[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-82436":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":14,"forks30d":14,"starsTrendScore":18,"compositeScore":19,"rankGlobal":9,"rankLanguage":9,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":9,"pushedAt":9,"updatedAt":25,"readmeContent":26,"aiSummary":27,"trendingCount":14,"starSnapshotCount":14,"syncStatus":28,"lastSyncTime":29,"discoverSource":30},82436,"OrgKernel","MetapriseAI\u002FOrgKernel","MetapriseAI","Open-source trust layer for AI agents — cryptographic agent identity (Ed25519), instance-scoped execution tokens, SHA-256 hash-chained audit logging, and enterprise SSO\u002FSCIM federation. The security foundation powering every agent in the Metaprise AURA platform.",null,"Python",1343,124,92,0,84,228,264,252,104.29,"Apache License 2.0",false,"main",true,[],"2026-06-12 04:01:38","# OrgKernel\n\n\u003Cp align=\"center\">\n \u003Cstrong>Enterprise Trust Layer for AI Agents\u003C\u002Fstrong>\u003Cbr\u002F>\n Cryptographically secure identity, scoped execution, and tamper-evident audit trails —\u003Cbr\u002F>\n transparent by design, not by promise.\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMetapriseAI\u002FOrgKernel\u002Fblob\u002Fmain\u002FLICENSE\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Apache%202.0-blue.svg\" alt=\"License: Apache 2.0\" \u002F>\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMetapriseAI\u002FOrgKernel\u002Fstargazers\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FMetapriseAI\u002FOrgKernel?style=flat&color=yellow\" alt=\"GitHub Stars\" \u002F>\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMetapriseAI\u002FOrgKernel\u002Fissues\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002FMetapriseAI\u002FOrgKernel\" alt=\"GitHub Issues\" \u002F>\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMetapriseAI\u002FOrgKernel\u002Fpulls\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues-pr\u002FMetapriseAI\u002FOrgKernel\" alt=\"Pull Requests\" \u002F>\n \u003C\u002Fa>\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.10+-3776AB?logo=python\" alt=\"Python 3.10+\" \u002F>\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FFastAPI-supported-009688?logo=fastapi\" alt=\"FastAPI\" \u002F>\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPostgreSQL-supported-336791?logo=postgresql\" alt=\"PostgreSQL\" \u002F>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Cb>3\u003C\u002Fb> Core Modules (Phase 1)  ·  \u003Cb>27\u003C\u002Fb> REST Endpoints  ·  \u003Cb>5\u003C\u002Fb> Build Phases  ·  PostgreSQL \u002F MySQL \u002F SQLite Persistence\n\u003C\u002Fp>\n\n---\n\n## Overview\n\n**OrgKernel** is the security and governance foundation for the AI Agent system. It ensures every agent has a verifiable cryptographic identity, every mission operates within strict boundaries, and every action leaves a tamper-evident audit trail — all without a running AI model.\n\nPhase 1 delivers the three cryptographic primitives. Phases 2–5 add mission lifecycle, policy engine, authority graph, and tool gateway.