moss-hermes 0.1.0__tar.gz

moss_hermes-0.1.0/.gitignore

@@ -0,0 +1,33 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Distribution / packaging
+dist/
+build/
+*.egg-info/
+*.egg
+
+# Virtual environments
+venv/
+.venv/
+env/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+
+# Type checking
+.mypy_cache/
+
+# OS
+.DS_Store
+Thumbs.db

moss_hermes-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 MOSS Computing
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

moss_hermes-0.1.0/PKG-INFO

@@ -0,0 +1,93 @@
+Metadata-Version: 2.4
+Name: moss-hermes
+Version: 0.1.0
+Summary: MOSS integration for Nous Research Hermes agents - cryptographic signing for AI actions
+Project-URL: Homepage, https://mosscomputing.com
+Project-URL: Documentation, https://docs.mosscomputing.com/hermes
+Project-URL: Repository, https://github.com/mosscomputing/moss-hermes
+Project-URL: Changelog, https://github.com/mosscomputing/moss-hermes/blob/main/CHANGELOG.md
+Author-email: MOSS Computing <support@mosscomputing.com>
+License-Expression: MIT
+License-File: LICENSE
+Keywords: ai-agents,ai-governance,cryptographic-signing,hermes,llm,ml-dsa-44,moss,nous-research,post-quantum
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
+Classifier: Topic :: Security :: Cryptography
+Requires-Python: >=3.9
+Requires-Dist: moss-sdk>=0.2.0
+Requires-Dist: requests>=2.28.0
+Provides-Extra: dev
+Requires-Dist: black>=23.0.0; extra == 'dev'
+Requires-Dist: mypy>=1.0.0; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.21.0; extra == 'dev'
+Requires-Dist: pytest>=7.0.0; extra == 'dev'
+Requires-Dist: ruff>=0.1.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# moss-hermes
+
+MOSS integration for [Nous Research Hermes](https://nousresearch.com) agents.
+
+## Overview
+
+Cryptographic signing for Hermes AI agent actions using ML-DSA-44 (NIST FIPS 204) post-quantum signatures.
+
+## Installation
+
+```bash
+pip install moss-hermes
+```
+
+## Quick Start
+
+```python
+from moss_hermes import sign_tool_call
+
+signed = sign_tool_call(
+    tool_name="send_email",
+    tool_input={"to": "user@example.com", "body": "Hello"},
+    tool_output={"status": "sent"},
+    agent_id="hermes-assistant"
+)
+```
+
+## What Gets Signed
+
+| Function | Use Case |
+|----------|----------|
+| `sign_tool_call` | Tool executions |
+| `sign_function_call` | OpenAI-compatible function calls |
+| `sign_reasoning_chain` | Chain-of-thought reasoning |
+| `sign_memory_retrieval` | Memory/RAG retrieval events |
+
+## Configuration
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `MOSS_API_KEY` | Enterprise API key | None (local mode) |
+| `MOSS_API_URL` | API endpoint | `https://api.mosscomputing.com` |
+
+## Features
+
+- **ML-DSA-44 Signatures**: Post-quantum cryptographic signing
+- **Causal Linking**: Link actions via `parent_sig` parameter
+- **Kill-Switch**: Monitor for agent revocation
+- **Async Support**: All functions have async versions
+
+## Links
+
+- [Documentation](https://docs.mosscomputing.com/sdks/hermes)
+- [Nous Research](https://nousresearch.com)
+- [Hermes Models](https://huggingface.co/NousResearch)
+- [PyPI](https://pypi.org/project/moss-hermes/)
+
+## License
+
+MIT - See [LICENSE](LICENSE) for details.

moss_hermes-0.1.0/README.md

@@ -0,0 +1,60 @@
+# moss-hermes
+
+MOSS integration for [Nous Research Hermes](https://nousresearch.com) agents.
+
+## Overview
+
+Cryptographic signing for Hermes AI agent actions using ML-DSA-44 (NIST FIPS 204) post-quantum signatures.
+
+## Installation
+
+```bash
+pip install moss-hermes
+```
+
+## Quick Start
+
+```python
+from moss_hermes import sign_tool_call
+
+signed = sign_tool_call(
+    tool_name="send_email",
+    tool_input={"to": "user@example.com", "body": "Hello"},
+    tool_output={"status": "sent"},
+    agent_id="hermes-assistant"
+)
+```
+
+## What Gets Signed
+
+| Function | Use Case |
+|----------|----------|
+| `sign_tool_call` | Tool executions |
+| `sign_function_call` | OpenAI-compatible function calls |
+| `sign_reasoning_chain` | Chain-of-thought reasoning |
+| `sign_memory_retrieval` | Memory/RAG retrieval events |
+
+## Configuration
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `MOSS_API_KEY` | Enterprise API key | None (local mode) |
+| `MOSS_API_URL` | API endpoint | `https://api.mosscomputing.com` |
+
+## Features
+
+- **ML-DSA-44 Signatures**: Post-quantum cryptographic signing
+- **Causal Linking**: Link actions via `parent_sig` parameter
+- **Kill-Switch**: Monitor for agent revocation
+- **Async Support**: All functions have async versions
+
+## Links
+
+- [Documentation](https://docs.mosscomputing.com/sdks/hermes)
+- [Nous Research](https://nousresearch.com)
+- [Hermes Models](https://huggingface.co/NousResearch)
+- [PyPI](https://pypi.org/project/moss-hermes/)
+
+## License
+
+MIT - See [LICENSE](LICENSE) for details.

