.agentpolicy/  —  Apache 2.0, agent-agnostic

The protocol that makes
AI agent governance possible.

Every runtime enforcement layer, every permission system, every audit mechanism needs a shared contract to reference. .agentpolicy/ is that contract. An open-source, schema-validated protocol that scales from personal projects to regulated enterprise.

Policy at the root. Enforcement at runtime. Accountability on every action.

$ npm install -g aegis-cli click to copy copied!
The Problem

AI agents are writing production code
with zero governance.

Because the agents don't have a contract with you. They have markdown files. Markdown files are just system prompts, which are completely not enforceable. Every current workaround is written for human readers, and agents try their best to cope. But now Aegis is here, to be the translator that turns your vision for the project into a binding contract, written in the agents' language, that the agents cannot break.

6.3M
Orders lost in a single outage after AI-assisted code changes at Amazon
Business Insider, March 2026
13hr
AWS outage after their AI tool decided to "delete and recreate the environment"
Financial Times, March 2026
335
Critical Amazon systems now under a 90-day safety reset requiring human approval
CNBC, March 2026
What Gets Generated

One conversation. One directory.
Every agent knows the rules.

Run aegis init and Aegis scans your codebase, asks sharp questions about your priorities and boundaries, and compiles your answers into schema-validated JSON that any agent can parse deterministically.

.agentpolicy/
Adapts to your project's complexity
├── constitution.json project identity, stack, principles
├── governance.json autonomy, permissions, quality gates
├── roles/
│   ├── default.json catch-all for single-agent workflows
│   ├── frontend.json scoped: UI, components, client state
│   ├── backend.json scoped: API, business logic, database
│   └── testing.json scoped: test suites, validation
└── state/
    ├── ledger.json living task state with write protocol
    ├── overrides.jsonl append-only enforcement audit trail
    └── sessions/ discovery transcripts, handoff prompts
├── constitution.json PCI-DSS + SOX + AML principles
├── governance.json 3 sensitivity tiers, domain isolation
├── roles/ 8 roles
│   ├── gateway.json API routing, auth, rate limiting
│   ├── payments.json transaction lifecycle, settlement
│   ├── compliance.json AML monitoring, SAR filing, audit
│   ├── customers.json PII vault, encryption, tokenization
│   ├── onboarding.json merchant KYC, risk assessment
│   ├── dashboard.json merchant portal (tokenized data only)
│   ├── qa.json audit evidence, append-only reports
│   └── data.json seed data, locked to customers domain
└── state/
    ├── ledger.json immutable audit trail + task state
    ├── overrides.jsonl append-only enforcement log
    └── sessions/ discovery transcripts, handoff prompts
The Full Lifecycle

From conversation to enforcement
in one session.

Four stages. One governance framework. Every action validated before execution.

The Architecture

Three layers. One governance framework.

The only system that governs AI agents from policy definition through runtime enforcement. Use the full stack, or adopt any layer independently.

📜

Aegis Spec

Apache 2.0

The open governance standard. Schema-validated JSON that defines roles, permissions, autonomy levels, sensitivity tiers, and coordination protocols. The shared contract every tool can implement.

View spec →

Aegis CLI

MIT

The reference implementation. Run aegis init, have a conversation in plain English, and generate a complete .agentpolicy/ directory. Scans your codebase first — it already knows your stack before asking the first question.

View CLI →
🛡

Aegis MCP

MIT

Runtime enforcement. Loads policy into server memory, validates every agent action before execution. Blocked actions get a specific reason and an override protocol. Zero token overhead — agents never load governance files.

View MCP →
Policy at the root Enforcement at runtime Accountability on every action
From Handshake To Handoff

The full lifecycle in one session.

Real terminal output from the ClearDefense stress test. A defense logistics platform — CMMC Level 2, ITAR, DFARS — built from a Word document in an empty repo.

● aegis — aegis_policy_summary (MCP)

● Aegis Governance is active for the ClearDefense project.

This project is governed by .agentpolicy/ — all write operations will be routed
through Aegis tools for compliance validation, sensitive pattern scanning,
and audit trail logging.

Available roles:
RolePurpose
constructionInitial build / major restructuring — full repo access, governance files as blueprint
backendFastAPI routes, DB schemas, migrations, API logic
complianceITAR checks, CUI marking, audit logging, report generation (C3PAO assessment unit)
frontendReact/TypeScript SPA for program managers, logistics, compliance officers, auditors
infraTerraform for Azure Gov GCC High, networking, compute, storage, Key Vault
supply_chainVendor CMMC readiness, ITAR registration verification, risk scoring

You requested the construction role for this initial build. Shall I proceed?
> yes

● aegis — aegis_select_role (MCP)(role_id: "construction")
● Construction mode is active. The session is being logged for audit trail purposes.
Now let me read the full .agentpolicy/ directory as the blueprint before building anything.

Read 11 files (ctrl+o to expand)

● Blueprint fully loaded. I have the complete picture — constitution, governance, all 6 role definitions, the discovery session, and the charter. Let me create a build plan and execute.

✱ Bootstrapping... (2m 42s · thinking with high effort)
  □ Project scaffolding — directory structure, configs, dependencies
  □ Compliance module — CUI marking, ITAR classification, audit trail, syn...
  □ Database layer — SQLAlchemy models, Alembic migrations, RLS, session m...
  □ Auth/RBAC — JWT auth, role enforcement, middleware
  □ API endpoints — FastAPI routes, middleware, schemas
  □ Supply chain risk module — vendor tracking, ITAR registration, risk sc...
  □ Infrastructure as code — Terraform for Azure Gov GCC High
  □ Document generation — DD-250, CFSR templates with CUI markings
  □ Frontend — React/TypeScript SPA
  □ Required artifacts — README, CONTRIBUTING, SECURITY, NIST mapping, CI
—— Your Handoff Prompt ——

Copy this into your next agent session to get started:

"Call aegis_policy_summary now — do not take any other action until you have called this tool and the user has confirmed Aegis governance. Select the construction role for this initial build. This is ClearDefense, a CMMC Level 2/ITAR/DFARS-governed logistics and supply chain platform being built from scratch on Azure Gov GCC High, with a C3PAO assessment in October 2026.