\n\n| Capability | Status | Description |\n|---|---|---|\n| **Cryptographic Identity (PKI)** | ✅ Phase 1 | Ed25519 keypairs, Org CA signing, CSR, and challenge-response verification |\n| **Scoped Execution Tokens** | ✅ Phase 1 | Mission-scoped permission tokens with tool allowlists, numeric parameter bounds, and Ed25519 signatures to prevent token grafting |\n| **Hash-Chained Audit Trail** | ✅ Phase 1 | Three-layer audit (IDENTITY \u002F EXECUTION \u002F COMPLIANCE) persisted to PostgreSQL with SHA-256 hash chaining and integrity verification |\n| **Mission Lifecycle** | 🔲 Phase 2 | 8-state mission state machine with enforced transitions |\n| **Tool Gateway** | 🔲 Phase 3 | Token scope enforcement before every external tool call |\n| **Policy Engine** | 🔲 Phase 3 | Declarative policy CRUD with version history and constraint derivation |\n| **Authority Graph** | 🔲 Phase 3 | Org hierarchy traversal, approval level determination, spend authority resolution |\n| **Data Classifier** | 🔲 Phase 3 | Rule-based data classification producing routing tiers and scope constraints |\n\n---\n\n## Build Phases\n\n| Phase | Status | Scope |\n|---|---|---|\n| Phase 1 | ✅ Complete | Core primitives: Identity, Token, Audit |\n| Phase 2 | 🔲 Planned | Mission lifecycle with state machine |\n| Phase 3 | 🔲 Planned | Gateway, Policy, Authority, Classifier |\n| Phase 4 | 🔲 Planned | Full DB persistence & version history |\n| Phase 5 | 🔲 Planned | Optimization & Iteration |\n\n---\n\n## System Architecture\n\nOrgKernel currently orchestrates three services (Phase 1). When Phases 2–5 are complete, the full flow will be: Mission Launch → Approval → Tool Execution → Close\u002FEscalate, with every phase writing to a specific audit layer.\n\n### Complete Flow — Five Phases (Phases 2–5 not yet implemented)\n\n| Phase | Component(s) Called | Audit Layer | Key Behavior |\n|---|---|---|---|\n| **1 Mission Launch** *(Phase 1 available)* | `AgentIdentityService` | L1 Business | Validates agent identity before any operation |\n| **2 State Transition** *(Phase 2 — planned)* | `MissionService.submit()` | L2 Execution | Mission enters approval queue |\n| **3 Triple Review** *(Phase 3 — planned)* | `PolicyEngine` + `AuthorityGraph` + `DataClassifier` | L2 Execution | Constraints frozen into `MissionBoundary`. `ExecutionTokenService.mint()` issues signed token |\n| **4 Tool Execution** *(Phase 3 — planned)* | `ToolGatewayService.validate_tool_call()` | L2 Execution | Five gateway checks on every call: token valid, CA signature correct, agent_id match, tool in scope, tool not forbidden |\n| **5 Mission Close** *(Phase 2 — planned)* | `MissionService.close()` | L2 Execution | Token consumed, state → CLOSED |\n| **6 Escalation** *(Phase 2 — planned)* | `MissionService.escalate()` | L3 Compliance | Only path to L3 audit layer |\n\n### Three-Layer Audit Semantics (Phase 1)\n\n| Audit Layer | Triggered By | Semantics |\n|---|---|---|\n| **L1 Business** | `AuditChainService.initialize()` | Business perspective: who, in which org, for which mission |\n| **L2 Execution** | Every tool call + state transition + approval + close | Execution perspective: every behavior the system performed |\n| **L3 Compliance** | Only `MissionService.escalate()` (Phase 2) | Compliance perspective: what triggered human compliance intervention |\n\n### Architecture Diagram (Phase 1)\n\n```\nAgent Platform\n |\n |-- CSR submitted --> AgentIdentityService.submit_csr()\n | |-- validates duplicate\n | v\n |-- CSR issued -----> AgentIdentityService.issue_from_csr()\n | |-- generates Ed25519 keypair (server-side)\n | |-- signs certificate with Org CA\n | |-- returns certificate + private_key_pem ONCE\n | |-- persists identity record (NO private key)\n | v\n | AgentCertificate + AgentIdentity\n |\n |-- token mint ----> ExecutionTokenService.mint()\n | |-- Ed25519-signed by Org CA (prevents Token Grafting)\n | |-- tool allowlist + numeric bounds\n | v\n | ExecutionToken\n |\n |-- scope check ---> ExecutionTokenService.check_scope()\n | |-- tool in scope?\n | |-- bounded params within limits?