hexgate 0.2.2__tar.gz → 0.2.3__tar.gz

{hexgate-0.2.2 → hexgate-0.2.3}/PKG-INFO

@@ -1,7 +1,7 @@
 Metadata-Version: 2.4
 Name: hexgate
-Version: 0.2.2
-Summary: HexaGate — authorization infrastructure for AI agents (agent runtime + cloud client).
+Version: 0.2.3
+Summary: Hexgate — authorization infrastructure for AI agents (agent runtime + cloud client).
 License-Expression: MIT
 Requires-Python: >=3.13
 Description-Content-Type: text/markdown
@@ -39,29 +39,38 @@ Dynamic: license-file
 
 <div align="center">
 
-# HexaGate
+<img src="./icon.svg" alt="Hexgate" width="96" height="96" />
+
+# Hexgate
 
 **Authorization infrastructure for AI agents.**
 Policy enforcement, signed policy bundles, per-request user scope, audit trail — for OpenAI Agents, LangChain, Google ADK, Pydantic AI, or a native runtime.
 
+[**Website**](https://hexgate.ai) · [Docs](https://docs.hexgate.ai) · [PyPI](https://pypi.org/project/hexgate/) · [Discussions](https://github.com/HexamindOrganisation/hexgate/discussions)
+
 [![PyPI](https://img.shields.io/pypi/v/hexgate?color=blue&logo=pypi&logoColor=white)](https://pypi.org/project/hexgate/)
-[![Python](https://img.shields.io/pypi/pyversions/hexgate?logo=python&logoColor=white)](https://pypi.org/project/hexgate/)
 [![CI](https://github.com/HexamindOrganisation/hexgate/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/HexamindOrganisation/hexgate/actions/workflows/tests.yml)
 [![Downloads](https://img.shields.io/pypi/dm/hexgate?color=blueviolet)](https://pypi.org/project/hexgate/)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
 
-[Quick Start](#-quick-start--local-cli) · [Two paths](#-which-path-do-i-pick) · [Framework adapters](#-framework-agent-wrapping) · [Policy bundles](#-policy-bundles--compile-sign-enforce-wasm) · [User scope](#-user-scope--roles) · [Platform](#-hexagate-platform)
+<br />
+
+<img src="./assets/hero.png" alt="Control what your agents do — not just what they say. Policy decisions streaming live from the PolicyEnforcer." />
+
+<br />
+
+[Quick Start](#-quick-start--local-cli) · [Two paths](#-which-path-do-i-pick) · [Framework adapters](#-framework-agent-wrapping) · [Policy bundles](#-policy-bundles--compile-sign-enforce-wasm) · [User scope](#-user-scope--roles) · [Platform](#-hexgate-platform)
 
 </div>
 
 ---
 
-## What is HexaGate?
+## What is Hexgate?
 
-HexaGate is two things that move together:
+Hexgate is two things that move together:
 
 - **`hexgate` — the SDK.** A Python runtime that gates every tool call through a typed `Decision` (allow / deny / approval-required), wraps your existing OpenAI / LangChain / Google ADK / Pydantic AI agent without rewriting it, and threads per-request user identity through tracing + audit.
-- **The HexaGate platform** *(optional)* — a FastAPI control plane + React dashboard for editing policy in a browser, minting per-project tokens, watching live decisions stream from a serving agent, and shipping signed WASM policy bundles to production.
+- **The Hexgate platform** *(optional)* — a FastAPI control plane + React dashboard for editing policy in a browser, minting per-project tokens, watching live decisions stream from a serving agent, and shipping signed WASM policy bundles to production.
 
 You can use the SDK with nothing else (single-process REPL, YAML on disk). Or plug in the platform when you want auditable decisions in ClickHouse, a shared Playground UI, and live policy edits.
 
@@ -79,7 +88,7 @@ You can use the SDK with nothing else (single-process REPL, YAML on disk). Or pl
         ┌────────────────┐       ┌──────────────────┐       ┌────────────────┐
         │  Local policy  │       │ Signed WASM      │       │   Audit log    │
         │  (YAML / dir,  │       │ bundle from      │       │   (ClickHouse  │
-        │  hot reload)   │       │ HexaGate cloud   │       │   via REST)    │
+        │  hot reload)   │       │ Hexgate cloud   │       │   via REST)    │
         └────────────────┘       └──────────────────┘       └────────────────┘
 ```
 
@@ -103,7 +112,7 @@ You can use the SDK with nothing else (single-process REPL, YAML on disk). Or pl
 - [Environment](#-environment)
 - [Tests & dev tooling](#-tests--dev-tooling)
 - [CLI reference](#-cli-reference)
-- [HexaGate platform](#-hexagate-platform)
+- [Hexgate platform](#-hexgate-platform)
 - [User scope + roles](#-user-scope--roles)
 - [Stream results](#-stream-results)
 
@@ -177,7 +186,7 @@ Both commands accept either a plain agent id (`--agent researcher`) or a uvicorn
 
 ## 🚀 Quick Start — Platform
 
-To run the full HexaGate control plane locally (FastAPI backend + dashboard + your local agent serving over WebSocket), you need **three terminals**. The Makefile has a target that prints the recipe:
+To run the full Hexgate control plane locally (FastAPI backend + dashboard + your local agent serving over WebSocket), you need **three terminals**. The Makefile has a target that prints the recipe:
 
 ```bash
 make demo-platform     # prints the 3-terminal recipe below
@@ -660,7 +669,7 @@ What happens under the hood:
 
 Working scripts in `examples/`:
 