moss_hermes-0.1.0/moss_hermes/__init__.py

@@ -0,0 +1,81 @@
+"""
+MOSS Hermes Integration - Cryptographic Signing for Hermes Agent Outputs
+
+Sign tool calls, reasoning chains, and agent actions from Nous Research's Hermes models.
+
+Quick Start:
+    from moss_hermes import sign_tool_call, sign_reasoning_chain
+    
+    # After Hermes executes a tool
+    signed = sign_tool_call(
+        tool_name="send_email",
+        tool_input={"to": "user@example.com", "body": "Hello"},
+        tool_output={"status": "sent", "message_id": "msg_123"},
+        agent_id="hermes-assistant"
+    )
+    print(f"Signature: {signed.signature}")
+
+Enterprise Mode:
+    Set MOSS_API_KEY environment variable to enable:
+    - Policy evaluation (allow/block/hold)
+    - Evidence retention
+    - Kill-switch monitoring
+    - Registry certification
+"""
+
+__version__ = "0.1.0"
+
+from .signing import (
+    sign_tool_call,
+    sign_tool_call_async,
+    sign_reasoning_chain,
+    sign_reasoning_chain_async,
+    sign_memory_retrieval,
+    sign_memory_retrieval_async,
+    sign_agent_action,
+    sign_agent_action_async,
+    sign_function_call,
+    sign_function_call_async,
+    verify_envelope,
+)
+
+from .wrapper import (
+    MossHermesWrapper,
+    moss_signed,
+)
+
+from .kill_switch import (
+    KillSwitchMonitor,
+    check_kill_switch,
+)
+
+from moss import SignResult, VerifyResult, Envelope, enterprise_enabled
+
+__all__ = [
+    # Explicit signing functions
+    "sign_tool_call",
+    "sign_tool_call_async",
+    "sign_reasoning_chain",
+    "sign_reasoning_chain_async",
+    "sign_memory_retrieval",
+    "sign_memory_retrieval_async",
+    "sign_agent_action",
+    "sign_agent_action_async",
+    "sign_function_call",
+    "sign_function_call_async",
+    "verify_envelope",
+    
+    # Wrapper for automatic signing
+    "MossHermesWrapper",
+    "moss_signed",
+    
+    # Kill-switch
+    "KillSwitchMonitor",
+    "check_kill_switch",
+    
+    # Core types
+    "SignResult",
+    "VerifyResult",
+    "Envelope",
+    "enterprise_enabled",
+]

