use the SDK with nothing else (single-process REPL, YAML on disk). Or plug in the platform when you want auditable decisions in ClickHouse, a shared Playground UI, and live policy edits.
+```text
+                      ┌─────────────────────────────────────────┐
+   your code  ───►    │   create_agent / wrap_*_agent / Runner  │
+                      │            ↓                            │
+                      │     PolicyEnforcer.decide(role, tool)   │
+                      │            ↓                            │
+                      │   allow · deny · approval_required      │
+                      └────────────────────┬────────────────────┘
+                                           │
+                  ┌────────────────────────┼─────────────────────────┐
+                  ▼                        ▼                         ▼
+        ┌────────────────┐       ┌──────────────────┐       ┌────────────────┐
+        │  Local policy  │       │ Signed WASM      │       │   Audit log    │
+        │  (YAML / dir,  │       │ bundle from      │       │   (ClickHouse  │
+        │  hot reload)   │       │ Hexgate cloud   │       │   via REST)    │
+        └────────────────┘       └──────────────────┘       └────────────────┘
+```
+## Table of contents
+- [Prerequisites](#-prerequisites)
+- [Quick Start — Local CLI](#-quick-start--local-cli)
+- [Which path do I pick?](#-which-path-do-i-pick) — chat vs serve
+- [Quick Start — Platform](#-quick-start--platform)
+- [Core primitives](#-core-primitives)
+- [Build an agent — end to end](#-build-an-agent--end-to-end)
+- [What you can import](#-what-you-can-import)
+- [Framework agent wrapping](#-framework-agent-wrapping) — OpenAI, LangChain, Google ADK, Pydantic AI
+- [Define agents in code](#-define-agents-in-code)
+- [Builtin and local agents](#-builtin-and-local-agents)
+- [Policy shape](#-policy-shape)
+- [Tool-call policy enforcement](#-tool-call-policy-enforcement)
+- [Policy bundles — compile, sign, enforce (WASM)](#-policy-bundles--compile-sign-enforce-wasm)
+- [Approval-required tool calls](#-approval-required-tool-calls)
+- [Workspace sandbox](#-workspace-sandbox)
+- [Environment](#-environment)
+- [Tests & dev tooling](#-tests--dev-tooling)
+- [CLI reference](#-cli-reference)
+- [Hexgate platform](#-hexgate-platform)
+- [User scope + roles](#-user-scope--roles)
+- [Stream results](#-stream-results)
 ## 🛠️ Prerequisites
@@ -119,7 +186,7 @@ Both commands accept either a plain agent id (`--agent researcher`) or a uvicorn
 ## 🚀 Quick Start — Platform
-To run the full HexaGate control plane locally (FastAPI backend + dashboard + your local agent serving over WebSocket), you need **three terminals**. The Makefile has a target that prints the recipe:
+To run the full Hexgate control plane locally (FastAPI backend + dashboard + your local agent serving over WebSocket), you need **three terminals**. The Makefile has a target that prints the recipe:
 ```bash
 make demo-platform     # prints the 3-terminal recipe below
@@ -602,7 +669,7 @@ What happens under the hood:
 Working scripts in `examples/`:
-- `examples/customer_bot.py` — canonical HexaGate path: `create_agent(...)` + the dashboard register/serve loop end-to-end.
+- `examples/customer_bot.py` — canonical Hexgate path: `create_agent(...)` + the dashboard register/serve loop end-to-end.
 - `examples/openai_demo.py` — `HexgateRunner` (OpenAI Agents SDK) end-to-end.
 - `examples/google_demo.py` — `HexgateRunner` (Google ADK) end-to-end with `InMemorySessionService`.
 - `examples/pydantic_ai_demo.py` — `wrap_pydantic_agent` (Pydantic AI) end-to-end.
@@ -737,7 +804,7 @@ That means the same agent code can stay simple in development, while deployment
 ## 🧩 Policy Bundles — Compile, Sign, Enforce (WASM)
-HexaGate has **two policy enforcement engines** that return identical decisions (there's a parity test suite that proves it):
+Hexgate has **two policy enforcement engines** that return identical decisions (there's a parity test suite that proves it):
 - **pydantic** (default) — evaluates constraints in-process. Zero setup; this is what every example above uses.
