v0.3.1 now available on PyPI

The governance layer
your agents are missing

Canopy decides whether an agent action should be attempted - before execution. Deterministic. Auditable. Wired in under one hour.

See a DENY in 2 minutes View on GitHub →
$ pip install canopy-runtime
Deterministic - same inputs, same decision
Tamper-evident hash-chain audit log
Zero new infrastructure
MIT License · Python 3.9+
The incident that built this

Your agent got the scope wrong.
There was nothing between it and AWS.

The agent received a valid instruction. Built a real command. The filter was wrong - staging values, production instances. No gate. No log. No answer for the postmortem.

Without Canopy - production down 
# Agent: "clean up old staging resources"
# Scope error. Nobody checked.

aws ec2 terminate-instances \
  --instance-ids $(aws ec2 describe-instances \
    --filters Name=tag:env,Values=staging \
    --query 'Reservations[].Instances[]
             .InstanceId' \
    --output text)

✗  Production instances terminated.
   No gate. No log.
   Who approved this? Nobody knows.
With Canopy - blocked before execution 
from canopy import authorize_action

result = authorize_action(
  agent_ctx={
    "public_key": "pk-devops-agent-001",
    "created_at": "2026-01-01T00:00:00Z",
  },
  action_type="execute_shell",
  action_payload={"command": dangerous_cmd},
)

Decision  : DENY [critical]
Reason    : denied before execution
Audit ID  : 9c2f3a8b...

This entry exists before AWS was called.
Architecture

Four independent layers.
First block wins.

Every action passes through four layers in sequence. The first non-ALLOW decision short-circuits the pipeline. The layers field in every response shows exactly what fired and what was skipped.

ALLOW
DENY
REQUIRE_APPROVAL
01
Constitution
Three absolute laws. Art.0 - no catastrophic risk. Art.1 - no direct human harm. Art.7 - sovereign kill switch.
Immutable
02
Civil Code
Ten configurable titles with conservative defaults: financial limits, privacy controls, sub-agent policies and more.
Configurable
03
Firewall
Pattern-based fast checks for shell commands, file paths, API endpoints, and spend thresholds.
Technical
04
Policy YAML
Your rules. Environment-specific conditions, role-based controls, custom deny patterns. Fails loudly if malformed.
User-defined
canopy-console - zsh
Canopy console screenshot
Governance console

Everything visible.
No commands to memorize.

One command. Every governance tool in one screen. Built for teams that need operational visibility without friction.

📋
Audit log viewer
Human-readable report of every agent decision. Exportable to Excel.
Pending approvals
Review and approve REQUIRE_APPROVAL actions directly from the console. Human decision, logged.
🧾
Approval artifacts
Every approval decision also writes a reusable artifact tied to the authorization ID for downstream execution flows.
🔗
Integration guide
Pick your framework - LangChain, CrewAI, AutoGen, OpenAI Agents - get the exact copy-paste code.
The accountability gap

Three questions.
Zero answers.
Until now.

When an AI agent causes an incident today, nobody can answer these with technical evidence. Canopy produces a signed audit entry for every action - before it runs.

VP Eng
"Who approved that terminate-instances call?"
✗ no answer✓ signed entry
CFO
"Why did the agent spend $4,000 on API calls overnight?"
✗ no answer✓ every call logged
CISO
"Show me every action the agent attempted last Tuesday."
✗ no answer✓ canopy-report
On-call
"What happened between the instruction and the incident?"
✗ no answer✓ hash-chain log
Audit infrastructure

What you show your CISO
after the next incident.

Every decision writes a tamper-evident, hash-chained entry before any command runs. Verifiable. Exportable. Ready for incident review.

01 - INTEGRITY
Hash-chain verification

Every entry chains to the previous via SHA-256. Modify any past entry and verification breaks from that point forward.

canopy-verify audit.log
02 - EVIDENCE
Pre-execution proof

The audit entry is written before the command runs. The authorization_id links authorization to the execution path that followed.

authorization_id per action
03 - REPORTING
Excel export

One command produces a formatted spreadsheet with color-coded decisions and a summary tab, ready for management and incident review.

canopy-report audit.log --export audit_report.xlsx

Your agents are already
touching production.

The pre-execution governance layer that was missing from your stack. One Python call. One log file. Zero new infrastructure. Wired in under one hour.

See a DENY in 2 minutes View on GitHub →
$ pip install canopy-runtime
v0.3.1 MIT Python 3.9+ PyPI