{"id":48660864,"url":"https://github.com/hummbl-dev/hummbl-dev","last_synced_at":"2026-04-10T10:08:13.900Z","repository":{"id":346586709,"uuid":"1179149483","full_name":"hummbl-dev/hummbl-dev","owner":"hummbl-dev","description":"HUMMBL, LLC — Governed AI agent infrastructure. Base120 cognitive framework, stdlib-only governance on PyPI, MCP integration. Production Claude systems since 2024.","archived":false,"fork":false,"pushed_at":"2026-04-01T15:27:18.000Z","size":122,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-01T18:33:52.290Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hummbl-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":"governance-crosswalk.html","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"hummbl-dev"}},"created_at":"2026-03-11T18:31:11.000Z","updated_at":"2026-04-01T15:27:21.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/hummbl-dev/hummbl-dev","commit_stats":null,"previous_names":["hummbl-dev/hummbl-dev"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hummbl-dev/hummbl-dev","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hummbl-dev%2Fhummbl-dev","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hummbl-dev%2Fhummbl-dev/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hummbl-dev%2Fhummbl-dev/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hummbl-dev%2Fhummbl-dev/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hummbl-dev","download_url":"https://codeload.github.com/hummbl-dev/hummbl-dev/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hummbl-dev%2Fhummbl-dev/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31637754,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-10T07:40:12.752Z","status":"ssl_error","status_checked_at":"2026-04-10T07:40:11.664Z","response_time":98,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-10T10:08:13.189Z","updated_at":"2026-04-10T10:08:13.892Z","avatar_url":"https://github.com/hummbl-dev.png","language":"HTML","funding_links":["https://github.com/sponsors/hummbl-dev"],"categories":[],"sub_categories":[],"readme":"# HUMMBL\n\n**Governance primitives for AI agent orchestration.** Stdlib-only. Contract-driven. Air-gap capable.\n\nAI-generated code is [42% of committed code](docs/research/ai-slop-crisis/03_round3_hard_data_sweep.md) and ships [2.74x more vulnerabilities](docs/research/ai-slop-crisis/03_round3_hard_data_sweep.md) than humans write. Insurers are [excluding it from coverage](docs/research/ai-slop-crisis/newsletters/2026-04-slop-tracker-01.md). Courts are [settling the liability chain](docs/research/ai-slop-crisis/essays/reasonable-care-age-of-agents.md). Nobody ships governance as embeddable libraries. We do.\n\n```bash\npip install hummbl-governance\n```\n\n[![PyPI](https://img.shields.io/pypi/v/hummbl-governance)](https://pypi.org/project/hummbl-governance/)\n[![Tests](https://img.shields.io/badge/tests-476%20passing-brightgreen)]()\n[![License](https://img.shields.io/badge/license-Apache%202.0-blue)]()\n[![Dependencies](https://img.shields.io/badge/runtime%20deps-zero-brightgreen)]()\n\n---\n\n## What you get\n\n20 governance primitives, all Python stdlib-only, all independently importable:\n\n| Primitive | What it does |\n|---|---|\n| **KillSwitch** | Emergency halt with 4 graduated modes (DISENGAGED → EMERGENCY) |\n| **CircuitBreaker** | Automatic failure detection + recovery (CLOSED / HALF_OPEN / OPEN) |\n| **DelegationToken** | HMAC-SHA256 signed capability tokens for agent scope authorization |\n| **AuditLog** | Append-only JSONL governance trail with rotation and retention |\n| **AgentRegistry** | Identity management with aliases and trust tiers |\n| **SchemaValidator** | JSON Schema Draft 2020-12 validation (stdlib, no jsonschema dep) |\n| **CostGovernor** | Budget tracking with soft/hard caps and ALLOW/WARN/DENY decisions |\n| **BusWriter** | Append-only TSV coordination bus with flock locking |\n| **ComplianceMapper** | Map governance traces to SOC 2, GDPR, and OWASP controls |\n| **HealthCollector** | Composable health probes with latency tracking |\n| + 10 more | OutputValidator, CapabilityFence, StrideMapper, ReasoningEngine, ... |\n\n```python\nfrom hummbl_governance import KillSwitch, CircuitBreaker, DelegationToken\n\nks = KillSwitch(state_dir=Path(\"./governance\"))\ncb = CircuitBreaker(failure_threshold=5, recovery_timeout=60)\ntoken = DelegationToken.create(agent=\"codex\", scope=[\"read\", \"write\"], ttl=3600)\n```\n\n---\n\n## Why libraries, not platforms\n\nEvery AI governance vendor (Qodo, Apiiro, Factory, Aikido, Cycode) ships a SaaS platform. Each requires sending code or telemetry to their cloud.\n\nHUMMBL ships **libraries you embed inline** in your agent's execution path. No cloud dependency. No vendor lock-in. Deployable wherever your workloads deploy — including air-gapped, classified, and regulated environments.\n\n\u003e \"A signed delegation token is not a vendor pitch. It is a Caremark affirmative defense, a NIST AI RMF conformance record, and a reasonable-care evidence pack — generated at runtime, not reconstructed after the breach.