moss_hermes-0.1.0/moss_hermes/kill_switch.py

@@ -0,0 +1,178 @@
+"""
+MOSS Hermes Kill-Switch Integration
+
+Monitors the MOSS Kill-Switch API and terminates agent capabilities if revoked.
+
+Example:
+    from moss_hermes import KillSwitchMonitor
+    
+    monitor = KillSwitchMonitor(
+        agent_id="hermes-trading-bot",
+        moss_api_key=os.environ["MOSS_API_KEY"],
+        on_revoked=lambda: sys.exit(1)
+    )
+    
+    # Start monitoring in background
+    monitor.start()
+    
+    # Run your agent
+    agent.run()
+"""
+
+import os
+import time
+import threading
+from typing import Callable, Optional
+import requests
+
+
+class KillSwitchMonitor:
+    """
+    Monitor MOSS kill-switch status and respond to revocations.
+    
+    When an agent is revoked via the MOSS console or API, this monitor
+    will detect it and call the on_revoked callback.
+    """
+    
+    def __init__(
+        self,
+        agent_id: str,
+        *,
+        moss_api_key: Optional[str] = None,
+        moss_api_url: str = "https://api.mosscomputing.com",
+        check_interval_seconds: int = 10,
+        on_revoked: Optional[Callable[[], None]] = None,
+        on_error: Optional[Callable[[Exception], None]] = None,
+    ):
+        """
+        Initialize the kill-switch monitor.
+        
+        Args:
+            agent_id: The agent ID to monitor
+            moss_api_key: MOSS API key (or set MOSS_API_KEY env var)
+            moss_api_url: MOSS API base URL
+            check_interval_seconds: How often to check status (default 10s)
+            on_revoked: Callback when agent is revoked
+            on_error: Callback on API errors
+        """
+        self.agent_id = agent_id
+        self.moss_api_key = moss_api_key or os.environ.get("MOSS_API_KEY")
+        self.moss_api_url = moss_api_url.rstrip("/")
+        self.check_interval = check_interval_seconds
+        self.on_revoked = on_revoked or self._default_on_revoked
+        self.on_error = on_error
+        
+        self._running = False
+        self._thread: Optional[threading.Thread] = None
+        self._revoked = False
+    
+    @property
+    def is_revoked(self) -> bool:
+        """Check if agent has been revoked."""
+        return self._revoked
+    
+    @property
+    def is_running(self) -> bool:
+        """Check if monitor is running."""
+        return self._running
+    
+    def start(self):
+        """Start the kill-switch monitor in a background thread."""
+        if self._running:
+            return
+        
+        self._running = True
+        self._thread = threading.Thread(target=self._monitor_loop, daemon=True)
+        self._thread.start()
+    
+    def stop(self):
+        """Stop the kill-switch monitor."""
+        self._running = False
+        if self._thread:
+            self._thread.join(timeout=5)
+    
+    def check_status(self) -> bool:
+        """
+        Check if agent is still active (not revoked).
+        
+        Returns:
+            True if active, False if revoked
+        """
+        if not self.moss_api_key:
+            return True  # No API key = assume active
+        
+        try:
+            response = requests.get(
+                f"{self.moss_api_url}/v1/agents/{self.agent_id}",
+                headers={"Authorization": f"Bearer {self.moss_api_key}"},
+                timeout=5,
+            )
+            
+            if response.status_code == 404:
+                # Agent not found
+                return False
+            
+            if response.status_code == 200:
+                data = response.json()
+                status = data.get("status", "active")
+                return status == "active"
+            
+            return True  # On error, assume active
+            
+        except Exception as e:
+            if self.on_error:
+                self.on_error(e)
+            return True  # On error, assume active
+    
+    def _monitor_loop(self):
+        """Background monitoring loop."""
+        while self._running:
+            if not self.check_status():
+                self._revoked = True
+                self._running = False
+                self.on_revoked()
+                return
+            
+            time.sleep(self.check_interval)
+    
+    @staticmethod
+    def _default_on_revoked():
+        """Default revocation handler - raises exception."""
+        raise AgentRevokedException("Agent has been revoked via MOSS kill-switch")
+
+
+class AgentRevokedException(Exception):
+    """Raised when an agent is revoked via MOSS kill-switch."""
+    pass
+
+
+def check_kill_switch(
+    agent_id: str,
+    *,
+    moss_api_key: Optional[str] = None,
+    moss_api_url: str = "https://api.mosscomputing.com",
+) -> bool:
+    """
+    One-time check if agent is revoked.
+    
+    Args:
+        agent_id: The agent ID to check
+        moss_api_key: MOSS API key
+        moss_api_url: MOSS API base URL
+    
+    Returns:
+        True if agent is active, False if revoked
+    
+    Example:
+        from moss_hermes import check_kill_switch
+        
+        if not check_kill_switch("my-agent"):
+            print("Agent has been revoked!")
+            sys.exit(1)
+    """
+    monitor = KillSwitchMonitor(
+        agent_id=agent_id,
+        moss_api_key=moss_api_key,
+        moss_api_url=moss_api_url,
+    )
+    return monitor.check_status()