-- `examples/customer_bot.py` — canonical HexaGate path: `create_agent(...)` + the dashboard register/serve loop end-to-end.
+- `examples/customer_bot.py` — canonical Hexgate path: `create_agent(...)` + the dashboard register/serve loop end-to-end.
 - `examples/openai_demo.py` — `HexgateRunner` (OpenAI Agents SDK) end-to-end.
 - `examples/google_demo.py` — `HexgateRunner` (Google ADK) end-to-end with `InMemorySessionService`.
 - `examples/pydantic_ai_demo.py` — `wrap_pydantic_agent` (Pydantic AI) end-to-end.
@@ -795,7 +804,7 @@ That means the same agent code can stay simple in development, while deployment
 
 ## 🧩 Policy Bundles — Compile, Sign, Enforce (WASM)
 
-HexaGate has **two policy enforcement engines** that return identical decisions (there's a parity test suite that proves it):
+Hexgate has **two policy enforcement engines** that return identical decisions (there's a parity test suite that proves it):
 
 - **pydantic** (default) — evaluates constraints in-process. Zero setup; this is what every example above uses.
 - **WASM** — compiles `policy.yaml` → Rego → a WebAssembly module evaluated via `wasmtime`. This is the path production ships: one compiled artifact, byte-for-byte reproducible, cryptographically signed by the platform.
@@ -1131,7 +1140,7 @@ hexgate chat --use examples/research_agents.py --agent update_researcher --appro
 
 ### `hexgate register` — push a manifest to the platform
 
-Register a code-defined agent's manifest with the HexaGate platform. `--agent`
+Register a code-defined agent's manifest with the Hexgate platform. `--agent`
 takes a Python import path of the form `module.path:attribute`, the same shape
 as ASGI/WSGI entrypoints. The CLI imports the module, grabs the agent object,
 and POSTs its manifest to `${HEXGATE_API_URL}/v1/agents` using
@@ -1170,7 +1179,7 @@ system prompt directly off the object. No flags needed.
 `--system-prompt` accepts either a literal string or a path to a `.md` /
 `.txt` / `.jinja` file (read as text at register time).
 
-Supported frameworks: OpenAI Agents SDK, Google ADK, Pydantic AI, LangChain/LangGraph, HexaGate agents.
+Supported frameworks: OpenAI Agents SDK, Google ADK, Pydantic AI, LangChain/LangGraph, Hexgate agents.
 
 ### `hexgate serve` — bridge a local agent to the platform's relay
 
@@ -1207,7 +1216,7 @@ print(manifest.model_dump())
 ```
 
 `create_manifest` dispatches on the framework of `agent`. The supported
-types are the same set `hexgate register` accepts: HexaGate, OpenAI Agents
+types are the same set `hexgate register` accepts: Hexgate, OpenAI Agents
 SDK, Google ADK, Pydantic AI, and LangChain/LangGraph compiled graphs.
 For LangGraph you must pass `tools=` explicitly, and may pass `model=` /
 `system_prompt=`, since compiled graphs don't expose those fields after
@@ -1217,7 +1226,7 @@ The return value is an `AgentManifest` (a Pydantic model, also re-exported
 from `hexgate` for type annotations) — the same schema the platform
 stores and the dashboard renders.
 
-## 🌐 HexaGate Platform
+## 🌐 Hexgate Platform
 
 The `platform/` directory contains an optional control plane that hosts agent definitions, dev tokens, and a live debug surface. The SDK works fully without it (`load_local_agent`, `load_builtin_agent` keep their existing semantics) — but with it you get:
 
@@ -1336,7 +1345,7 @@ the name from the loaded agent's `.name` attribute — no env var needed.
 
 ## 👤 User Scope + Roles
 
-Real backends serve many users, and different users get different capabilities. HexaGate splits that into two pieces:
+Real backends serve many users, and different users get different capabilities. Hexgate splits that into two pieces:
 
 - **`User`** — the per-request scope. Marks "this invocation acts on behalf of alice, in role X." Async context manager; pushes a fact-bearing Biscuit through the agent runtime.
 - **Role policies** — one `policy.yaml` per role, optionally inheriting from a base mixin. The runtime picks the right one at call time based on the active `User.role`.
@@ -1486,3 +1495,7 @@ async for event in stream_agent(agent, handler, "latest AI breakthroughs"):
 - assistant text deltas
 - tool lifecycle
 - final run completion
+
+---
+
+If Hexgate looks useful, [give it a ⭐ on GitHub](https://github.com/HexamindOrganisation/hexgate) — it helps more than you'd think. Built by [Hexamind](https://hexgate.ai).

{hexgate-0.2.2 → hexgate-0.2.3}/README.md

@@ -1,28 +1,37 @@
 <div align="center">
 
-# HexaGate
+<img src="./icon.svg" alt="Hexgate" width="96" height="96" />
+
+# Hexgate
 
 **Authorization infrastructure for AI agents.**
 Policy enforcement, signed policy bundles, per-request user scope, audit trail — for OpenAI Agents, LangChain, Google ADK, Pydantic AI, or a native runtime.
 
+[**Website**](https://hexgate.ai) · [Docs](https://docs.hexgate.ai) · [PyPI](https://pypi.org/project/hexgate/) · [Discussions](https://github.com/HexamindOrganisation/hexgate/discussions)
+
 [![PyPI](https://img.shields.io/pypi/v/hexgate?color=blue&logo=pypi&logoColor=white)](https://pypi.org/project/hexgate/)
-[![Python](https://img.shields.io/pypi/pyversions/hexgate?logo=python&logoColor=white)](https://pypi.org/project/hexgate/)
 [![CI](https://github.com/HexamindOrganisation/hexgate/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/HexamindOrganisation/hexgate/actions/workflows/tests.yml)
 [![Downloads](https://img.shields.io/pypi/dm/hexgate?color=blueviolet)](https://pypi.org/project/hexgate/)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
 
-[Quick Start](#-quick-start--local-cli) · [Two paths](#-which-path-do-i-pick) · [Framework adapters](#-framework-agent-wrapping) · [Policy bundles](#-policy-bundles--compile-sign-enforce-wasm) · [User scope](#-user-scope--roles) · [Platform](#-hexagate-platform)
+<br />
+
+<img src="./assets/hero.png" alt="Control what your agents do — not just what they say. Policy decisions streaming live from the PolicyEnforcer." />
+
+<br />
+
+[Quick Start](#-quick-start--local-cli) · [Two paths](#-which-path-do-i-pick) · [Framework adapters](#-framework-agent-wrapping) · [Policy bundles](#-policy-bundles--compile-sign-enforce-wasm) · [User scope](#-user-scope--roles) · [Platform](#-hexgate-platform)
 
 </div>
 
 ---
 
-## What is HexaGate?
+## What is Hexgate?
 
-HexaGate is two things that move together:
+Hexgate is two things that move together:
 
 - **`hexgate` — the SDK.** A Python runtime that gates every tool call through a typed `Decision` (allow / deny / approval-required), wraps your existing OpenAI / LangChain / Google ADK / Pydantic AI agent without rewriting it, and threads per-request user identity through tracing + audit.
-- **The HexaGate platform** *(optional)* — a FastAPI control plane + React dashboard for editing policy in a browser, minting per-project tokens, watching live decisions stream from a serving agent, and shipping signed WASM policy bundles to production.
+- **The Hexgate platform** *(optional)* — a FastAPI control plane + React dashboard for editing policy in a browser, minting per-project tokens, watching live decisions stream from a serving agent, and shipping signed WASM policy bundles to production.
 
 You can use the SDK with nothing else (single-process REPL, YAML on disk). Or plug in the platform when you want auditable decisions in ClickHouse, a shared Playground UI, and live policy edits.
 
@@ -40,7 +49,7 @@ You can use the SDK with nothing else (single-process REPL, YAML on disk). Or pl
         ┌────────────────┐       ┌──────────────────┐       ┌────────────────┐
         │  Local policy  │       │ Signed WASM      │       │   Audit log    │
         │  (YAML / dir,  │       │ bundle from      │       │   (ClickHouse  │
-        │  hot reload)   │       │ HexaGate cloud   │       │   via REST)    │
+        │  hot reload)   │       │ Hexgate cloud   │       │   via REST)    │
         └────────────────┘       └──────────────────┘       └────────────────┘
 ```
 
