https://github.com/aevum-labs/aevum
https://github.com/aevum-labs/aevum
agent-memory ai-agent audit-trail compliance eu-ai-act mcp policy-engine python replay sigchain
Last synced: 3 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/aevum-labs/aevum
- Owner: aevum-labs
- License: apache-2.0
- Created: 2026-04-22T23:15:13.000Z (about 2 months ago)
- Default Branch: main
- Last Pushed: 2026-06-02T19:30:30.000Z (6 days ago)
- Last Synced: 2026-06-02T21:24:29.753Z (6 days ago)
- Topics: agent-memory, ai-agent, audit-trail, compliance, eu-ai-act, mcp, policy-engine, python, replay, sigchain
- Language: Python
- Homepage: https://aevum.build
- Size: 3.22 MB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Threat model: THREAT_MODEL.md
- Security: SECURITY.md
- Governance: GOVERNANCE.md
- Notice: NOTICE
- Maintainers: MAINTAINERS.md
Awesome Lists containing this project
README
# Aevum
Governed context kernel for AI agents. Signed audit trail, consent-gated data
access, and verifiable decision records — three controls that regulators ask for
together and that are hardest to add after the fact.
[](https://github.com/aevum-labs/aevum/actions/workflows/ci.yml)
[](https://pypi.org/project/aevum-core/)
[](https://pypi.org/project/aevum-core/)
[](LICENSE)
**Self-governance pipeline status** — Aevum governs its own maintenance
workflow using its own governed functions. Pipeline implementation in
`packages/aevum-maintainer`:
| Phase | Deliverable | Status |
|---|---|---|
| 1 | Scaffold + compliance pack generator | Implemented — OIDC ingest, Cedar policies, compliance pack generation |
| 2 | MCP research interface (6 read-only tools) | Implemented — `GET /v1/mcp/{tool_name}` (sigchain, reviews, test count, backlog, integrity) |
| 3 | Structured consent gate (HITL approval + dwell time) | Implemented — `POST /v1/consent/review` + `/approve` with sigchain recording |
| 4 | Replay endpoint + Rekor anchor + break-glass | Implemented — `GET /v1/replay/{audit_id}`, Rekor v2 anchoring, `POST /v1/break-glass` |
| 5 | Demo page (demo.aevum.build) | Implemented — served at `GET /` |
## The problem
AI agents are uniquely exposed to the **lethal trifecta**: reading untrusted
content, accessing private user data, and exfiltrating via a tool call — three
steps that are innocuous individually but catastrophic in composition. Aevum's
Cedar policies block that composition unconditionally, before any permit can
override it.
Beyond trifecta prevention, every AI system operating on personal data needs
three things the standard stack does not provide:
1. **A signed, replayable record** of every decision (EU AI Act Article 12,
HIPAA §164.312)
2. **Consent as a precondition** for any data traversal (GDPR Art. 6/9)
3. **Crypto-erasure** when a subject exercises the right to be forgotten
(GDPR Art. 17)
Aevum makes all three structural rather than procedural.
## Quick start (zero config)
```bash
pip install aevum-core
export AEVUM_DEV=1
```
```python
from aevum.core import Engine
engine = Engine() # AEVUM_DEV=1 grants consent automatically
result = engine.ingest(
data={"message": "User asked about billing"},
provenance={"source_id": "support-chat", "chain_of_custody": ["support-chat"],
"classification": 0},
purpose="customer-support", subject_id="user-42", actor="my-agent",
)
print(result.audit_id) # urn:aevum:audit: — signed, chained, replayable
print(result.status) # ok
```
`AEVUM_DEV=1` is for local development only — see the
[Dev to Production checklist](https://github.com/aevum-labs/aevum/blob/main/docs/learn/dev-to-production.md)
before deploying. For explicit consent grants, see the
[Pure Python guide](https://github.com/aevum-labs/aevum/blob/main/docs/learn/guides/pure-python.md).
Crisis keyword in data? Blocked before the graph write. No exceptions.
> **For coding agents:** [`llms.txt`](https://aevum.build/llms.txt) and
> [`llms-full.txt`](https://aevum.build/llms-full.txt) provide machine-readable
> API summaries for use with Claude, Copilot, and similar tools.