moss_hermes-0.1.0/moss_hermes/signing.py

@@ -0,0 +1,439 @@
+"""
+MOSS Hermes Integration - Signing Functions
+
+Provides explicit signing functions for Hermes agent outputs.
+Compatible with Nous Research Hermes models (Hermes-2, Hermes-3, etc.)
+
+Example:
+    from moss_hermes import sign_tool_call
+    
+    # After Hermes executes a tool
+    signed = sign_tool_call(
+        tool_name="execute_code",
+        tool_input={"code": "print('hello')"},
+        tool_output={"result": "hello", "exit_code": 0},
+        agent_id="hermes-coder"
+    )
+"""
+
+from typing import Any, Dict, List, Optional
+from datetime import datetime, timezone
+
+from moss import sign, sign_async, verify, SignResult, VerifyResult
+
+
+def sign_tool_call(
+    tool_name: str,
+    tool_input: Dict[str, Any],
+    tool_output: Any,
+    agent_id: str,
+    *,
+    parent_sig: Optional[str] = None,
+    context: Optional[Dict[str, Any]] = None,
+) -> SignResult:
+    """
+    Sign a Hermes tool call execution.
+    
+    Args:
+        tool_name: Name of the tool executed (e.g., "send_email", "execute_code")
+        tool_input: Parameters passed to the tool
+        tool_output: Result returned by the tool
+        agent_id: Identifier for the Hermes agent
+        parent_sig: Optional parent signature for causal linking
+        context: Optional context (user_id, session_id, etc.)
+    
+    Returns:
+        SignResult with envelope and enterprise info
+    
+    Example:
+        signed = sign_tool_call(
+            tool_name="web_search",
+            tool_input={"query": "latest AI news"},
+            tool_output={"results": [...]},
+            agent_id="hermes-researcher"
+        )
+    """
+    payload = {
+        "type": "hermes_tool_call",
+        "tool_name": tool_name,
+        "tool_input": tool_input,
+        "tool_output": _serialize_output(tool_output),
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+    
+    if parent_sig:
+        payload["parent_sig"] = parent_sig
+    
+    return sign(
+        output=payload,
+        agent_id=agent_id,
+        action=f"hermes_tool:{tool_name}",
+        context=context,
+    )
+
+
+async def sign_tool_call_async(
+    tool_name: str,
+    tool_input: Dict[str, Any],
+    tool_output: Any,
+    agent_id: str,
+    *,
+    parent_sig: Optional[str] = None,
+    context: Optional[Dict[str, Any]] = None,
+) -> SignResult:
+    """Async version of sign_tool_call."""
+    payload = {
+        "type": "hermes_tool_call",
+        "tool_name": tool_name,
+        "tool_input": tool_input,
+        "tool_output": _serialize_output(tool_output),
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+    
+    if parent_sig:
+        payload["parent_sig"] = parent_sig
+    
+    return await sign_async(
+        output=payload,
+        agent_id=agent_id,
+        action=f"hermes_tool:{tool_name}",
+        context=context,
+    )
+
+
+def sign_reasoning_chain(
+    reasoning_steps: List[Dict[str, Any]],
+    final_conclusion: str,
+    agent_id: str,
+    *,
+    parent_sig: Optional[str] = None,
+    context: Optional[Dict[str, Any]] = None,
+) -> SignResult:
+    """
+    Sign a Hermes reasoning chain (chain-of-thought).
+    
+    Args:
+        reasoning_steps: List of reasoning steps with 'thought' and 'action'
+        final_conclusion: The final conclusion or answer
+        agent_id: Identifier for the Hermes agent
+        parent_sig: Optional parent signature for causal linking
+        context: Optional context
+    
+    Returns:
+        SignResult with envelope and enterprise info
+    
+    Example:
+        signed = sign_reasoning_chain(
+            reasoning_steps=[
+                {"thought": "I need to search for...", "action": "web_search"},
+                {"thought": "Based on results...", "action": "summarize"}
+            ],
+            final_conclusion="The answer is...",
+            agent_id="hermes-analyst"
+        )
+    """
+    payload = {
+        "type": "hermes_reasoning_chain",
+        "steps": reasoning_steps,
+        "step_count": len(reasoning_steps),
+        "conclusion": final_conclusion,
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+    
+    if parent_sig:
+        payload["parent_sig"] = parent_sig
+    
+    return sign(
+        output=payload,
+        agent_id=agent_id,
+        action="hermes_reasoning",
+        context=context,
+    )
+
+
+async def sign_reasoning_chain_async(
+    reasoning_steps: List[Dict[str, Any]],
+    final_conclusion: str,
+    agent_id: str,
+    *,
+    parent_sig: Optional[str] = None,
+    context: Optional[Dict[str, Any]] = None,
+) -> SignResult:
+    """Async version of sign_reasoning_chain."""
+    payload = {
+        "type": "hermes_reasoning_chain",
+        "steps": reasoning_steps,
+        "step_count": len(reasoning_steps),
+        "conclusion": final_conclusion,
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+    
+    if parent_sig:
+        payload["parent_sig"] = parent_sig
+    
+    return await sign_async(
+        output=payload,
+        agent_id=agent_id,
+        action="hermes_reasoning",
+        context=context,
+    )
+
+
+def sign_memory_retrieval(
+    query: str,
+    retrieved_memories: List[Dict[str, Any]],
+    agent_id: str,
+    *,
+    memory_type: str = "episodic",
+    context: Optional[Dict[str, Any]] = None,
+) -> SignResult:
+    """
+    Sign a Hermes memory retrieval event.
+    
+    Args:
+        query: The query used for memory retrieval
+        retrieved_memories: List of retrieved memory items
+        agent_id: Identifier for the Hermes agent
+        memory_type: Type of memory (episodic, semantic, procedural)
+        context: Optional context
+    
+    Returns:
+        SignResult with envelope and enterprise info
+    
+    Example:
+        signed = sign_memory_retrieval(
+            query="previous conversations about project X",
+            retrieved_memories=[{"content": "...", "timestamp": "..."}],
+            agent_id="hermes-assistant",
+            memory_type="episodic"
+        )
+    """
+    payload = {
+        "type": "hermes_memory_retrieval",
+        "query": query,
+        "memory_type": memory_type,
+        "retrieved_count": len(retrieved_memories),