@@ -64,7 +73,7 @@ You can use the SDK with nothing else (single-process REPL, YAML on disk). Or pl
 - [Environment](#-environment)
 - [Tests & dev tooling](#-tests--dev-tooling)
 - [CLI reference](#-cli-reference)
-- [HexaGate platform](#-hexagate-platform)
+- [Hexgate platform](#-hexgate-platform)
 - [User scope + roles](#-user-scope--roles)
 - [Stream results](#-stream-results)
 
@@ -138,7 +147,7 @@ Both commands accept either a plain agent id (`--agent researcher`) or a uvicorn
 
 ## 🚀 Quick Start — Platform
 
-To run the full HexaGate control plane locally (FastAPI backend + dashboard + your local agent serving over WebSocket), you need **three terminals**. The Makefile has a target that prints the recipe:
+To run the full Hexgate control plane locally (FastAPI backend + dashboard + your local agent serving over WebSocket), you need **three terminals**. The Makefile has a target that prints the recipe:
 
 ```bash
 make demo-platform     # prints the 3-terminal recipe below
@@ -621,7 +630,7 @@ What happens under the hood:
 
 Working scripts in `examples/`:
 
-- `examples/customer_bot.py` — canonical HexaGate path: `create_agent(...)` + the dashboard register/serve loop end-to-end.
+- `examples/customer_bot.py` — canonical Hexgate path: `create_agent(...)` + the dashboard register/serve loop end-to-end.
 - `examples/openai_demo.py` — `HexgateRunner` (OpenAI Agents SDK) end-to-end.
 - `examples/google_demo.py` — `HexgateRunner` (Google ADK) end-to-end with `InMemorySessionService`.
 - `examples/pydantic_ai_demo.py` — `wrap_pydantic_agent` (Pydantic AI) end-to-end.
@@ -756,7 +765,7 @@ That means the same agent code can stay simple in development, while deployment
 
 ## 🧩 Policy Bundles — Compile, Sign, Enforce (WASM)
 
-HexaGate has **two policy enforcement engines** that return identical decisions (there's a parity test suite that proves it):
+Hexgate has **two policy enforcement engines** that return identical decisions (there's a parity test suite that proves it):
 
 - **pydantic** (default) — evaluates constraints in-process. Zero setup; this is what every example above uses.
 - **WASM** — compiles `policy.yaml` → Rego → a WebAssembly module evaluated via `wasmtime`. This is the path production ships: one compiled artifact, byte-for-byte reproducible, cryptographically signed by the platform.
@@ -1092,7 +1101,7 @@ hexgate chat --use examples/research_agents.py --agent update_researcher --appro
 
 ### `hexgate register` — push a manifest to the platform
 
-Register a code-defined agent's manifest with the HexaGate platform. `--agent`
+Register a code-defined agent's manifest with the Hexgate platform. `--agent`
 takes a Python import path of the form `module.path:attribute`, the same shape
 as ASGI/WSGI entrypoints. The CLI imports the module, grabs the agent object,
 and POSTs its manifest to `${HEXGATE_API_URL}/v1/agents` using
@@ -1131,7 +1140,7 @@ system prompt directly off the object. No flags needed.
 `--system-prompt` accepts either a literal string or a path to a `.md` /
 `.txt` / `.jinja` file (read as text at register time).
 
-Supported frameworks: OpenAI Agents SDK, Google ADK, Pydantic AI, LangChain/LangGraph, HexaGate agents.
+Supported frameworks: OpenAI Agents SDK, Google ADK, Pydantic AI, LangChain/LangGraph, Hexgate agents.
 
 ### `hexgate serve` — bridge a local agent to the platform's relay
 
@@ -1168,7 +1177,7 @@ print(manifest.model_dump())
 ```
 