\n | v\n | ScopeCheckResponse (ALLOWED or BLOCKED)\n |\n |-- audit init ----> AuditChainService.initialize()\n | |-- writes genesis IDENTITY entry (SHA-256)\n | v\n |-- audit append ---> AuditChainService.append()\n | |-- SHA-256 prev_hash chain\n | v\n |-- audit verify ---> AuditChainService.verify_integrity()\n |-- recomputes all hashes\n |-- detects deletion \u002F tampering \u002F reorder\n```\n\n### Challenge-Response Authentication (Phase 1)\n\n| Step | Party | Action |\n|---|---|---|\n| 1 | Verifier | Calls `AgentIdentityService.request_challenge(agent_id, issued_by)` — generates random nonce + `challenge_id`, stored in memory with 5-minute TTL |\n| 2 | Verifier → Agent | Sends nonce to the target Agent |\n| 3 | Agent | Signs the nonce with its Ed25519 private key, constructs `ChallengeResponse(challenge_id, nonce, public_key, signature)` |\n| 4 | Verifier | Calls `AgentIdentityService.verify_challenge(response)` — validates: nonce one-time use (anti-replay), Ed25519 signature correct, certificate ACTIVE and not expired |\n\n**Attack vectors prevented:** Replay attack (nonce consumed after one use), private key theft (signature must match nonce), Token Grafting (`token.agent_id == caller.agent_id` verified at every scope check).\n\n---\n\n## Core Modules\n\n### Module 01 — Agent Identity ✅ Phase 1\n\nPKI lifecycle management for AI agents. Generates Ed25519 keypairs, issues certificates signed by an Org CA, and manages the full revoke \u002F suspend \u002F reactivate lifecycle.\n\n**Tags:** `Ed25519` `CSR` `Challenge-Response` `Revocation`\n\n### Module 02 — Execution Token ✅ Phase 1\n\nScoped, time-bounded permission tokens for mission execution. Each token carries a tool allowlist, numeric parameter bounds, and an Ed25519 signature to prevent token grafting attacks.\n\n**Tags:** `Tool Scope` `Bounded Params` `Ed25519 Sig` `Expiry`\n\n### Module 03 — Mission Lifecycle 🔲 Phase 2\n\n8-state mission state machine: `CREATED → PLANNING → WAITING_APPROVAL → APPROVED → PENDING_EXECUTION → IN_PROGRESS → EXECUTED → CLOSED`. Materializes boundaries at approval time.\n\n**Tags:** `8 States` `State Transitions` `Boundary Snapshot` `REST API`\n\n### Module 04 — Tool Gateway 🔲 Phase 3\n\nEnforces token scope before every external tool call. Validates the token signature, checks tool in scope, verifies bounded params, and writes execution audit entries. Prevents Token Grafting attacks at runtime.\n\n**Tags:** `Scope Guard` `Token Grafting Prevention` `Param Bounds` `ALLOWED\u002FBLOCKED\u002FPARTIAL`\n\n### Module 05 — Policy Engine 🔲 Phase 3\n\nDeclarative policy CRUD with version history and audit trail. Evaluates rules at mission approval time to derive forbidden tools, time restrictions, spend limits, and dual-approval requirements.\n\n**Tags:** `Policy CRUD` `Version History` `Rule Evaluation` `6 Policy Types`\n\n### Module 06 — Authority Graph 🔲 Phase 3\n\nOrg hierarchy traversal and approval level resolution. Maps agents to org units, determines L0-L5 approval requirements, builds multi-step approval chains, and resolves spend authority for mission authorization.\n\n**Tags:** `Org Hierarchy` `L0-L5 Approval` `Spend Authority` `Approval Chain`\n\n### Module 07 — Data Classifier 🔲 Phase 3\n\nClassifies data sources accessed by a mission's tools using rule-based classification. Produces a routing classification (PUBLIC to TOP_SECRET) and data scope constraints for the `MissionBoundary`.