 - **WASM** — compiles `policy.yaml` → Rego → a WebAssembly module evaluated via `wasmtime`. This is the path production ships: one compiled artifact, byte-for-byte reproducible, cryptographically signed by the platform.
@@ -1059,44 +1126,21 @@ The platform-side test suite is separate and lives at `platform/api/tests/`:
 cd platform/api && uv run pytest tests/
 ```
-## ▶️ Run It
-Install the package into your current environment:
-```bash
-python -m pip install -e .
-```
-Run the config-driven demo:
-```bash
-python examples/demo.py
-```
-Run the inline chat CLI with a local or builtin YAML agent:
-```bash
-hexgate chat --agent example_agent
-```
+## 🖥️ CLI reference
-Run the CLI with code-defined agents from a Python script:
+The `hexgate` binary exposes `chat`, `serve`, `register`, and `policy` subcommands. The [Quick Start](#-quick-start--local-cli) covers `chat`; this section drills into `register` and `serve` for the platform path.
 ```bash
+hexgate --help                                     # list subcommands
+hexgate <subcommand> --help                        # flags for a subcommand
+hexgate chat --list-agents                         # show resolvable agents
 hexgate chat --use examples/file_agents.py --agent workspace_explorer
-hexgate chat --use examples/file_agents.py --agent repo_editor
-hexgate chat --use examples/research_agents.py --agent update_researcher
 hexgate chat --use examples/research_agents.py --agent update_researcher --approval-mode ask
 ```
-List what the CLI can currently resolve:
-```bash
-hexgate chat --list-agents
-```
 ### `hexgate register` — push a manifest to the platform
-Register a code-defined agent's manifest with the HexaGate platform. `--agent`
+Register a code-defined agent's manifest with the Hexgate platform. `--agent`
 takes a Python import path of the form `module.path:attribute`, the same shape
 as ASGI/WSGI entrypoints. The CLI imports the module, grabs the agent object,
 and POSTs its manifest to `${HEXGATE_API_URL}/v1/agents` using
@@ -1135,7 +1179,7 @@ system prompt directly off the object. No flags needed.
 `--system-prompt` accepts either a literal string or a path to a `.md` /
 `.txt` / `.jinja` file (read as text at register time).
-Supported frameworks: OpenAI Agents SDK, Google ADK, Pydantic AI, LangChain/LangGraph, HexaGate agents.
+Supported frameworks: OpenAI Agents SDK, Google ADK, Pydantic AI, LangChain/LangGraph, Hexgate agents.
 ### `hexgate serve` — bridge a local agent to the platform's relay
@@ -1172,7 +1216,7 @@ print(manifest.model_dump())
 ```
 `create_manifest` dispatches on the framework of `agent`. The supported
-types are the same set `hexgate register` accepts: HexaGate, OpenAI Agents
+types are the same set `hexgate register` accepts: Hexgate, OpenAI Agents
 SDK, Google ADK, Pydantic AI, and LangChain/LangGraph compiled graphs.
 For LangGraph you must pass `tools=` explicitly, and may pass `model=` /
 `system_prompt=`, since compiled graphs don't expose those fields after
@@ -1182,7 +1226,7 @@ The return value is an `AgentManifest` (a Pydantic model, also re-exported
 from `hexgate` for type annotations) — the same schema the platform
 stores and the dashboard renders.
-## 🌐 HexaGate Platform
+## 🌐 Hexgate Platform
 The `platform/` directory contains an optional control plane that hosts agent definitions, dev tokens, and a live debug surface. The SDK works fully without it (`load_local_agent`, `load_builtin_agent` keep their existing semantics) — but with it you get:
@@ -1301,7 +1345,7 @@ the name from the loaded agent's `.name` attribute — no env var needed.
 ## 👤 User Scope + Roles
-Real backends serve many users, and different users get different capabilities. HexaGate splits that into two pieces:
+Real backends serve many users, and different users get different capabilities. Hexgate splits that into two pieces:
 - **`User`** — the per-request scope. Marks "this invocation acts on behalf of alice, in role X." Async context manager; pushes a fact-bearing Biscuit through the agent runtime.
 - **Role policies** — one `policy.yaml` per role, optionally inheriting from a base mixin. The runtime picks the right one at call time based on the active `User.role`.
@@ -1451,3 +1495,7 @@ async for event in stream_agent(agent, handler, "latest AI breakthroughs"):