 `create_manifest` dispatches on the framework of `agent`. The supported
-types are the same set `hexgate register` accepts: HexaGate, OpenAI Agents
+types are the same set `hexgate register` accepts: Hexgate, OpenAI Agents
 SDK, Google ADK, Pydantic AI, and LangChain/LangGraph compiled graphs.
 For LangGraph you must pass `tools=` explicitly, and may pass `model=` /
 `system_prompt=`, since compiled graphs don't expose those fields after
@@ -1178,7 +1187,7 @@ The return value is an `AgentManifest` (a Pydantic model, also re-exported
 from `hexgate` for type annotations) — the same schema the platform
 stores and the dashboard renders.
 
-## 🌐 HexaGate Platform
+## 🌐 Hexgate Platform
 
 The `platform/` directory contains an optional control plane that hosts agent definitions, dev tokens, and a live debug surface. The SDK works fully without it (`load_local_agent`, `load_builtin_agent` keep their existing semantics) — but with it you get:
 
@@ -1297,7 +1306,7 @@ the name from the loaded agent's `.name` attribute — no env var needed.
 
 ## 👤 User Scope + Roles
 
-Real backends serve many users, and different users get different capabilities. HexaGate splits that into two pieces:
+Real backends serve many users, and different users get different capabilities. Hexgate splits that into two pieces:
 
 - **`User`** — the per-request scope. Marks "this invocation acts on behalf of alice, in role X." Async context manager; pushes a fact-bearing Biscuit through the agent runtime.
 - **Role policies** — one `policy.yaml` per role, optionally inheriting from a base mixin. The runtime picks the right one at call time based on the active `User.role`.
@@ -1447,3 +1456,7 @@ async for event in stream_agent(agent, handler, "latest AI breakthroughs"):
 - assistant text deltas
 - tool lifecycle
 - final run completion
+
+---
+
+If Hexgate looks useful, [give it a ⭐ on GitHub](https://github.com/HexamindOrganisation/hexgate) — it helps more than you'd think. Built by [Hexamind](https://hexgate.ai).

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/adapters/google/runner.py

@@ -21,7 +21,7 @@ from hexgate.runtime import User
 
 
 class HexgateRunner:
-    """Runner for Google ADK agents with HexaGate tool policy and observability."""
+    """Runner for Google ADK agents with Hexgate tool policy and observability."""
 
     def __init__(
         self,

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/adapters/langchain/agent.py

@@ -1,4 +1,4 @@
-"""Proxy around a pre-built ``CompiledStateGraph`` for HexaGate-aware calls."""
+"""Proxy around a pre-built ``CompiledStateGraph`` for Hexgate-aware calls."""
 
 from __future__ import annotations
 
@@ -60,7 +60,7 @@ class HexgateLangchainAgent:
         }
 
     def _with_callbacks(self, config: RunnableConfig | None) -> RunnableConfig:
-        """Append the HexaGate callback handler to ``config['callbacks']``."""
+        """Append the Hexgate callback handler to ``config['callbacks']``."""
         merged: RunnableConfig = dict(config) if config else {}
         callbacks = list(merged.get("callbacks") or [])
         if self._callback_handler not in callbacks:

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/adapters/langchain/wrapper.py

@@ -1,5 +1,5 @@
 """BYO-graph entry point: retrofit a pre-built ``CompiledStateGraph`` with
-HexaGate policy. Tools are mutated in place so the graph keeps its
+Hexgate policy. Tools are mutated in place so the graph keeps its
 references; the returned :class:`HexgateLangchainAgent` opens a User
 scope + Langfuse propagation per call. For the manifest-driven path,
 use :func:`hexgate.enforce_policy` instead.
@@ -28,7 +28,7 @@ def wrap_langchain_agent(
     tools: list[BaseTool],
     api_key: str | None = None,
 ) -> HexgateLangchainAgent:
-    """Wrap a pre-built LangGraph agent with HexaGate policy enforcement.
+    """Wrap a pre-built LangGraph agent with Hexgate policy enforcement.
 