\n\n**Tags:** `5 Tiers` `5 Scopes` `Rule Engine` `Data Constraints`\n\n### Module 08 — Audit Chain ✅ Phase 1\n\nThree-layer, hash-chained audit logging persisted to the database. Each layer (IDENTITY, EXECUTION, COMPLIANCE) maintains its own SHA-256 hash chain with integrity verification. REST API exposes chain query and cryptographic integrity checks.\n\n**Tags:** `3 Audit Layers` `SHA-256 Chain` `Integrity Verify` `REST API`\n\n---\n\n## Mission 8-State Lifecycle 🔲 Phase 2 (planned)\n\nEvery mission follows this state machine once Phase 2 is implemented. Invalid transitions raise `InvalidStateTransitionError`. All transitions are audited via the L2 Execution layer.\n\n### Valid Transitions\n\n| From State | Allowed Transitions | How It Happens |\n|---|---|---|\n| `CREATED` | → `PLANNING` | Only path — set by `launch()` internally |\n| `PLANNING` | → `WAITING_APPROVAL` or → `APPROVED` | `submit()` goes to `WAITING_APPROVAL`; L0 agents can self-approve → `APPROVED` directly |\n| `WAITING_APPROVAL` | → `APPROVED` or → `CLOSED` | `approve()` → `APPROVED`; `reject()` or `close(CANCELLED)` → `CLOSED` |\n| `APPROVED` | → `PENDING_EXECUTION` or → `IN_PROGRESS` | `start_execution()` skips queue → `IN_PROGRESS` directly; otherwise → `PENDING_EXECUTION` |\n| `PENDING_EXECUTION` | → `IN_PROGRESS` or → `WAITING_APPROVAL` or → `CLOSED` | Normal start → `IN_PROGRESS`; rollback → `WAITING_APPROVAL`; `close(CANCELLED)` → `CLOSED` |\n| `IN_PROGRESS` | → `EXECUTED` or → `WAITING_APPROVAL` or → `CLOSED` | `complete_execution()` → `EXECUTED`; rollback → `WAITING_APPROVAL`; `close()` or `escalate()` → `CLOSED` |\n| `EXECUTED` | → `CLOSED` | Only path — `close()` with `SUCCESS` or `FAILED` |\n| `CLOSED` | none | Terminal — no further transitions allowed |\n\n### State Diagram\n\n```\nCREATED --> PLANNING --> WAITING_APPROVAL\n | |\n | reject\u002Fclose(CANCELLED)\n | |\n +-----> APPROVED \u003C-----------+\n (L0 self-approval) |\n | |\n v |\n PENDING_EXECUTION |\n | rollback\n v |\n IN_PROGRESS ------+\n |\n v\n EXECUTED --> CLOSED (terminal)\n\nEscape to CLOSED from: WAITING_APPROVAL, PENDING_EXECUTION, IN_PROGRESS\nOnly escalate() writes L3 Compliance — all other CLOSE writes L2\n```\n\n---\n\n## Security Model\n\n### Token Grafting Prevention\n\nThe Execution Token is Ed25519-signed by the Org CA covering the full payload (scope, bounds, expiry). Any modification invalidates the signature. The scope check verifies `token.agent_id == caller.agent_id` on every call.\n\n### Challenge-Response Authentication\n\nAgents prove identity via Ed25519 challenge-response with one-time nonces. Certificates are verified against the Org CA's public key. Revocation and expiry are enforced at verification time.\n\n### Tamper-Evident Audit Chain\n\nEvery audit entry carries a SHA-256 hash of its content and a `prev_hash` linking to the previous entry. The integrity API recomputes all hashes and detects any deleted, modified, or reordered entries.\n\n### Audit Chain Integrity Checks\n\n| Check | Detects |\n|---|---|\n| Hash present | Hash stripped by attacker |\n| Sequence continuity (IDs increment by 1) | Entry deletion |\n| `prev_hash` linkage | Entry modification or reordering |\n| Content hash match (stored == recomputed SHA-256) | Entry content tampering |\n\n---\n\n## Quick Start\n\n### Install\n\nRequires Python 3.10+. From a local checkout:\n\n```bash\ncd \u002Fpath\u002Fto\u002Forgkernel\npip install -e \".[postgres]\" # postgres | mysql | sqlite\n```\n\nDatabase driver extras:\n- `pip install orgkernel[postgres]` — PostgreSQL (recommended)\n- `pip install orgkernel[mysql]` — MySQL \u002F MariaDB\n- `pip install orgkernel[sqlite]` — SQLite for local dev\n\n### Service layer\n\nDirect Python async — no HTTP, no API key.