+        "memories": retrieved_memories,
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+    
+    return sign(
+        output=payload,
+        agent_id=agent_id,
+        action=f"hermes_memory:{memory_type}",
+        context=context,
+    )
+
+
+async def sign_memory_retrieval_async(
+    query: str,
+    retrieved_memories: List[Dict[str, Any]],
+    agent_id: str,
+    *,
+    memory_type: str = "episodic",
+    context: Optional[Dict[str, Any]] = None,
+) -> SignResult:
+    """Async version of sign_memory_retrieval."""
+    payload = {
+        "type": "hermes_memory_retrieval",
+        "query": query,
+        "memory_type": memory_type,
+        "retrieved_count": len(retrieved_memories),
+        "memories": retrieved_memories,
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+    
+    return await sign_async(
+        output=payload,
+        agent_id=agent_id,
+        action=f"hermes_memory:{memory_type}",
+        context=context,
+    )
+
+
+def sign_agent_action(
+    action_type: str,
+    action_input: Dict[str, Any],
+    action_output: Any,
+    agent_id: str,
+    *,
+    parent_sig: Optional[str] = None,
+    reasoning: Optional[str] = None,
+    context: Optional[Dict[str, Any]] = None,
+) -> SignResult:
+    """
+    Sign a generic Hermes agent action.
+    
+    Args:
+        action_type: Type of action performed
+        action_input: Input parameters for the action
+        action_output: Output of the action
+        agent_id: Identifier for the Hermes agent
+        parent_sig: Optional parent signature for causal linking
+        reasoning: Optional reasoning that led to this action
+        context: Optional context
+    
+    Returns:
+        SignResult with envelope and enterprise info
+    """
+    payload = {
+        "type": "hermes_agent_action",
+        "action_type": action_type,
+        "input": action_input,
+        "output": _serialize_output(action_output),
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+    
+    if parent_sig:
+        payload["parent_sig"] = parent_sig
+    if reasoning:
+        payload["reasoning"] = reasoning
+    
+    return sign(
+        output=payload,
+        agent_id=agent_id,
+        action=f"hermes_action:{action_type}",
+        context=context,
+    )
+
+
+async def sign_agent_action_async(
+    action_type: str,
+    action_input: Dict[str, Any],
+    action_output: Any,
+    agent_id: str,
+    *,
+    parent_sig: Optional[str] = None,
+    reasoning: Optional[str] = None,
+    context: Optional[Dict[str, Any]] = None,
+) -> SignResult:
+    """Async version of sign_agent_action."""
+    payload = {
+        "type": "hermes_agent_action",
+        "action_type": action_type,
+        "input": action_input,
+        "output": _serialize_output(action_output),
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+    
+    if parent_sig:
+        payload["parent_sig"] = parent_sig
+    if reasoning:
+        payload["reasoning"] = reasoning
+    
+    return await sign_async(
+        output=payload,
+        agent_id=agent_id,
+        action=f"hermes_action:{action_type}",
+        context=context,
+    )
+
+
+def sign_function_call(
+    function_name: str,
+    arguments: Dict[str, Any],
+    result: Any,
+    agent_id: str,
+    *,
+    parent_sig: Optional[str] = None,
+    context: Optional[Dict[str, Any]] = None,
+) -> SignResult:
+    """
+    Sign a Hermes function call (OpenAI-compatible function calling).
+    
+    Args:
+        function_name: Name of the function called
+        arguments: Arguments passed to the function
+        result: Result of the function call
+        agent_id: Identifier for the Hermes agent
+        parent_sig: Optional parent signature for causal linking
+        context: Optional context
+    
+    Returns:
+        SignResult with envelope and enterprise info
+    
+    Example:
+        signed = sign_function_call(
+            function_name="get_weather",
+            arguments={"city": "San Francisco"},
+            result={"temp": 65, "condition": "sunny"},
+            agent_id="hermes-weather-bot"
+        )
+    """
+    payload = {
+        "type": "hermes_function_call",
+        "function_name": function_name,
+        "arguments": arguments,
+        "result": _serialize_output(result),
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+    
+    if parent_sig:
+        payload["parent_sig"] = parent_sig
+    
+    return sign(
+        output=payload,
+        agent_id=agent_id,
+        action=f"hermes_function:{function_name}",
+        context=context,
+    )
+
+
+async def sign_function_call_async(
+    function_name: str,
+    arguments: Dict[str, Any],
+    result: Any,
+    agent_id: str,
+    *,
+    parent_sig: Optional[str] = None,
+    context: Optional[Dict[str, Any]] = None,
+) -> SignResult:
+    """Async version of sign_function_call."""
+    payload = {
+        "type": "hermes_function_call",
+        "function_name": function_name,
+        "arguments": arguments,
+        "result": _serialize_output(result),
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+    
+    if parent_sig:
+        payload["parent_sig"] = parent_sig
+    
+    return await sign_async(
+        output=payload,
+        agent_id=agent_id,
+        action=f"hermes_function:{function_name}",
+        context=context,
+    )
+
+
+def verify_envelope(envelope: Any, payload: Any = None) -> VerifyResult:
+    """
+    Verify a signed envelope.
+    
+    Args:
+        envelope: MOSS Envelope or dict
+        payload: Original payload for hash verification (optional)
+    
+    Returns:
+        VerifyResult with valid=True/False and details
+    """
+    return verify(envelope, payload)
+
+
+def _serialize_output(output: Any) -> Any:
+    """Serialize output to JSON-compatible format."""
+    if output is None:
+        return None
+    if isinstance(output, (str, int, float, bool)):
+        return output
+    if isinstance(output, dict):
+        return output
+    if isinstance(output, list):
+        return output
+    if hasattr(output, "model_dump"):
+        return output.model_dump()
+    if hasattr(output, "__dict__"):
+        return output.__dict__
+    return str(output)