     Mutates ``tools`` in place so the graph keeps its references.
     The returned proxy takes ``user`` per invocation; role resolves at

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/adapters/openai/runner.py

@@ -32,7 +32,7 @@ from hexgate.security.enforcer import build_enforcer
 
 
 class HexgateRunner:
-    """Runner for OpenAI agents with HexaGate tool policy and observability."""
+    """Runner for OpenAI agents with Hexgate tool policy and observability."""
 
     def __init__(self, api_key: str | None = None):
         self.api_key = api_key or os.getenv("HEXGATE_KEY")

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/adapters/pydantic_ai/agent.py

@@ -1,4 +1,4 @@
-"""Proxy around a pydantic_ai ``Agent`` for HexaGate-aware calls."""
+"""Proxy around a pydantic_ai ``Agent`` for Hexgate-aware calls."""
 
 from __future__ import annotations
 

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/adapters/pydantic_ai/wrapper.py

@@ -49,7 +49,7 @@ def wrap_pydantic_agent(
     agent: Agent,
     api_key: str | None = None,
 ) -> HexgatePydanticAgent:
-    """Wrap a pydantic_ai agent with HexaGate policy + observability.
+    """Wrap a pydantic_ai agent with Hexgate policy + observability.
 
     Returns a :class:`HexgatePydanticAgent` backed by a clone of the
     caller's ``agent``; the original is not mutated. The proxy takes

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/agents/loader.py

@@ -462,10 +462,10 @@ def load_hexgate_agent(
     approval_handler: ApprovalHandler | None = None,
     decision_observer: "DecisionObserver | None" = None,
 ) -> tuple[AgentGraph, CallbackHandler]:
-    """Fetch an agent from HexaGate and return it with policy enforcement applied.
+    """Fetch an agent from Hexgate and return it with policy enforcement applied.
 
     Mirrors `load_local_agent` but sources the three YAMLs (agent, policy, system)
-    from the HexaGate API instead of disk. Tool resolution and enforcement are
+    from the Hexgate API instead of disk. Tool resolution and enforcement are
     identical — only the bytes' origin differs.
 
     ``name`` is required. The Phase-7 env-var fallback chain
@@ -555,7 +555,7 @@ def load_agent(
     approval_handler: ApprovalHandler | None = None,
     decision_observer: "DecisionObserver | None" = None,
 ) -> tuple[AgentGraph, CallbackHandler]:
-    """Load an agent from HexaGate (when HEXGATE_KEY is set), local, or builtin.
+    """Load an agent from Hexgate (when HEXGATE_KEY is set), local, or builtin.
 
     ``name`` is required for every path post-Phase 7 — the
     HEXGATE_AGENT_NAME env-var fallback was removed when ``hexgate
@@ -584,7 +584,7 @@ def load_agent(
             decision_observer=decision_observer,
         )
     if name is None:
-        raise ValueError("load_agent() requires a name when not using HexaGate Cloud")
+        raise ValueError("load_agent() requires a name when not using Hexgate Cloud")
     source = resolve_agent_source(name, base_dir)
     if source == "local":
         return load_local_agent(

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/cli/_common.py

@@ -63,7 +63,7 @@ def build_runtime(
       "this loads in serve but not chat" footgun — same spec form
       ``hexgate serve`` already accepts.
 
-    ``local_only=True`` keeps the loader off the HexaGate Cloud path even
+    ``local_only=True`` keeps the loader off the Hexgate Cloud path even
     when ``HEXGATE_KEY`` is present in the environment — what terminal
     chat uses, since it doesn't need cloud-fetched policy or a serve
     tunnel. ``hexgate serve`` passes ``local_only=False`` so policy edits

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/cli/register/hexgate.py

@@ -19,10 +19,10 @@ from hexgate.cli.register.models import (
 def create_hexgate_manifest(
     agent: HexgateAgent, *, description: str | None = None
 ) -> AgentManifest:
-    """Build an AgentManifest from a HexaGate agent created by `create_agent`."""
+    """Build an AgentManifest from a Hexgate agent created by `create_agent`."""
     if not agent.name:
         raise ValueError(
-            "HexaGate agent has no name — set a name on the HexgateAgent so the "
+            "Hexgate agent has no name — set a name on the HexgateAgent so the "
             "manifest can identify it on the platform."
         )
     return AgentManifest(

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/cli/register/main.py

@@ -40,8 +40,8 @@ def add_parser(subparsers: argparse._SubParsersAction) -> None:
     """
     parser = subparsers.add_parser(
         "register",
-        help="Register an agent to the HexaGate platform.",
-        description="Register an agent to the HexaGate platform.",
+        help="Register an agent to the Hexgate platform.",
+        description="Register an agent to the Hexgate platform.",
     )
     parser.add_argument(
         "--agent",

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/cli/serve.py

@@ -1,4 +1,4 @@
-"""Serve subcommand: bridge a local agent to the HexaGate control plane.
+"""Serve subcommand: bridge a local agent to the Hexgate control plane.
 
 Connects to ``ws://{API_URL}/v1/serve`` and authenticates via the
 ``bearer.<envelope>`` WebSocket subprotocol — the server derives the
@@ -251,9 +251,9 @@ def add_parser(subparsers: argparse._SubParsersAction) -> None:
     """Register the `serve` subcommand on the top-level hexgate CLI."""
     parser = subparsers.add_parser(
         "serve",
-        help="Relay a local agent to the HexaGate dashboard over WebSocket.",
+        help="Relay a local agent to the Hexgate dashboard over WebSocket.",
         description=(
-            "Serve a local agent to the HexaGate dashboard Playground over "
+            "Serve a local agent to the Hexgate dashboard Playground over "
             "WebSocket. Takes a module:attr spec — the same form as "
             "`hexgate register --agent ...` — and brings the agent up "
             "end-to-end: auto-registers the manifest (idempotent), fetches "

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/cloud/__init__.py

@@ -1,4 +1,4 @@
-"""Transport layer for the HexaGate control plane — HTTP client + Biscuit verify.
+"""Transport layer for the Hexgate control plane — HTTP client + Biscuit verify.
 