\n\n```python\nfrom datetime import datetime, timedelta, timezone\nfrom sqlalchemy.ext.asyncio import AsyncSession\n\nfrom orgkernel.database import async_engine, init_db, get_session_factory\nfrom orgkernel.services import AgentIdentityService, ExecutionTokenService, AuditChainService\nfrom orgkernel.schemas import AgentIdentityCSR, ExecutionTokenCreate, ScopeCheckRequest, AuditLayer\n\n\nasync def demo(db: AsyncSession) -> None:\n # Configure database\n async_engine.url = \"postgresql+asyncpg:\u002F\u002Fuser:pass@localhost:5432\u002Forgkernel\"\n await init_db()\n\n identity_svc = AgentIdentityService(db)\n token_svc = ExecutionTokenService(db)\n audit_svc = AuditChainService()\n\n # 1. Issue agent identity (CSR flow)\n csr = AgentIdentityCSR(\n agent_name=\"invoice-processor\",\n org_id=\"acme-corp\",\n requested_ou=\"finance_team\",\n public_key=\"\u003Cagent-ed25519-public-key-base64url>\",\n purpose=\"automated-invoice-processing\",\n )\n issued = await identity_svc.issue_from_csr(csr)\n print(f\"Agent ID: {issued.identity.agent_id}\") # → \"aid_7f3k9...\"\n print(f\"Private key (returned once): {issued.agent_private_key_pem[:30]}...\"\n\n # 2. Mint scoped execution token (Ed25519-signed by Org CA)\n token = await token_svc.mint(\n ExecutionTokenCreate(\n agent_id=issued.identity.agent_id,\n mission_id=\"msn_invoice01\",\n execution_scope=[\"read_invoice\", \"write_payment_draft\"],\n immutable_params={\"currency\": \"USD\"},\n bounded_params=[{\"name\": \"amount\", \"upper_bound\": 50000}],\n expires_at=datetime.now(timezone.utc) + timedelta(hours=4),\n )\n )\n print(f\"Token: {token.token_id}\") # → \"tok_abc123...\"\n print(f\"Signed: {token.token_signature[:20]}...\")\n\n # 3. Enforce scope before every tool call\n allowed = await token_svc.check_scope(\n ScopeCheckRequest(\n token_id=token.token_id,\n tool_name=\"read_invoice\",\n params={\"invoice_id\": \"4521\"},\n )\n )\n print(f\"Scope check passed: {allowed.passed}\") # → True\n\n # 4. Initialize audit chain (writes genesis IDENTITY entry)\n chain_id = await audit_svc.initialize(\n db,\n mission_id=\"msn_invoice01\",\n agent_id=issued.identity.agent_id,\n )\n\n # 5. Append audit entries\n await audit_svc.append(\n db,\n chain_id=chain_id,\n layer=AuditLayer.EXECUTION,\n event=\"EXECUTION_tool_call\",\n agent_id=issued.identity.agent_id,\n mission_id=\"msn_invoice01\",\n data={\"tool\": \"read_invoice\", \"invoice_id\": \"4521\", \"result\": \"success\", \"duration_ms\": 230},\n token_id=token.token_id,\n )\n\n # 6. Verify audit integrity\n assert await audit_svc.verify_integrity(db, chain_id) is True\n\n await db.commit()\n```\n\n### FastAPI integration\n\nMount the built-in HTTP router for 27 REST endpoints across identity, token, and audit.\n\n```python\nfrom fastapi import FastAPI, Depends\nfrom sqlalchemy.ext.asyncio import AsyncSession\n\nfrom orgkernel.database import async_engine, get_session_factory, init_db\nfrom orgkernel.pyapi.router import router\n\napp = FastAPI(title=\"Agent Platform powered by OrgKernel\")\n\n\n@app.on_event(\"startup\")\nasync def startup() -> None:\n async_engine.url = \"postgresql+asyncpg:\u002F\u002Fuser:pass@localhost:5432\u002Forgkernel\"\n await init_db()\n\n\nasync def get_db() -> AsyncSession:\n factory = get_session_factory(async_engine)\n async with factory() as session:\n yield session\n\n\napp.include_router(router, prefix=\"\u002Forgkernel\", get_db=get_db)\n# All 27 endpoints under \u002Forgkernel\u002F...\n```\n\n---\n\n## REST API Reference\n\nAll endpoints are prefixed `\u002Forgkernel`. No API key — the server is your own infrastructure.