 - assistant text deltas
 - tool lifecycle
 - final run completion
+---
+If Hexgate looks useful, [give it a ⭐ on GitHub](https://github.com/HexamindOrganisation/hexgate) — it helps more than you'd think. Built by [Hexamind](https://hexgate.ai).

hexgate-0.2.1/PKG-INFO → hexgate-0.2.3/README.md RENAMED Viewed

@@ -1,53 +1,81 @@
-Metadata-Version: 2.4
-Name: hexgate
-Version: 0.2.1
-Summary: HexaGate — authorization infrastructure for AI agents (agent runtime + cloud client).
-Requires-Python: >=3.13
-Description-Content-Type: text/markdown
-Requires-Dist: bashlex>=0.18
-Requires-Dist: biscuit-python>=0.4
-Requires-Dist: cryptography>=42
-Requires-Dist: httpx>=0.28.1
-Requires-Dist: langchain
-Requires-Dist: langchain-openai
-Requires-Dist: langchain-core
-Requires-Dist: langfuse
-Requires-Dist: pydantic>=2.12.4
-Requires-Dist: python-dotenv>=1.1.1
-Requires-Dist: pyyaml>=6.0.2
-Requires-Dist: rich>=13.9.4
-Requires-Dist: websockets>=13.0
-Requires-Dist: openai-agents>=0.0.10
-Requires-Dist: langgraph>=0.2
-Requires-Dist: nest_asyncio>=1.6
-Requires-Dist: openinference-instrumentation-openai-agents>=0.1
-Requires-Dist: google-adk>=1.0
-Requires-Dist: google-genai>=1.0
-Requires-Dist: litellm>=1.50
-Requires-Dist: openinference-instrumentation-google-adk>=0.1.11
-Requires-Dist: pydantic-ai-slim>=1.88.0
-Requires-Dist: wasmtime>=20.0
-Provides-Extra: dev
-Requires-Dist: ipykernel; extra == "dev"
-Requires-Dist: jupyter; extra == "dev"
-Requires-Dist: pytest>=8.4.1; extra == "dev"
-Requires-Dist: pytest-asyncio>=1.0.0; extra == "dev"
-Requires-Dist: ruff>=0.12.2; extra == "dev"
-# hexgate
-`hexgate` is a lightweight LangChain-based agent runtime built around:
-- `langchain`
-- `gpt-5.4`
-- `Linkup` web search
-- Tavily-based page fetch
-- `Langfuse` tracing
-This package is intentionally small. The first milestone is a single assistant with:
+<div align="center">
-- `web_search`
-- `fetch`
+<img src="./icon.svg" alt="Hexgate" width="96" height="96" />
+# Hexgate
+**Authorization infrastructure for AI agents.**
+Policy enforcement, signed policy bundles, per-request user scope, audit trail — for OpenAI Agents, LangChain, Google ADK, Pydantic AI, or a native runtime.
+[**Website**](https://hexgate.ai) · [Docs](https://docs.hexgate.ai) · [PyPI](https://pypi.org/project/hexgate/) · [Discussions](https://github.com/HexamindOrganisation/hexgate/discussions)
+[![PyPI](https://img.shields.io/pypi/v/hexgate?color=blue&logo=pypi&logoColor=white)](https://pypi.org/project/hexgate/)
+[![CI](https://github.com/HexamindOrganisation/hexgate/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/HexamindOrganisation/hexgate/actions/workflows/tests.yml)
+[![Downloads](https://img.shields.io/pypi/dm/hexgate?color=blueviolet)](https://pypi.org/project/hexgate/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+<br />
+<img src="./assets/hero.png" alt="Control what your agents do — not just what they say. Policy decisions streaming live from the PolicyEnforcer." />
+<br />
+[Quick Start](#-quick-start--local-cli) · [Two paths](#-which-path-do-i-pick) · [Framework adapters](#-framework-agent-wrapping) · [Policy bundles](#-policy-bundles--compile-sign-enforce-wasm) · [User scope](#-user-scope--roles) · [Platform](#-hexgate-platform)
+</div>
+---
+## What is Hexgate?
+Hexgate is two things that move together:
+- **`hexgate` — the SDK.** A Python runtime that gates every tool call through a typed `Decision` (allow / deny / approval-required), wraps your existing OpenAI / LangChain / Google ADK / Pydantic AI agent without rewriting it, and threads per-request user identity through tracing + audit.
+- **The Hexgate platform** *(optional)* — a FastAPI control plane + React dashboard for editing policy in a browser, minting per-project tokens, watching live decisions stream from a serving agent, and shipping signed WASM policy bundles to production.
+You can use the SDK with nothing else (single-process REPL, YAML on disk). Or plug in the platform when you want auditable decisions in ClickHouse, a shared Playground UI, and live policy edits.
+```text
+                      ┌─────────────────────────────────────────┐