 The agent-loader equivalent (`load_hexgate_agent`) lives in `hexgate.agents.loader`
 alongside `load_local_agent` / `load_builtin_agent`; this package only carries the

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/cloud/attenuate.py

@@ -1,4 +1,4 @@
-"""Attenuate a verified HexaGate token with user-scoped facts and checks.
+"""Attenuate a verified Hexgate token with user-scoped facts and checks.
 
 In production the dev's backend calls :func:`attenuate_for_user` on each
 inbound request, taking the project-wide token from ``HEXGATE_KEY`` and

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/cloud/biscuit.py

@@ -71,7 +71,7 @@ def parse_envelope(envelope: str) -> tuple[str, str, str]:
     parts = envelope.split("_", 3)
     if len(parts) != 4 or parts[0] != ENVELOPE_PREFIX:
         raise TokenError(
-            f"malformed HexaGate token envelope (expected '{ENVELOPE_PREFIX}_<env>_<project>_<biscuit>')"
+            f"malformed Hexgate token envelope (expected '{ENVELOPE_PREFIX}_<env>_<project>_<biscuit>')"
         )
     env, project_id, biscuit_b64 = parts[1], parts[2], parts[3]
     return env, project_id, biscuit_b64

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/cloud/client.py

@@ -1,4 +1,4 @@
-"""HTTP client for the HexaGate control plane.
+"""HTTP client for the Hexgate control plane.
 
 The client trusts ``HEXGATE_KEY`` only after verifying its Biscuit signature
 against the platform's public key. The public key is resolved in this order:
@@ -6,7 +6,7 @@ against the platform's public key. The public key is resolved in this order:
 1. Explicit ``public_key`` arg passed to ``HexgateConfig``.
 2. ``HEXGATE_PUBLIC_KEY`` env var (base64 url-safe, 32 raw bytes).
 3. Fetched from ``GET /v1/.well-known/keys`` on first use (TOFU for POC;
-   embed a build-time constant for hosted HexaGate Cloud later).
+   embed a build-time constant for hosted Hexgate Cloud later).
 
 If none of the above produces a verifying key, the client raises with a
 clear error rather than blindly forwarding the bearer token.
@@ -42,7 +42,7 @@ TOKEN_PREFIX = "fty_"
 
 
 class HexgateError(RuntimeError):
-    """Raised for any HexaGate API interaction failure.
+    """Raised for any Hexgate API interaction failure.
 
     ``status`` is the HTTP status code, or ``None`` for transport errors.
     """
@@ -54,7 +54,7 @@ class HexgateError(RuntimeError):
 
 @dataclass
 class HexgateConfig:
-    """Resolved configuration for a HexaGate client.
+    """Resolved configuration for a Hexgate client.
 
     ``project_id`` is best-effort only — used by display surfaces
     (log lines, langchain tags) but never threaded through API URLs.
@@ -332,14 +332,14 @@ class HexgateClient:
                 return None, exc.headers.get("ETag") or if_none_match
             detail = exc.read().decode("utf-8", errors="replace")
             raise HexgateError(
-                f"HexaGate API error {exc.code} calling {url}: {detail[:200]}",
+                f"Hexgate API error {exc.code} calling {url}: {detail[:200]}",
                 status=exc.code,
             ) from exc
         except urllib.error.URLError as exc:
             raise HexgateError(
-                f"HexaGate API unreachable at {url}: {exc.reason}"
+                f"Hexgate API unreachable at {url}: {exc.reason}"
             ) from exc
         try:
             return json.loads(payload), etag
         except json.JSONDecodeError as exc:
-            raise HexgateError(f"HexaGate API returned non-JSON from {url}") from exc
+            raise HexgateError(f"Hexgate API returned non-JSON from {url}") from exc

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/security/rego.py

@@ -1,4 +1,4 @@
-"""Compile a HexaGate ``policy.yaml`` document into a Rego policy module.
+"""Compile a Hexgate ``policy.yaml`` document into a Rego policy module.
 
 The compiler is a pure-Python transformation: parsed YAML payload →
 ``PolicySet`` (which flattens ``inherits:`` and drops ``is_mixin:`` entries)

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/security/wasm_engine.py

@@ -1,4 +1,4 @@
-"""Evaluate a HexaGate policy bundle's ``policy.wasm`` via wasmtime-py.
+"""Evaluate a Hexgate policy bundle's ``policy.wasm`` via wasmtime-py.
 
 This module is the runtime counterpart to :mod:`hexgate.security.rego_wasm`:
 that one *compiles* YAML → Rego → WASM, this one *evaluates* WASM →
@@ -107,7 +107,7 @@ DEFAULT_ENTRYPOINT = "hexgate/policy/decision"
 
 
 class WasmPolicy:
-    """A loaded, evaluable HexaGate policy WASM bundle.
+    """A loaded, evaluable Hexgate policy WASM bundle.
 