\n\n### Endpoint overview\n\n| Method | Path | Description |\n|---|---|---|\n| `POST` | `\u002Forgkernel\u002Fidentity\u002Fcsr\u002Fsubmit` | Submit CSR (step 1 of PKI lifecycle) |\n| `POST` | `\u002Forgkernel\u002Fidentity\u002Fissue` | Issue identity from CSR (step 2–3) |\n| `GET` | `\u002Forgkernel\u002Fidentity\u002F{agent_id}` | Get identity by ID |\n| `GET` | `\u002Forgkernel\u002Fidentity\u002F{agent_id}\u002Fcertificate` | Get signed certificate |\n| `POST` | `\u002Forgkernel\u002Fidentity\u002Fverify` | Static verification (status + expiry) |\n| `POST` | `\u002Forgkernel\u002Fidentity\u002Fchallenge\u002Frequest` | Request cryptographic challenge |\n| `POST` | `\u002Forgkernel\u002Fidentity\u002Fchallenge\u002Fverify` | Verify signed challenge |\n| `POST` | `\u002Forgkernel\u002Fidentity\u002F{agent_id}\u002Fsuspend` | Suspend identity |\n| `POST` | `\u002Forgkernel\u002Fidentity\u002F{agent_id}\u002Freactivate` | Reactivate suspended identity |\n| `POST` | `\u002Forgkernel\u002Fidentity\u002F{agent_id}\u002Frevoke` | Permanently revoke identity |\n| `GET` | `\u002Forgkernel\u002Fidentity\u002Forg\u002F{org_id}` | List all identities for an org |\n| `GET` | `\u002Forgkernel\u002Fidentity\u002Forg\u002F{org_id}\u002Fpage` | Paginated list by org |\n| `POST` | `\u002Forgkernel\u002Ftoken\u002Fmint` | Mint a scoped, time-bounded token |\n| `GET` | `\u002Forgkernel\u002Ftoken\u002F{token_id}` | Get token by ID |\n| `POST` | `\u002Forgkernel\u002Ftoken\u002Fscope\u002Fcheck` | Validate a tool call against token scope |\n| `POST` | `\u002Forgkernel\u002Ftoken\u002F{token_id}\u002Fuse` | Mark token as consumed |\n| `POST` | `\u002Forgkernel\u002Ftoken\u002F{token_id}\u002Finvalidate` | Early invalidation with reason |\n| `GET` | `\u002Forgkernel\u002Ftoken\u002Fmission\u002F{mission_id}\u002Factive` | Get active token for a mission |\n| `GET` | `\u002Forgkernel\u002Ftoken\u002Fmission\u002F{mission_id}\u002Fpage` | Paginated tokens by mission |\n| `GET` | `\u002Forgkernel\u002Ftoken\u002Fagent\u002F{agent_id}\u002Fpage` | Paginated tokens by agent |\n| `POST` | `\u002Forgkernel\u002Faudit\u002Finitialize` | Initialize a new AuditChain |\n| `POST` | `\u002Forgkernel\u002Faudit\u002F{chain_id}\u002Fappend` | Append an audit entry |\n| `POST` | `\u002Forgkernel\u002Faudit\u002F{chain_id}\u002Fclose` | Close an AuditChain |\n| `GET` | `\u002Forgkernel\u002Faudit\u002Fmission\u002F{mission_id}` | Get AuditChain by mission_id |\n| `GET` | `\u002Forgkernel\u002Faudit\u002F{chain_id}` | Get AuditChain by chain_id |\n| `GET` | `\u002Forgkernel\u002Faudit\u002F{chain_id}\u002Fverify` | Verify chain integrity |\n| `GET` | `\u002Forgkernel\u002Faudit\u002Fagent\u002F{agent_id}\u002Fpage` | Paginated chains by agent |\n\n### curl examples\n\n```bash\nBASE=\"http:\u002F\u002Flocalhost:8000\u002Forgkernel\"\n\n# 1. Submit CSR and issue identity\ncurl -X POST \"$BASE\u002Fidentity\u002Fcsr\u002Fsubmit\" \\\n -H \"Content-Type: application\u002Fjson\" \\\n -d '{\n \"agent_name\": \"compliance-agent\",\n \"org_id\": \"acme-corp\",\n \"requested_ou\": \"legal\u002Fcompliance\",\n \"public_key\": \"\u003Cagent-ed25519-public-key-base64url>\",\n \"purpose\": \"policy-audit\"\n }'\n\ncurl -X POST \"$BASE\u002Fidentity\u002Fissue\" \\\n -H \"Content-Type: application\u002Fjson\" \\\n -d '{\n \"agent_name\": \"compliance-agent\",\n \"org_id\": \"acme-corp\",\n \"requested_ou\": \"legal\u002Fcompliance\",\n \"public_key\": \"\u003Cagent-ed25519-public-key-base64url>\",\n \"purpose\": \"policy-audit\"\n }'\n\n# 2. Mint an ExecutionToken\ncurl -X POST \"$BASE\u002Ftoken\u002Fmint\" \\\n -H \"Content-Type: application\u002Fjson\" \\\n -d '{\n \"agent_id\": \"aid_7f3k9...