moss_hermes-0.1.0/moss_hermes/wrapper.py

@@ -0,0 +1,231 @@
+"""
+MOSS Hermes Wrapper - Automatic signing for Hermes agents
+
+Provides a wrapper class and decorator for automatic signing of all tool calls.
+
+Example:
+    from moss_hermes import MossHermesWrapper
+    
+    # Wrap any Hermes-compatible agent
+    agent = MossHermesWrapper(
+        agent=my_hermes_agent,
+        agent_id="hermes-assistant",
+        moss_api_key=os.environ["MOSS_API_KEY"]
+    )
+    
+    # All tool calls are now automatically signed
+    result = agent.run("Search for AI news and summarize")
+"""
+
+from typing import Any, Callable, Dict, Optional, List
+from functools import wraps
+import os
+
+from .signing import sign_tool_call, sign_function_call, sign_agent_action
+
+
+class MossHermesWrapper:
+    """
+    Wrapper for Hermes agents that automatically signs all tool/function calls.
+    
+    Example:
+        from transformers import AutoModelForCausalLM
+        from moss_hermes import MossHermesWrapper
+        
+        model = AutoModelForCausalLM.from_pretrained("NousResearch/Hermes-3-Llama-3.1-8B")
+        
+        wrapped = MossHermesWrapper(
+            agent=model,
+            agent_id="hermes-3-assistant",
+            moss_api_key=os.environ["MOSS_API_KEY"]
+        )
+    """
+    
+    def __init__(
+        self,
+        agent: Any,
+        agent_id: str,
+        *,
+        moss_api_key: Optional[str] = None,
+        auto_sign_tools: bool = True,
+        auto_sign_functions: bool = True,
+        context: Optional[Dict[str, Any]] = None,
+    ):
+        """
+        Initialize the MOSS Hermes wrapper.
+        
+        Args:
+            agent: The Hermes agent/model to wrap
+            agent_id: Identifier for this agent in MOSS
+            moss_api_key: MOSS API key (or set MOSS_API_KEY env var)
+            auto_sign_tools: Automatically sign tool calls
+            auto_sign_functions: Automatically sign function calls
+            context: Default context for all signatures
+        """
+        self.agent = agent
+        self.agent_id = agent_id
+        self.moss_api_key = moss_api_key or os.environ.get("MOSS_API_KEY")
+        self.auto_sign_tools = auto_sign_tools
+        self.auto_sign_functions = auto_sign_functions
+        self.context = context or {}
+        self._last_signature: Optional[str] = None
+        self._signature_chain: List[str] = []
+    
+    @property
+    def last_signature(self) -> Optional[str]:
+        """Get the last signature generated."""
+        return self._last_signature
+    
+    @property
+    def signature_chain(self) -> List[str]:
+        """Get all signatures in the current chain."""
+        return self._signature_chain.copy()
+    
+    def clear_chain(self):
+        """Clear the signature chain (start fresh)."""
+        self._signature_chain = []
+        self._last_signature = None
+    
+    def execute_tool(
+        self,
+        tool_name: str,
+        tool_input: Dict[str, Any],
+        tool_executor: Callable,
+    ) -> Any:
+        """
+        Execute a tool and sign the result.
+        
+        Args:
+            tool_name: Name of the tool
+            tool_input: Input parameters
+            tool_executor: Function that executes the tool
+        
+        Returns:
+            Tool output (with signature attached if enterprise mode)
+        """
+        # Execute the tool
+        output = tool_executor(tool_input)
+        
+        # Sign if enabled
+        if self.auto_sign_tools:
+            signed = sign_tool_call(
+                tool_name=tool_name,
+                tool_input=tool_input,
+                tool_output=output,
+                agent_id=self.agent_id,
+                parent_sig=self._last_signature,
+                context=self.context,
+            )
+            self._last_signature = signed.signature
+            self._signature_chain.append(signed.signature)
+            
+            # Check if blocked
+            if signed.blocked:
+                raise ToolBlockedError(
+                    f"Tool '{tool_name}' blocked by policy: {signed.enterprise.policy.reason}"
+                )
+        
+        return output
+    
+    def execute_function(
+        self,
+        function_name: str,
+        arguments: Dict[str, Any],
+        function_executor: Callable,
+    ) -> Any:
+        """
+        Execute a function call and sign the result.
+        
+        Args:
+            function_name: Name of the function
+            arguments: Function arguments
+            function_executor: Function that executes the call
+        
+        Returns:
+            Function result (with signature attached if enterprise mode)
+        """
+        # Execute the function
+        result = function_executor(arguments)
+        
+        # Sign if enabled
+        if self.auto_sign_functions:
+            signed = sign_function_call(
+                function_name=function_name,
+                arguments=arguments,
+                result=result,
+                agent_id=self.agent_id,
+                parent_sig=self._last_signature,
+                context=self.context,
+            )
+            self._last_signature = signed.signature
+            self._signature_chain.append(signed.signature)
+            
+            # Check if blocked
+            if signed.blocked:
+                raise FunctionBlockedError(
+                    f"Function '{function_name}' blocked by policy: {signed.enterprise.policy.reason}"
+                )
+        
+        return result
+    
+    def __getattr__(self, name: str) -> Any:
+        """Delegate attribute access to wrapped agent."""
+        return getattr(self.agent, name)
+
+
+class ToolBlockedError(Exception):
+    """Raised when a tool call is blocked by MOSS policy."""
+    pass
+
+
+class FunctionBlockedError(Exception):
+    """Raised when a function call is blocked by MOSS policy."""
+    pass
+
+
+def moss_signed(
+    agent_id: str,
+    *,
+    action_type: str = "tool_call",
+    context: Optional[Dict[str, Any]] = None,
+):
+    """
+    Decorator to automatically sign function/tool outputs.
+    
+    Example:
+        @moss_signed(agent_id="hermes-bot", action_type="web_search")
+        def search_web(query: str) -> dict:
+            # ... perform search ...
+            return results
+        
+        # Function output is automatically signed
+        results = search_web("latest AI news")
+    """
+    def decorator(func: Callable) -> Callable:
+        @wraps(func)
+        def wrapper(*args, **kwargs):
+            # Extract input
+            tool_input = {"args": args, "kwargs": kwargs}
+            
+            # Execute function
+            result = func(*args, **kwargs)
+            
+            # Sign the result
+            signed = sign_agent_action(
+                action_type=action_type,
+                action_input=tool_input,
+                action_output=result,
+                agent_id=agent_id,
+                context=context,
+            )
+            
+            # Check if blocked
+            if signed.blocked:
+                raise ToolBlockedError(
+                    f"Action blocked by policy: {signed.enterprise.policy.reason}"
+                )
+            
+            return result
+        
+        return wrapper
+    return decorator