+   your code  ───►    │   create_agent / wrap_*_agent / Runner  │
+                      │            ↓                            │
+                      │     PolicyEnforcer.decide(role, tool)   │
+                      │            ↓                            │
+                      │   allow · deny · approval_required      │
+                      └────────────────────┬────────────────────┘
+                                           │
+                  ┌────────────────────────┼─────────────────────────┐
+                  ▼                        ▼                         ▼
+        ┌────────────────┐       ┌──────────────────┐       ┌────────────────┐
+        │  Local policy  │       │ Signed WASM      │       │   Audit log    │
+        │  (YAML / dir,  │       │ bundle from      │       │   (ClickHouse  │
+        │  hot reload)   │       │ Hexgate cloud   │       │   via REST)    │
+        └────────────────┘       └──────────────────┘       └────────────────┘
+```
+## Table of contents
+- [Prerequisites](#-prerequisites)
+- [Quick Start — Local CLI](#-quick-start--local-cli)
+- [Which path do I pick?](#-which-path-do-i-pick) — chat vs serve
+- [Quick Start — Platform](#-quick-start--platform)
+- [Core primitives](#-core-primitives)
+- [Build an agent — end to end](#-build-an-agent--end-to-end)
+- [What you can import](#-what-you-can-import)
+- [Framework agent wrapping](#-framework-agent-wrapping) — OpenAI, LangChain, Google ADK, Pydantic AI
+- [Define agents in code](#-define-agents-in-code)
+- [Builtin and local agents](#-builtin-and-local-agents)
+- [Policy shape](#-policy-shape)
+- [Tool-call policy enforcement](#-tool-call-policy-enforcement)
+- [Policy bundles — compile, sign, enforce (WASM)](#-policy-bundles--compile-sign-enforce-wasm)
+- [Approval-required tool calls](#-approval-required-tool-calls)
+- [Workspace sandbox](#-workspace-sandbox)
+- [Environment](#-environment)
+- [Tests & dev tooling](#-tests--dev-tooling)
+- [CLI reference](#-cli-reference)
+- [Hexgate platform](#-hexgate-platform)
+- [User scope + roles](#-user-scope--roles)
+- [Stream results](#-stream-results)
 ## 🛠️ Prerequisites
@@ -119,7 +147,7 @@ Both commands accept either a plain agent id (`--agent researcher`) or a uvicorn
 ## 🚀 Quick Start — Platform
-To run the full HexaGate control plane locally (FastAPI backend + dashboard + your local agent serving over WebSocket), you need **three terminals**. The Makefile has a target that prints the recipe:
+To run the full Hexgate control plane locally (FastAPI backend + dashboard + your local agent serving over WebSocket), you need **three terminals**. The Makefile has a target that prints the recipe:
 ```bash
 make demo-platform     # prints the 3-terminal recipe below
@@ -602,7 +630,7 @@ What happens under the hood:
 Working scripts in `examples/`:
-- `examples/customer_bot.py` — canonical HexaGate path: `create_agent(...)` + the dashboard register/serve loop end-to-end.
+- `examples/customer_bot.py` — canonical Hexgate path: `create_agent(...)` + the dashboard register/serve loop end-to-end.
 - `examples/openai_demo.py` — `HexgateRunner` (OpenAI Agents SDK) end-to-end.
 - `examples/google_demo.py` — `HexgateRunner` (Google ADK) end-to-end with `InMemorySessionService`.
 - `examples/pydantic_ai_demo.py` — `wrap_pydantic_agent` (Pydantic AI) end-to-end.
@@ -737,7 +765,7 @@ That means the same agent code can stay simple in development, while deployment
 ## 🧩 Policy Bundles — Compile, Sign, Enforce (WASM)
-HexaGate has **two policy enforcement engines** that return identical decisions (there's a parity test suite that proves it):
+Hexgate has **two policy enforcement engines** that return identical decisions (there's a parity test suite that proves it):
 - **pydantic** (default) — evaluates constraints in-process. Zero setup; this is what every example above uses.
 - **WASM** — compiles `policy.yaml` → Rego → a WebAssembly module evaluated via `wasmtime`. This is the path production ships: one compiled artifact, byte-for-byte reproducible, cryptographically signed by the platform.
@@ -1059,44 +1087,21 @@ The platform-side test suite is separate and lives at `platform/api/tests/`:
 cd platform/api && uv run pytest tests/