\"\n\nRead the full thesis: [Why Libraries, Not Platforms](docs/research/ai-slop-crisis/essays/why-libraries-not-platforms.md)\n\n---\n\n## Research\n\nOur positioning is backed by a 24-document evidence corpus with 50+ primary-source citations, verified:\n\n**Start here:**\n- [Top 10 cite-ready findings](docs/research/ai-slop-crisis/README.md)\n- [The Observability Argument](docs/research/ai-slop-crisis/essays/the-observability-argument.md) — why AI governance is the Datadog moment\n- [The 22 Incidents](docs/research/ai-slop-crisis/essays/the-22-incidents.md) — cataloged AI code failures (2023-2026)\n- [Reasonable Care in the Age of AI Agents](docs/research/ai-slop-crisis/essays/reasonable-care-age-of-agents.md) — what courts will look for\n\n**Role-specific:**\n[CISO](docs/research/ai-slop-crisis/blog/ciso-ai-code-risk.md) | [CAIO](docs/research/ai-slop-crisis/blog/caio-governance-gap.md) | [GC/Legal](docs/research/ai-slop-crisis/blog/gc-ai-liability-chain.md) | [CTO](docs/research/ai-slop-crisis/blog/cto-developer-velocity-trap.md) | [AppSec](docs/research/ai-slop-crisis/blog/appsec-devsecops-ai-code-reality.md) | [Compliance](docs/research/ai-slop-crisis/blog/compliance-grc-ai-framework-mapping.md) | [Platform Eng](docs/research/ai-slop-crisis/blog/platform-eng-governance-layer.md) | [Risk Manager](docs/research/ai-slop-crisis/blog/risk-manager-ai-insurance-crisis.md) | [Defense/Federal](docs/research/ai-slop-crisis/blog/defense-federal-cmmc-ai-governance.md) | [AI Governance Lead](docs/research/ai-slop-crisis/blog/ai-governance-lead-building-program.md)\n\n---\n\n## Tools\n\nFree self-assessments and compliance references — no login, no cloud, print to PDF:\n\n| Tool | What it does |\n|---|---|\n| [**Tool Index**](index.html) | Landing page for all tools below |\n| [EU AI Act Readiness](eu-ai-act-readiness.html) | 20-question governance posture check |\n| [NIST AI RMF Readiness](nist-ai-rmf-readiness.html) | 4 functions / 19 categories / 72 subcategories |\n| [ISO 42001 Readiness](iso-42001-readiness.html) | AI Management System certification checklist |\n| [Singapore Agentic AI](singapore-agentic-readiness.html) | Agent governance architecture assessment |\n| [Colorado AI Act](colorado-ai-act-readiness.html) | State-level algorithmic decision compliance |\n| [Compliance Calendar](compliance-calendar.html) | Interactive AI governance timeline 2025-2027 |\n| [Governance Crosswalk](governance-crosswalk.html) | Side-by-side framework requirement mapping |\n\n---\n\n## By the numbers\n\n| Metric | Value |\n|---|---|\n| Governance primitives | 20 (stdlib-only, zero runtime deps) |\n| Tests (`hummbl-governance`) | 476 passing |\n| CI workflows | 11 active |\n| Research corpus | 60 documents, 50+ primary sources |\n| Governance tools | 8 (readiness assessments, crosswalk, calendar) |\n| Published on PyPI | [`hummbl-governance`](https://pypi.org/project/hummbl-governance/) v0.3.0 |\n\n---\n\n## Projects\n\n| Project | Purpose |\n|---|---|\n| [`hummbl-governance`](https://github.com/hummbl-dev/hummbl-governance) | Governance primitives — [PyPI](https://pypi.org/project/hummbl-governance/) |\n| [`arbiter`](https://github.com/hummbl-dev/arbiter) | Code quality scoring engine (ruff + complexity + security + dead code + duplication) |\n| [`base120`](https://github.com/hummbl-dev/base120) | Base120 mental model reference implementation + validation CLI |\n| [`mcp-server`](https://github.com/hummbl-dev/mcp-server) | MCP server exposing Base120 models and governance skills |\n| [`hummbl-agent`](https://github.com/hummbl-dev/hummbl-agent) | Deterministic agent infrastructure (registry-first, policy-bounded) |\n| [`hummbl-assurance`](https://github.com/hummbl-dev/hummbl-assurance) | Governance assurance — verification, contract compatibility, compliance |\n\n---\n\n## Newsletter\n\n**[HUMMBL Slop Tracker](https://hummbl.substack.com)** — monthly digest of AI code governance incidents, regulations, lawsuits, and the governance gap nobody is filling. Free.\n\n[Read Issue #1: 5 Things Every CISO Should Know About AI-Generated Code Right Now](https://open.substack.com/pub/hummbl/p/5-things-every-ciso-should-know-about)\n\n---\n\n## Get started\n\n```bash\npip install hummbl-governance\n```\n\n- **Self-assess**: [hummbl.io/readiness](https://hummbl.io/readiness.html) — 20-question governance posture check\n- **Subscribe**: [hummbl.io/tracker](https://hummbl.io/tracker.html) — monthly intelligence digest\n- **Talk to us**: reuben@hummbl.io\n\n---\n\n## About\n\nHUMMBL is a one-person AI governance consultancy founded by **Reuben Bowlby** in Atlanta, GA. Background in coaching, education, and full-stack engineering — now focused on the governance gap between AI agent capabilities and the controls enterprises need to deploy them safely.\n\n---\n\n*HUMMBL, LLC | [hummbl.io](https://hummbl.io) | Atlanta, GA*\n*Apache 2.0 Licensed*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhummbl-dev%2Fhummbl-dev","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhummbl-dev%2Fhummbl-dev","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhummbl-dev%2Fhummbl-dev/lists"}