moss_hermes-0.1.0/pyproject.toml

@@ -0,0 +1,75 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "moss-hermes"
+version = "0.1.0"
+description = "MOSS integration for Nous Research Hermes agents - cryptographic signing for AI actions"
+readme = "README.md"
+license = "MIT"
+authors = [
+    { name = "MOSS Computing", email = "support@mosscomputing.com" }
+]
+keywords = [
+    "moss",
+    "hermes",
+    "nous-research",
+    "ai-governance",
+    "cryptographic-signing",
+    "ml-dsa-44",
+    "post-quantum",
+    "ai-agents",
+    "llm",
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security :: Cryptography",
+    "Topic :: Scientific/Engineering :: Artificial Intelligence",
+]
+requires-python = ">=3.9"
+dependencies = [
+    "moss-sdk>=0.2.0",
+    "requests>=2.28.0",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=7.0.0",
+    "pytest-asyncio>=0.21.0",
+    "black>=23.0.0",
+    "mypy>=1.0.0",
+    "ruff>=0.1.0",
+]
+
+[project.urls]
+Homepage = "https://mosscomputing.com"
+Documentation = "https://docs.mosscomputing.com/hermes"
+Repository = "https://github.com/mosscomputing/moss-hermes"
+Changelog = "https://github.com/mosscomputing/moss-hermes/blob/main/CHANGELOG.md"
+
+[tool.hatch.build.targets.wheel]
+packages = ["moss_hermes"]
+
+[tool.pytest.ini_options]
+asyncio_mode = "auto"
+
+[tool.black]
+line-length = 100
+target-version = ["py39", "py310", "py311", "py312"]
+
+[tool.ruff]
+line-length = 100
+select = ["E", "F", "I", "W"]
+
+[tool.mypy]
+python_version = "3.9"
+warn_return_any = true
+warn_unused_ignores = true