     Construct with ``WasmPolicy.from_bytes(wasm)`` or
     ``WasmPolicy.from_bundle_path(dir)``. Each instance owns its own
@@ -349,7 +349,7 @@ def _make_builtin_stubs(store: wasmtime.Store) -> dict[int, wasmtime.Func]:
             builtin_id = args[0] if args else -1
             raise WasmEvalError(
                 f"policy invoked unsupported Rego builtin "
-                f"(builtin{_arity}, id={builtin_id}); the HexaGate "
+                f"(builtin{_arity}, id={builtin_id}); the Hexgate "
                 "constraint grammar does not expose builtins."
             )
 

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate/streaming/__init__.py

@@ -1,4 +1,4 @@
-"""Streaming events and the LangChain → HexaGate event normalizer."""
+"""Streaming events and the LangChain → Hexgate event normalizer."""
 
 from hexgate.streaming.events import (
     AgentRunResult,

{hexgate-0.2.2 → hexgate-0.2.3}/hexgate.egg-info/PKG-INFO

@@ -1,7 +1,7 @@
 Metadata-Version: 2.4
 Name: hexgate
-Version: 0.2.2
-Summary: HexaGate — authorization infrastructure for AI agents (agent runtime + cloud client).
+Version: 0.2.3
+Summary: Hexgate — authorization infrastructure for AI agents (agent runtime + cloud client).
 License-Expression: MIT
 Requires-Python: >=3.13
 Description-Content-Type: text/markdown
@@ -39,29 +39,38 @@ Dynamic: license-file
 
 <div align="center">
 
-# HexaGate
+<img src="./icon.svg" alt="Hexgate" width="96" height="96" />
+
+# Hexgate
 
 **Authorization infrastructure for AI agents.**
 Policy enforcement, signed policy bundles, per-request user scope, audit trail — for OpenAI Agents, LangChain, Google ADK, Pydantic AI, or a native runtime.
 
+[**Website**](https://hexgate.ai) · [Docs](https://docs.hexgate.ai) · [PyPI](https://pypi.org/project/hexgate/) · [Discussions](https://github.com/HexamindOrganisation/hexgate/discussions)
+
 [![PyPI](https://img.shields.io/pypi/v/hexgate?color=blue&logo=pypi&logoColor=white)](https://pypi.org/project/hexgate/)
-[![Python](https://img.shields.io/pypi/pyversions/hexgate?logo=python&logoColor=white)](https://pypi.org/project/hexgate/)
 [![CI](https://github.com/HexamindOrganisation/hexgate/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/HexamindOrganisation/hexgate/actions/workflows/tests.yml)
 [![Downloads](https://img.shields.io/pypi/dm/hexgate?color=blueviolet)](https://pypi.org/project/hexgate/)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
 
-[Quick Start](#-quick-start--local-cli) · [Two paths](#-which-path-do-i-pick) · [Framework adapters](#-framework-agent-wrapping) · [Policy bundles](#-policy-bundles--compile-sign-enforce-wasm) · [User scope](#-user-scope--roles) · [Platform](#-hexagate-platform)
+<br />
+
+<img src="./assets/hero.png" alt="Control what your agents do — not just what they say. Policy decisions streaming live from the PolicyEnforcer." />
+
+<br />
+
+[Quick Start](#-quick-start--local-cli) · [Two paths](#-which-path-do-i-pick) · [Framework adapters](#-framework-agent-wrapping) · [Policy bundles](#-policy-bundles--compile-sign-enforce-wasm) · [User scope](#-user-scope--roles) · [Platform](#-hexgate-platform)
 
 </div>
 
 ---
 
-## What is HexaGate?
+## What is Hexgate?
 
-HexaGate is two things that move together:
+Hexgate is two things that move together:
 
 - **`hexgate` — the SDK.** A Python runtime that gates every tool call through a typed `Decision` (allow / deny / approval-required), wraps your existing OpenAI / LangChain / Google ADK / Pydantic AI agent without rewriting it, and threads per-request user identity through tracing + audit.
-- **The HexaGate platform** *(optional)* — a FastAPI control plane + React dashboard for editing policy in a browser, minting per-project tokens, watching live decisions stream from a serving agent, and shipping signed WASM policy bundles to production.
+- **The Hexgate platform** *(optional)* — a FastAPI control plane + React dashboard for editing policy in a browser, minting per-project tokens, watching live decisions stream from a serving agent, and shipping signed WASM policy bundles to production.
 
 You can use the SDK with nothing else (single-process REPL, YAML on disk). Or plug in the platform when you want auditable decisions in ClickHouse, a shared Playground UI, and live policy edits.
 
@@ -79,7 +88,7 @@ You can use the SDK with nothing else (single-process REPL, YAML on disk). Or pl
         ┌────────────────┐       ┌──────────────────┐       ┌────────────────┐
         │  Local policy  │       │ Signed WASM      │       │   Audit log    │
         │  (YAML / dir,  │       │ bundle from      │       │   (ClickHouse  │
-        │  hot reload)   │       │ HexaGate cloud   │       │   via REST)    │
+        │  hot reload)   │       │ Hexgate cloud   │       │   via REST)    │
         └────────────────┘       └──────────────────┘       └────────────────┘
 ```
 
@@ -103,7 +112,7 @@ You can use the SDK with nothing else (single-process REPL, YAML on disk). Or pl
 - [Environment](#-environment)
 - [Tests & dev tooling](#-tests--dev-tooling)
 - [CLI reference](#-cli-reference)
-- [HexaGate platform](#-hexagate-platform)
+- [Hexgate platform](#-hexgate-platform)
 - [User scope + roles](#-user-scope--roles)
 - [Stream results](#-stream-results)
 
@@ -177,7 +186,7 @@ Both commands accept either a plain agent id (`--agent researcher`) or a uvicorn
 
 ## 🚀 Quick Start — Platform
 
-To run the full HexaGate control plane locally (FastAPI backend + dashboard + your local agent serving over WebSocket), you need **three terminals**. The Makefile has a target that prints the recipe:
+To run the full Hexgate control plane locally (FastAPI backend + dashboard + your local agent serving over WebSocket), you need **three terminals**. The Makefile has a target that prints the recipe:
 