## Adapter matrix
Six adapters ship with CI coverage across Python 3.11–3.13:
| Adapter | Install | Import path |
|---|---|---|
| LangGraph checkpointer | `aevum-core[langgraph]` | `aevum.core.adapters.langgraph.AevumCheckpointer` |
| Anthropic SDK | `aevum-core[anthropic]` | `aevum.core.adapters.anthropic_adapter.AevumAnthropicAdapter` |
| LangChain | `aevum-core[langchain]` | `aevum.core.adapters.langchain_callback.AevumLangChainCallback` |
| OpenAI Agents | `aevum-core[openai-agents]` | `aevum.core.adapters.openai_agents.AevumAgentHooks` |
| CrewAI | `aevum-core[crewai]` | `aevum.core.adapters.crewai.AevumCrewHooks` |
| MCP | `aevum-core[mcp]` | `aevum.mcp.traceparent` |
```python
# LangGraph drop-in — every superstep dual-signed and chained
from aevum.core.adapters.langgraph import AevumCheckpointer
checkpointer = AevumCheckpointer.local()
graph = builder.compile(checkpointer=checkpointer)
# delete_thread(thread_id) → GDPR Art. 17 crypto-erasure
```
## Install
```bash
pip install aevum-core # kernel only
pip install "aevum-core[server]" # + HTTP API
pip install "aevum-core[langgraph]" # + LangGraph checkpointer
pip install "aevum-core[anthropic]" # + Anthropic SDK adapter
pip install "aevum-core[langchain]" # + LangChain callback
pip install "aevum-core[openai-agents]" # + OpenAI Agents SDK
pip install "aevum-core[crewai]" # + CrewAI hooks
pip install "aevum-core[oxigraph]" # + embedded RDF graph
pip install "aevum-core[postgres]" # + PostgreSQL backend
pip install "aevum-core[mcp]" # + MCP integration
pip install "aevum-core[all]" # everything
```
> **Note:** The bare name `aevum` on PyPI is an unrelated project.
> Always use `aevum-core` (or another `aevum-*` package).
## The five functions (CRE protocol)
| Function | Protocol verb | What it does |
|---|---|---|
| `ingest` | RELATE | Write data through the governed membrane |
| `query` | NAVIGATE | Traverse the graph for a declared purpose |
| `review` | GOVERN | Present context for human decision |
| `commit` | REMEMBER | Append event to the episodic ledger |
| `replay` | (no verb) | Reconstruct any past decision faithfully |
All five are consent-checked, barrier-enforced, and ledger-recorded.
## The five absolute barriers
These are Cedar `forbid` policies. Cedar semantics: forbid always overrides
permit. No configuration, no override, no escape hatch.
| Barrier | What it blocks |
|---|---|
| **1 — Crisis** | Any graph write when crisis-signal keywords are detected |
| **2 — Consent** | Any context traversal without a scoped, active consent grant |
| **3 — Classification ceiling** | Any action on data whose level exceeds the deployment ceiling |
| **4 — Audit seal** | Any deletion or mutation of the provenance graph |
| **5 — Provenance (veto-as-default)** | Any irreversible+consequential action without a human checkpoint |
## Compliance
| Requirement | Aevum control |
|---|---|
| EU AI Act Article 12 (logging) | Episodic ledger: Ed25519+ML-DSA-65 dual-signed, SHA3-256-chained |
| GDPR Art. 6/9 (lawful basis) | Consent ledger: OR-Set grants, purpose-scoped, Cedar-enforced |
| GDPR Art. 17 (erasure) | Crypto-shredding: DEK destroyed on revoke, ciphertext unrecoverable |
| OWASP ASI01 (prompt injection) | Trifecta barrier: blocks untrusted-read + private-read + exfiltrate composition |
| OWASP ASI02 (data exfiltration) | Classification ceiling + trifecta Cedar policy |
| OWASP ASI04 (memory poisoning) | Sigchain: every entry chained, mutations detectable |
| NIST AI RMF MAP-1.6 | Structured audit pack exportable for any decision |
## Conformance
Aevum ships a machine-verifiable conformance suite:
```bash
pip install aevum-conformance
python -c "from aevum.conformance.suite import ConformanceSuite; \
r = ConformanceSuite().run_all(); print(r.passed_count, '/', r.total_count)"
```
See [`docs/conformance_report.txt`](docs/conformance_report.txt) for the
reference run. The v0.6.0 suite covers 74 invariants across sigchain format,
dev mode contracts, OTel bridge privacy defaults, and VaultTransitSigner key
schemes.
## Packages
| Package | Install | Purpose |
|---|---|---|
| `aevum-core` | `pip install aevum-core` | Kernel: five functions, sigchain, barriers, consent |
| `aevum-server` | `aevum-core[server]` | HTTP API wrapping all five functions |
| `aevum-store-oxigraph` | `aevum-core[oxigraph]` | Embedded RDF graph backend |
| `aevum-store-postgres` | `aevum-core[postgres]` | PostgreSQL graph + consent + ledger |
| `aevum-mcp` | `aevum-core[mcp]` | MCP tools for any MCP-compatible host |
| `aevum-cli` | `pip install aevum-cli` | `aevum server start`, `aevum store migrate` |
| `aevum-conformance` | `pip install aevum-conformance` | Machine-verifiable conformance suite |
| `aevum-agent` | `pip install aevum-agent` | A2A protocol integration |
## Maintainer
Aevum is actively maintained by
[@bnyhil](https://github.com/bnyhil) under the
[aevum-labs](https://github.com/aevum-labs) GitHub
organization. This is a solo open-source research project
— not a commercial product or formal legal entity.
## Contributing
See [CONTRIBUTING.md](CONTRIBUTING.md).
Security vulnerabilities: [GitHub Security Advisories](https://github.com/aevum-labs/aevum/security/advisories/new) (private disclosure).
## License
Code: Apache-2.0 · Specification: CC-BY-4.0 + OWFa 1.0.1