 ```
-## ▶️ Run It
+## 🖥️ CLI reference
-Install the package into your current environment:
-```bash
-python -m pip install -e .
-```
-Run the config-driven demo:
-```bash
-python examples/demo.py
-```
-Run the inline chat CLI with a local or builtin YAML agent:
-```bash
-hexgate chat --agent example_agent
-```
-Run the CLI with code-defined agents from a Python script:
+The `hexgate` binary exposes `chat`, `serve`, `register`, and `policy` subcommands. The [Quick Start](#-quick-start--local-cli) covers `chat`; this section drills into `register` and `serve` for the platform path.
 ```bash
+hexgate --help                                     # list subcommands
+hexgate <subcommand> --help                        # flags for a subcommand
+hexgate chat --list-agents                         # show resolvable agents
 hexgate chat --use examples/file_agents.py --agent workspace_explorer
-hexgate chat --use examples/file_agents.py --agent repo_editor
-hexgate chat --use examples/research_agents.py --agent update_researcher
 hexgate chat --use examples/research_agents.py --agent update_researcher --approval-mode ask
 ```
-List what the CLI can currently resolve:
-```bash
-hexgate chat --list-agents
-```
 ### `hexgate register` — push a manifest to the platform
-Register a code-defined agent's manifest with the HexaGate platform. `--agent`
+Register a code-defined agent's manifest with the Hexgate platform. `--agent`
 takes a Python import path of the form `module.path:attribute`, the same shape
 as ASGI/WSGI entrypoints. The CLI imports the module, grabs the agent object,
 and POSTs its manifest to `${HEXGATE_API_URL}/v1/agents` using
@@ -1135,7 +1140,7 @@ system prompt directly off the object. No flags needed.
 `--system-prompt` accepts either a literal string or a path to a `.md` /
 `.txt` / `.jinja` file (read as text at register time).
-Supported frameworks: OpenAI Agents SDK, Google ADK, Pydantic AI, LangChain/LangGraph, HexaGate agents.
+Supported frameworks: OpenAI Agents SDK, Google ADK, Pydantic AI, LangChain/LangGraph, Hexgate agents.
 ### `hexgate serve` — bridge a local agent to the platform's relay
@@ -1172,7 +1177,7 @@ print(manifest.model_dump())
 ```
 `create_manifest` dispatches on the framework of `agent`. The supported
-types are the same set `hexgate register` accepts: HexaGate, OpenAI Agents
+types are the same set `hexgate register` accepts: Hexgate, OpenAI Agents
 SDK, Google ADK, Pydantic AI, and LangChain/LangGraph compiled graphs.
 For LangGraph you must pass `tools=` explicitly, and may pass `model=` /
 `system_prompt=`, since compiled graphs don't expose those fields after
@@ -1182,7 +1187,7 @@ The return value is an `AgentManifest` (a Pydantic model, also re-exported
 from `hexgate` for type annotations) — the same schema the platform
 stores and the dashboard renders.
-## 🌐 HexaGate Platform
+## 🌐 Hexgate Platform
 The `platform/` directory contains an optional control plane that hosts agent definitions, dev tokens, and a live debug surface. The SDK works fully without it (`load_local_agent`, `load_builtin_agent` keep their existing semantics) — but with it you get:
@@ -1301,7 +1306,7 @@ the name from the loaded agent's `.name` attribute — no env var needed.
 ## 👤 User Scope + Roles
-Real backends serve many users, and different users get different capabilities. HexaGate splits that into two pieces:
+Real backends serve many users, and different users get different capabilities. Hexgate splits that into two pieces:
 - **`User`** — the per-request scope. Marks "this invocation acts on behalf of alice, in role X." Async context manager; pushes a fact-bearing Biscuit through the agent runtime.
 - **Role policies** — one `policy.yaml` per role, optionally inheriting from a base mixin. The runtime picks the right one at call time based on the active `User.role`.
@@ -1451,3 +1456,7 @@ async for event in stream_agent(agent, handler, "latest AI breakthroughs"):
 - assistant text deltas
 - tool lifecycle
 - final run completion
+---
+If Hexgate looks useful, [give it a ⭐ on GitHub](https://github.com/HexamindOrganisation/hexgate) — it helps more than you'd think. Built by [Hexamind](https://hexgate.ai).