moss_hermes-0.1.0/tests/__init__.py

@@ -0,0 +1 @@
+# MOSS Hermes Tests

moss_hermes-0.1.0/tests/test_signing.py

@@ -0,0 +1,140 @@
+"""Tests for MOSS Hermes signing functions."""
+
+import pytest
+from unittest.mock import patch, MagicMock
+
+
+class TestSignToolCall:
+    """Tests for sign_tool_call function."""
+    
+    def test_sign_tool_call_basic(self):
+        """Test basic tool call signing."""
+        with patch("moss_hermes.signing.sign") as mock_sign:
+            mock_sign.return_value = MagicMock(
+                signature="test_sig",
+                blocked=False,
+            )
+            
+            from moss_hermes import sign_tool_call
+            
+            result = sign_tool_call(
+                tool_name="test_tool",
+                tool_input={"key": "value"},
+                tool_output={"result": "success"},
+                agent_id="test-agent"
+            )
+            
+            assert result.signature == "test_sig"
+            assert not result.blocked
+            mock_sign.assert_called_once()
+    
+    def test_sign_tool_call_with_parent(self):
+        """Test tool call signing with parent signature."""
+        with patch("moss_hermes.signing.sign") as mock_sign:
+            mock_sign.return_value = MagicMock(
+                signature="child_sig",
+                blocked=False,
+            )
+            
+            from moss_hermes import sign_tool_call
+            
+            result = sign_tool_call(
+                tool_name="child_tool",
+                tool_input={},
+                tool_output={},
+                agent_id="test-agent",
+                parent_sig="parent_sig_123"
+            )
+            
+            call_args = mock_sign.call_args
+            assert call_args[1]["output"]["parent_sig"] == "parent_sig_123"
+
+
+class TestSignReasoningChain:
+    """Tests for sign_reasoning_chain function."""
+    
+    def test_sign_reasoning_chain(self):
+        """Test reasoning chain signing."""
+        with patch("moss_hermes.signing.sign") as mock_sign:
+            mock_sign.return_value = MagicMock(
+                signature="reasoning_sig",
+                blocked=False,
+            )
+            
+            from moss_hermes import sign_reasoning_chain
+            
+            result = sign_reasoning_chain(
+                reasoning_steps=[
+                    {"thought": "Step 1", "action": "search"},
+                    {"thought": "Step 2", "action": "summarize"}
+                ],
+                final_conclusion="The answer is 42",
+                agent_id="test-agent"
+            )
+            
+            assert result.signature == "reasoning_sig"
+            call_args = mock_sign.call_args
+            assert call_args[1]["output"]["step_count"] == 2
+
+
+class TestSignFunctionCall:
+    """Tests for sign_function_call function."""
+    
+    def test_sign_function_call(self):
+        """Test function call signing."""
+        with patch("moss_hermes.signing.sign") as mock_sign:
+            mock_sign.return_value = MagicMock(
+                signature="func_sig",
+                blocked=False,
+            )
+            
+            from moss_hermes import sign_function_call
+            
+            result = sign_function_call(
+                function_name="get_weather",
+                arguments={"city": "NYC"},
+                result={"temp": 72},
+                agent_id="test-agent"
+            )
+            
+            assert result.signature == "func_sig"
+            call_args = mock_sign.call_args
+            assert call_args[1]["action"] == "hermes_function:get_weather"
+
+
+class TestKillSwitch:
+    """Tests for kill-switch functionality."""
+    
+    def test_check_kill_switch_active(self):
+        """Test kill-switch check returns True for active agent."""
+        with patch("moss_hermes.kill_switch.requests.get") as mock_get:
+            mock_get.return_value = MagicMock(
+                status_code=200,
+                json=lambda: {"status": "active"}
+            )
+            
+            from moss_hermes import check_kill_switch
+            
+            result = check_kill_switch(
+                "test-agent",
+                moss_api_key="test_key"
+            )
+            
+            assert result is True
+    
+    def test_check_kill_switch_revoked(self):
+        """Test kill-switch check returns False for revoked agent."""
+        with patch("moss_hermes.kill_switch.requests.get") as mock_get:
+            mock_get.return_value = MagicMock(
+                status_code=200,
+                json=lambda: {"status": "revoked"}
+            )
+            
+            from moss_hermes import check_kill_switch
+            
+            result = check_kill_switch(
+                "test-agent",
+                moss_api_key="test_key"
+            )
+            
+            assert result is False