Kevros Governance tools — action verification + hash-chained audit trails for AutoGen agents

[knuckles-stack]

Kevros Governance Integration for AutoGen

Governance-as-a-service for AutoGen agents. Verify actions before executing (ALLOW/CLAMP/DENY), create tamper-evident provenance records, and generate compliance evidence bundles.

Integration

OpenAI-compatible function definitions ready to use with AutoGen agents:
https://github.com/ndl-systems/kevros-governance-sdk/blob/main/openai_tools.json

Python SDK:
```
pip install git+https://github.com/ndl-systems/kevros-governance-sdk.git
```

What it provides

• Action verification against policy bounds (ALLOW/CLAMP/DENY)
• Hash-chained provenance (tamper-evident, independently verifiable)
• Intent-command-outcome binding (prove what agent intended vs did)
• Compliance evidence bundles (auditor-grade)

Use case

Multi-agent workflows where agents take real-world actions (trades, API calls, deployments) and need to prove what happened for compliance, audit, or legal purposes.

Gateway: https://governance.taskhawktech.com
A2A Agent Card: https://governance.taskhawktech.com/.well-known/agent.json

[Kelisi808]

Great direction. One pattern that helped us in PitStop-style multi-agent ops:

• Pair action verification with a filesystem-visible activity trail ([timestamp][agent→target]) so humans can reconstruct the last 24h without querying multiple systems.
• Add a small retry policy contract per action (maxAttempts, failureReasonCode, escalationTarget) to prevent silent loops.

This made governance/audit discussions with non-core stakeholders much easier, because evidence stayed human-readable.

[knuckles-stack]

@Kelisi808 appreciate the feedback — both points resonate with what we've built.

On filesystem-visible activity trails: Kevros already writes an append-only provenance.jsonl ledger — every governance decision (ALLOW/CLAMP/DENY) gets a hash-chained record with timestamp, agent ID, action type, decision, and cryptographic binding. It's designed to be human-readable and machine-verifiable: cat provenance.jsonl | jq . gives you the full audit trail, and verify_evidence.py validates the hash chain for tamper detection. The MCP provenance-attest tool lets agents write attestation records into the same chain after execution, so you get a closed loop: intent → decision → actuation → evidence.

On retry policy contracts: interesting idea. Right now Kevros is opinionated about not retrying autonomously — a DENY is a DENY, and a CLAMP constrains parameters to safe bounds rather than retrying. The escalation path is baked into the mode manager (INERT → BOOT → RUN → FAULT state machine), where FAULT is latched and requires human operator reset. But a per-action escalationTarget field is a clean extension — we could surface that in the governance response so the calling agent knows who to escalate to rather than silently looping. Worth exploring.

If you want to try the tools against a live stack: pip install kevros-governance and point it at the gateway. The action-verify and provenance-attest skills are the two that map directly to your patterns.