{hexgate-0.2.1 → hexgate-0.2.3}/hexgate/adapters/google/runner.py RENAMED Viewed

@@ -21,7 +21,7 @@ from hexgate.runtime import User
 class HexgateRunner:
-    """Runner for Google ADK agents with HexaGate tool policy and observability."""
+    """Runner for Google ADK agents with Hexgate tool policy and observability."""
     def __init__(
         self,
@@ -79,16 +79,32 @@ class HexgateRunner:
         user: User,
         **kwargs: Any,
     ) -> Generator[Any, None, None]:
-        """Run the Google ADK agent synchronously, yielding events."""
+        """Run the Google ADK agent synchronously, yielding events.
+        ADK's ``Runner.run`` drives the agent loop in a worker thread whose
+        context cannot see our :class:`User` scope, so the tools' enforcers
+        lose the active role. We drive ``run_async`` inline on a per-call loop
+        instead, keeping execution in this scoped thread.
+        """
         self._setup_observability()
         self._binding.refresh()  # per-run policy pull; 304 when unchanged
         with user.sync_scope(), self._propagate(user):
-            yield from self._runner.run(
+            agen = self._runner.run_async(
                 user_id=user.user_id,
                 session_id=user.session_id,
                 new_message=new_message,
                 **kwargs,
             )
+            loop = asyncio.new_event_loop()
+            try:
+                while True:
+                    try:
+                        yield loop.run_until_complete(agen.__anext__())
+                    except StopAsyncIteration:
+                        break
+            finally:
+                loop.run_until_complete(agen.aclose())
+                loop.close()
     async def run_async(
         self,

{hexgate-0.2.1 → hexgate-0.2.3}/hexgate/adapters/langchain/agent.py RENAMED Viewed

@@ -1,4 +1,4 @@
-"""Proxy around a pre-built ``CompiledStateGraph`` for HexaGate-aware calls."""
+"""Proxy around a pre-built ``CompiledStateGraph`` for Hexgate-aware calls."""
 from __future__ import annotations
@@ -60,7 +60,7 @@ class HexgateLangchainAgent:
         }
     def _with_callbacks(self, config: RunnableConfig | None) -> RunnableConfig:
-        """Append the HexaGate callback handler to ``config['callbacks']``."""
+        """Append the Hexgate callback handler to ``config['callbacks']``."""
         merged: RunnableConfig = dict(config) if config else {}
         callbacks = list(merged.get("callbacks") or [])
         if self._callback_handler not in callbacks:

{hexgate-0.2.1 → hexgate-0.2.3}/hexgate/adapters/langchain/wrapper.py RENAMED Viewed

@@ -1,5 +1,5 @@
 """BYO-graph entry point: retrofit a pre-built ``CompiledStateGraph`` with
-HexaGate policy. Tools are mutated in place so the graph keeps its
+Hexgate policy. Tools are mutated in place so the graph keeps its
 references; the returned :class:`HexgateLangchainAgent` opens a User
 scope + Langfuse propagation per call. For the manifest-driven path,
 use :func:`hexgate.enforce_policy` instead.
@@ -28,7 +28,7 @@ def wrap_langchain_agent(
     tools: list[BaseTool],
     api_key: str | None = None,
 ) -> HexgateLangchainAgent:
-    """Wrap a pre-built LangGraph agent with HexaGate policy enforcement.
+    """Wrap a pre-built LangGraph agent with Hexgate policy enforcement.
     Mutates ``tools`` in place so the graph keeps its references.
     The returned proxy takes ``user`` per invocation; role resolves at

{hexgate-0.2.1 → hexgate-0.2.3}/hexgate/adapters/openai/runner.py RENAMED Viewed

@@ -32,7 +32,7 @@ from hexgate.security.enforcer import build_enforcer
 class HexgateRunner:
-    """Runner for OpenAI agents with HexaGate tool policy and observability."""
+    """Runner for OpenAI agents with Hexgate tool policy and observability."""
     def __init__(self, api_key: str | None = None):
         self.api_key = api_key or os.getenv("HEXGATE_KEY")
@@ -134,21 +134,22 @@ class HexgateRunner:
     ) -> RunResultStreaming:
         """Stream the OpenAI agent inside a User scope.
-        ``Runner.run_streamed`` returns sync; tools only run during
-        ``stream_events`` iteration. The User scope is opened inside the
-        wrapped iterator. Langfuse propagation runs during setup so the
-        trace span attaches. The policy refresh runs in the setup body —
-        the wrap is fixed before tools fire during stream_events.
+        ``Runner.run_streamed`` returns sync but spawns the agent loop as a
+        background task that snapshots the current contextvars at creation;
+        tools fire there, not in ``stream_events``. So the User scope must be
+        active around the ``run_streamed`` call for the task to inherit it —
+        the wrapped iterator re-opens it for exit/audit semantics.
         """
         self._setup_observability()
         binding = self._binding_for(agent)
         binding.refresh()  # must precede the wrap + setup
         wrapped_agent = wrap_openai_agent(agent, enforcer=binding.enforcer)
-        with self._propagate(user, agent.name):
-            result = Runner.run_streamed(
-                wrapped_agent, input, run_config=run_config, **kwargs
-            )
+        with user.sync_scope():
+            with self._propagate(user, agent.name):
+                result = Runner.run_streamed(
+                    wrapped_agent, input, run_config=run_config, **kwargs
+                )
         original_stream_events = result.stream_events

{hexgate-0.2.1 → hexgate-0.2.3}/hexgate/adapters/pydantic_ai/agent.py RENAMED Viewed

@@ -1,4 +1,4 @@
-"""Proxy around a pydantic_ai ``Agent`` for HexaGate-aware calls."""
+"""Proxy around a pydantic_ai ``Agent`` for Hexgate-aware calls."""
 from __future__ import annotations

{hexgate-0.2.1 → hexgate-0.2.3}/hexgate/adapters/pydantic_ai/wrapper.py RENAMED Viewed

@@ -49,7 +49,7 @@ def wrap_pydantic_agent(
     agent: Agent,
     api_key: str | None = None,
 ) -> HexgatePydanticAgent:
-    """Wrap a pydantic_ai agent with HexaGate policy + observability.
+    """Wrap a pydantic_ai agent with Hexgate policy + observability.
     Returns a :class:`HexgatePydanticAgent` backed by a clone of the
     caller's ``agent``; the original is not mutated. The proxy takes

hexgate 0.2.1__tar.gz → 0.2.3__tar.gz

hexgate 0.2.1tar.gz → 0.2.3tar.gz