\",\n \"mission_id\": \"msn_audit01\",\n \"execution_scope\": [\"doc_reader\", \"email_sender\"],\n \"expires_at\": \"2026-03-26T12:00:00Z\"\n }'\n\n# 3. Enforce scope on every tool call\ncurl -X POST \"$BASE\u002Ftoken\u002Fscope\u002Fcheck\" \\\n -H \"Content-Type: application\u002Fjson\" \\\n -d '{\n \"token_id\": \"tok_abc123...\",\n \"tool_name\": \"doc_reader\",\n \"params\": {\"doc_id\": \"POL-001\"}\n }'\n# → {\"passed\": true, \"blocked\": false, ...}\n\n# 4. Initialize AuditChain\ncurl -X POST \"$BASE\u002Faudit\u002Finitialize\" \\\n -H \"Content-Type: application\u002Fjson\" \\\n -d '{\n \"mission_id\": \"msn_audit01\",\n \"agent_id\": \"aid_7f3k9...\"\n }'\n# → {\"chain_id\": \"ac_xyz...\", \"message\": \"AuditChain initialized\"}\n\n# 5. Append audit entry\ncurl -X POST \"$BASE\u002Faudit\u002Fac_xyz...\u002Fappend\" \\\n -H \"Content-Type: application\u002Fjson\" \\\n -d '{\n \"layer\": \"EXECUTION\",\n \"event\": \"EXECUTION_tool_call\",\n \"agent_id\": \"aid_7f3k9...\",\n \"mission_id\": \"msn_audit01\",\n \"data\": {\"tool\": \"doc_reader\", \"doc_id\": \"POL-001\", \"result\": \"success\"},\n \"token_id\": \"tok_abc123...\"\n }'\n\n# 6. Verify AuditChain integrity\ncurl \"$BASE\u002Faudit\u002Fac_xyz...\u002Fverify\"\n# → {\"chain_id\": \"ac_xyz...\", \"valid\": true, \"message\": \"Integrity check passed\"}\n\n# 7. Get all identities for an org\ncurl \"$BASE\u002Fidentity\u002Forg\u002Facme-corp\"\n\n# 8. Paginated tokens by mission\ncurl \"$BASE\u002Ftoken\u002Fmission\u002Fmsn_audit01\u002Fpage?page_no=1&page_size=20\"\n\n# 9. Get full AuditChain\ncurl \"$BASE\u002Faudit\u002Fmission\u002Fmsn_audit01\"\n```\n\n---\n\n## Schema Reference\n\n### AgentIdentity\n\n| Field | Type | Description |\n|---|---|---|\n| `agent_id` | string | Unique ID prefixed `aid_`, validated as `^aid_[a-z0-9]+$` |\n| `agent_name` | string | Validated as `^[a-z][a-z0-9_-]*$` — unique per org |\n| `org_id` | string | Organization identifier, validated as `^[a-z][a-z0-9-]*$` |\n| `public_key` | string | Ed25519 public key in Base64url encoding (43-44 chars) |\n| `org_ca_fingerprint` | string | SHA-256 hex fingerprint of Org CA public key (64 chars) |\n| `issued_at`, `valid_until` | datetime | Certificate validity window |\n| `status` | enum | `ACTIVE`, `SUSPENDED`, `REVOKED`, `EXPIRED` |\n| `revoked_at`, `revoked_by`, `revocation_reason` | mixed | Set only when `status = REVOKED` |\n\n### ExecutionToken\n\n| Field | Type | Description |\n|---|---|---|\n| `token_id` | string | Unique ID prefixed `tok_` |\n| `execution_scope` | list[string] | Allowlisted tool names, min 1 item |\n| `immutable_params` | dict | Key=value pairs that must match exactly at call time |\n| `bounded_params` | list[BoundedParam] | Named numeric bounds: `upper_bound` and `lower_bound` per param |\n| `token_signature` | string | Ed25519 EdDSA signature (Base64url, 86-88 chars) over canonical JSON payload |\n| `expires_at` | datetime | Token expiry |\n| `used` | bool | One-time consumption flag |\n\n### MissionBoundary 🔲 Phase 2–3 (planned)\n\n| Field | Source |\n|---|---|\n| `authority_constraints` | `AuthorityGraphService.resolve_authority()` |\n| `policy_constraints` | `PolicyEngineService.evaluate_for_mission()` |\n| `data_constraints` | `DataClassifierService.classify_for_mission()` |\n| `runtime_constraints` | MissionDefinition + PolicyEngine `max_tool_calls` |\n| `authority_graph_version` | Snapshot