 ```bash
 make demo-platform     # prints the 3-terminal recipe below
@@ -660,7 +669,7 @@ What happens under the hood:
 
 Working scripts in `examples/`:
 
-- `examples/customer_bot.py` — canonical HexaGate path: `create_agent(...)` + the dashboard register/serve loop end-to-end.
+- `examples/customer_bot.py` — canonical Hexgate path: `create_agent(...)` + the dashboard register/serve loop end-to-end.
 - `examples/openai_demo.py` — `HexgateRunner` (OpenAI Agents SDK) end-to-end.
 - `examples/google_demo.py` — `HexgateRunner` (Google ADK) end-to-end with `InMemorySessionService`.
 - `examples/pydantic_ai_demo.py` — `wrap_pydantic_agent` (Pydantic AI) end-to-end.
@@ -795,7 +804,7 @@ That means the same agent code can stay simple in development, while deployment
 
 ## 🧩 Policy Bundles — Compile, Sign, Enforce (WASM)
 
-HexaGate has **two policy enforcement engines** that return identical decisions (there's a parity test suite that proves it):
+Hexgate has **two policy enforcement engines** that return identical decisions (there's a parity test suite that proves it):
 
 - **pydantic** (default) — evaluates constraints in-process. Zero setup; this is what every example above uses.
 - **WASM** — compiles `policy.yaml` → Rego → a WebAssembly module evaluated via `wasmtime`. This is the path production ships: one compiled artifact, byte-for-byte reproducible, cryptographically signed by the platform.
@@ -1131,7 +1140,7 @@ hexgate chat --use examples/research_agents.py --agent update_researcher --appro
 
 ### `hexgate register` — push a manifest to the platform
 
-Register a code-defined agent's manifest with the HexaGate platform. `--agent`
+Register a code-defined agent's manifest with the Hexgate platform. `--agent`
 takes a Python import path of the form `module.path:attribute`, the same shape
 as ASGI/WSGI entrypoints. The CLI imports the module, grabs the agent object,
 and POSTs its manifest to `${HEXGATE_API_URL}/v1/agents` using
@@ -1170,7 +1179,7 @@ system prompt directly off the object. No flags needed.
 `--system-prompt` accepts either a literal string or a path to a `.md` /
 `.txt` / `.jinja` file (read as text at register time).
 
-Supported frameworks: OpenAI Agents SDK, Google ADK, Pydantic AI, LangChain/LangGraph, HexaGate agents.
+Supported frameworks: OpenAI Agents SDK, Google ADK, Pydantic AI, LangChain/LangGraph, Hexgate agents.
 
 ### `hexgate serve` — bridge a local agent to the platform's relay
 
@@ -1207,7 +1216,7 @@ print(manifest.model_dump())
 ```
 
 `create_manifest` dispatches on the framework of `agent`. The supported
-types are the same set `hexgate register` accepts: HexaGate, OpenAI Agents
+types are the same set `hexgate register` accepts: Hexgate, OpenAI Agents
 SDK, Google ADK, Pydantic AI, and LangChain/LangGraph compiled graphs.
 For LangGraph you must pass `tools=` explicitly, and may pass `model=` /
 `system_prompt=`, since compiled graphs don't expose those fields after
@@ -1217,7 +1226,7 @@ The return value is an `AgentManifest` (a Pydantic model, also re-exported
 from `hexgate` for type annotations) — the same schema the platform
 stores and the dashboard renders.
 
-## 🌐 HexaGate Platform
+## 🌐 Hexgate Platform
 
 The `platform/` directory contains an optional control plane that hosts agent definitions, dev tokens, and a live debug surface. The SDK works fully without it (`load_local_agent`, `load_builtin_agent` keep their existing semantics) — but with it you get:
 
@@ -1336,7 +1345,7 @@ the name from the loaded agent's `.name` attribute — no env var needed.
 
 ## 👤 User Scope + Roles
 
-Real backends serve many users, and different users get different capabilities. HexaGate splits that into two pieces:
+Real backends serve many users, and different users get different capabilities. Hexgate splits that into two pieces:
 
 - **`User`** — the per-request scope. Marks "this invocation acts on behalf of alice, in role X." Async context manager; pushes a fact-bearing Biscuit through the agent runtime.
 - **Role policies** — one `policy.yaml` per role, optionally inheriting from a base mixin. The runtime picks the right one at call time based on the active `User.role`.
@@ -1486,3 +1495,7 @@ async for event in stream_agent(agent, handler, "latest AI breakthroughs"):
 - assistant text deltas
 - tool lifecycle
 - final run completion
+
+---
+
+If Hexgate looks useful, [give it a ⭐ on GitHub](https://github.com/HexamindOrganisation/hexgate) — it helps more than you'd think. Built by [Hexamind](https://hexgate.ai).

{hexgate-0.2.2 → hexgate-0.2.3}/pyproject.toml

@@ -9,8 +9,8 @@ build-backend = "setuptools.build_meta"
 # 0.2.0 (the original package name was taken on PyPI by a 2014
 # abandoned project; the team consolidated on `hexgate` for everything).
 name = "hexgate"
-version = "0.2.2"
-description = "HexaGate — authorization infrastructure for AI agents (agent runtime + cloud client)."
+version = "0.2.3"
+description = "Hexgate — authorization infrastructure for AI agents (agent runtime + cloud client)."
 readme = "README.md"
 license = "MIT"
 license-files = ["LICENSE"]