Why OrgKernel
Every enterprise that deploys AI agents asks four questions: Who is this agent? What can it do? What did it do? Who authorized it? No agent framework answers these. OrgKernel does — in three lines of code.
OrgKernel is not a stripped-down AURA. It is a complete, production-grade solution for enterprise agent trust — independently useful without any Metaprise account or cloud dependency.
Installation
pip install orgkernel
# or from source
git clone https://github.com/AURAkernel/orgkernel.git
cd orgkernel && pip install -e .
Quick start — 3 lines
from orgkernel import OrgKernel
kernel = OrgKernel(org_id="acme-corp")
wrapped_agent = kernel.wrap(your_langgraph_agent)
# wrapped_agent now has:
# • Verifiable AgentIdentity (Ed25519)
# • ExecutionToken scope enforcement
# • Tamper-proof AuditChain on every tool call
AgentIdentity
Cryptographically signed organizational credential. Not an API key — an Ed25519 keypair with Org CA certificate chain. Revocable, time-bounded, and tied to an organizational unit.
from orgkernel import AgentIdentity
identity = AgentIdentity.issue(
agent_name = "invoice-processor",
org_id = "acme-corp",
issued_by = "finance_team",
valid_for = "30d",
)
# Identity lifecycle
identity.suspend() # Temporarily disable
identity.reactivate() # Re-enable
identity.revoke() # Permanently revoke
ExecutionToken
Scoped, time-bounded permission token. Every tool call is checked against the token — out-of-scope calls are blocked before reaching any external system.
from orgkernel import ExecutionToken
token = ExecutionToken.create(
agent_id = identity.agent_id,
execution_scope = ["read_invoice", "write_payment_draft"],
immutable_params = {"currency": "USD"},
bounded_params = [{"name": "amount", "upper_bound": 50000}],
expires_in = "4h",
)
# Check scope — never raises, returns ScopeCheckResult
result = token.check_scope("read_invoice", {"invoice_id": "4521"})
print(result.permitted) # → True
AuditChain
Append-only, hash-chained execution log. Each entry is SHA-256 linked to the previous. Synchronous writes — audit is never optional.
from orgkernel import AuditChain
audit = AuditChain(agent_id=identity.agent_id, token_id=token.token_id)
audit.write(
event = "tool_call",
tool = "accounting_api",
params = {"invoice_id": "4521"},
result = "success",
duration = 230,
)
# Verify integrity: sequence + hash chain + entry self-verification
assert audit.verify_integrity() # → True
LangGraph Integration
from langgraph.graph import StateGraph
from orgkernel import OrgKernel
# Your existing LangGraph agent
graph = StateGraph(...)
agent = graph.compile()
# Wrap with OrgKernel — one line
kernel = OrgKernel(org_id="acme-corp")
secure_agent = kernel.wrap(agent)
CrewAI Integration
from crewai import Agent, Crew
from orgkernel import OrgKernel
kernel = OrgKernel(org_id="acme-corp")
crew = Crew(agents=[agent1, agent2])
secure_crew = kernel.wrap(crew)
Upgrade path to AURA
OrgKernel works standalone. When you need Mission orchestration, Authority Graphs, model routing, or a management console, AURA is the natural next step. OrgKernel compatibility is native — no migration required.
| Capability | OrgKernel (free) | AURA (commercial) |
|---|
| Agent identity (Ed25519) | Yes | Yes |
| Execution token | Basic scope | + Authority Graph binding |
| AuditChain | Local | Distributed, tamper-proof |
| Mission Layer | — | Yes |
| Policy Engine | — | Yes |
| Multi-agent orchestration | — | Yes |
| Management console | — | Yes |