version of authority graph at approval |\n| `policy_engine_version` | Snapshot version of policy engine at approval |\n\n### Audit Chain — Three-Layer Hash Chain (Phase 1)\n\n| Layer | Triggered By | Content |\n|---|---|---|\n| **L1 Business** | `AuditChainService.initialize()` | Mission objective, org, agent_id |\n| **L2 Execution** | `AuditChainService.append()` + state transitions + tool calls | Tool name, params, status, violations |\n| **L3 Compliance** | Only `MissionService.escalate()` (Phase 2) | Escalation reason, escalated_to, from_state |\n\n### Enums\n\n```\nAgentIdentityStatus: ACTIVE | SUSPENDED | REVOKED | EXPIRED\n\nMissionState: CREATED | PLANNING | WAITING_APPROVAL | APPROVED | ← Phase 2\n PENDING_EXECUTION | IN_PROGRESS | EXECUTED | CLOSED\n\nApprovalLevel: L0 (no approval) | L1 (self) | L2 (team) | ← Phase 3\n L3 (department) | L4 (executive) | L5 (board\u002FC-level)\n\nClassificationTier: PUBLIC | INTERNAL | CONFIDENTIAL | SECRET | TOP_SECRET ← Phase 3\n\nPolicyType: TOOL_RESTRICTION | DATA_ACCESS | RATE_LIMIT | ← Phase 3\n SPEND_LIMIT | TIME_RESTRICTION | CUSTOM\n```\n\n---\n\n## Contributing\n\nWe welcome contributions from the community. OrgKernel is the cryptographic trust foundation of an enterprise agent platform — quality and security are paramount.\n\n### How to Contribute\n\n1. **Fork** the repository and create your branch from `main`\n2. **Write tests** for any new functionality\n3. **Ensure** all existing tests pass before submitting\n4. **Document** any new public APIs or modules\n5. **Submit** a Pull Request with a clear description of the change and its motivation\n\n### Reporting Security Issues\n\nIf you discover a security vulnerability, **do not open a public issue**. Please disclose responsibly by emailing [developer@metaprise.ai](mailto:developer@metaprise.ai). We will acknowledge receipt within 48 hours and provide a remediation timeline.\n\n### Reporting Bugs & Feature Requests\n\nOpen an [issue](https:\u002F\u002Fgithub.com\u002FMetapriseAI\u002FOrgKernel\u002Fissues) and use the appropriate template. Please include:\n\n- A clear and descriptive title\n- Steps to reproduce (for bugs)\n- Expected vs. actual behavior\n- Environment details (OS, Python version, database version)\n\n### Code of Conduct\n\nAll contributors are expected to adhere to our [Code of Conduct](CODE_OF_CONDUCT.md). We are committed to providing a welcoming and inclusive environment for everyone.\n\n---\n\n## License\n\nOrgKernel is licensed under the **Apache License 2.0**. See [LICENSE](LICENSE) for the full text.\n\n> The trust foundation you depend on is fully open-source. Inspect every line, audit the cryptography, fork for your own infrastructure, and contribute improvements back to the community. No vendor lock-in, no black boxes.\n\n---\n\n\u003Cp align=\"center\">\n Built by \u003Ca href=\"https:\u002F\u002Fwww.metaprise.ai\">Metaprise\u003C\u002Fa>  · \n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMetapriseAI\u002FOrgKernel\u002Fissues\">Issues\u003C\u002Fa>  · \n \u003Ca href=\"mailto:developer@metaprise.ai\">Contact\u003C\u002Fa>\u003Cbr\u002F>\n \u003Csub>Python 3.10+ · FastAPI · SQLAlchemy Async · PostgreSQL \u002F MySQL \u002F SQLite\u003C\u002Fsub>\n\u003C\u002Fp>\n","OrgKernel 是一个为企业AI代理提供安全和治理基础的开源信任层。它通过实现基于Ed25519算法的加密身份验证、实例范围内的执行令牌以及SHA-256哈希链审计日志等核心功能,确保每个代理的行为既可验证又受控,并且所有操作都有防篡改的记录。此外,该项目支持企业级SSO\u002FSCIM联邦认证,进一步增强了其在复杂环境下的适用性。OrgKernel非常适合需要高度透明度与安全性控制的企业级AI应用部署场景,如金融、医疗健康等领域中对数据隐私及合规性有严格要求的情况。项目采用Python语言开发,遵循Apache License 2.0协议开放源代码。",2,"2026-06-11 04:08:43","high_star"]