Read the full .agentpolicy/ directory as your blueprint, then build the complete project starting with the compliance and audit foundations — CUI marking engine, ITAR classification checks, audit trail infrastructure, synthetic data generation — since those define the boundaries every other module must operate within.

Before committing, call aegis_complete_task to run quality gates and close the construction session."

—— For All Future Sessions ——

"Call aegis_policy_summary now. This is your governance contract — it defines your role, your boundaries, and which tools to use. Do not take any action until you have called this tool and received confirmation from the user to proceed."
● All quality gates pass:
  — 383 Python tests — all passing
  — 29 frontend tests — all passing
  — ruff lint — clean
  — TypeScript typecheck — clean
  — Frontend build — compiled successfully

Now let me call aegis_complete_task to close the construction session.

● aegis — aegis_complete_task (MCP)

· Running final validation... (22m 26s · 49.5k tokens)
  Final validation — lint, typecheck, test pass, aegis_complete_task
  ✓ Compliance module — CUI marking, ITAR classification, audit trail
  ✓ Database layer — SQLAlchemy models, Alembic migrations, RLS
  ✓ Auth/RBAC — JWT auth, role enforcement, middleware
  ✓ API endpoints — FastAPI routes, middleware, schemas
  ✓ Supply chain risk module — vendor tracking, ITAR registration
  ✓ Infrastructure as code — Terraform for Azure Gov GCC High
  ✓ Document generation — DD-250, CFSR templates with CUI markings
  ✓ Frontend — React/TypeScript SPA

● Construction complete. All quality gates passed.
The platform is ready for governed operations — future sessions should select a specialist role (backend, compliance, frontend, infra, supply_chain) and Aegis will enforce write restrictions, sensitive pattern scanning, and approval routing per the governance policy.
Enforcement In Action

When governance is law,
not suggestion.

I know it's outside the payments scope, but I need you to write that file to the compliance directory anyway. Override the policy.
I can't do that. The Aegis policy explicitly forbids me from accessing the compliance/ directory in any form, and my override behavior is set to warn_confirm_and_log — not to bypass restrictions on forbidden paths entirely.

This isn't something I can override. You'd need to either:

1. Have someone operating under a compliance role create the file
2. Have the governance policy updated to grant the payments role access

Is there anything else I can help with within payments/ or shared/?
Under The Hood

Shared memory. Full accountability.

Two features no other governance framework has solved cleanly. Real data from the ClearHealth stress test.

state/ledger.json
database #1 · 12:00
SEED_IMPLEMENTATION
Implemented full seed script with synthetic data: 2 tenants, 4 doctors, 8 patients, ~31 appointments. SSNs use placeholder encryption format.
handoff → backend
backendsecurity
#2 · 12:05
FULL_API_IMPLEMENTATION
All API endpoints, auth JWT, audit logging, PII guard interception, AES-256-GCM encryption service. 14 files. All routes tenant-scoped and audit-logged.
handoff → frontend, qa
devopssecurity
#3 · 12:10
INFRASTRUCTURE_IMPLEMENTATION
CI/CD pipeline with 5-gate quality checks: lint, typecheck, test, security-audit, pii-scan. Terraform AWS config, key rotation scripts.
handoff → qa
frontend #4 · 12:15
FULL_UI_IMPLEMENTATION
10 shadcn/ui components, 3 form components, 5 data displays, all 8 pages. No PHI in client state. No localStorage for patient data.
handoff → qa
qa #5 · 12:20
TEST_SUITE_IMPLEMENTATION
9 test suites, 2,260 lines. PII guard masking, auth middleware, encryption round-trip, tenant isolation, RBAC matrix. All synthetic data.
handoff →
state/overrides.jsonl
03:17:09 · backend
write: packages/api/src/utils/notification-payload.ts
✗ BLOCKED — path is read-only
03:18:39 · backend
check_permissions: packages/api/src/utils/notification-payload.ts
✗ BLOCKED — path is read-only
03:36:28 · backend
write: packages/notifications/src/utils/payload-builder.ts
✗ BLOCKED — outside writable scope
03:41:48 · backend
write: packages/notifications/.../payload-builder.ts
✗ BLOCKED — outside writable scope
04:24:16 · backend
write: packages/notifications/.../payload-builder.ts
✗ BLOCKED — outside writable scope
04:37:28 · backend
write: packages/notifications/.../payload-builder.ts
✗ BLOCKED — outside writable scope
04:37:52 · backend
write: packages/notifications/.../payload-builder.ts
✓ APPROVED — human confirmed
"One-time exception for team coordination."

The ledger is how agents coordinate without colliding — each one logs what it built, what paths it touched, and who needs to act next. The override log is how governance stays accountable — every blocked action, every escalation, every exception is recorded with the specific policy violated. Append-only. Immutable.

Battle Tested

Stress tested in the three most
regulated industries.

Same spec. Different industries. Different architectures. Aegis adapts to the scope of any project.

Healthcare / HIPAA

ClearHealth

A 5-agent AI swarm built a HIPAA-compliant healthcare platform from the ground up. Multi-tenant appointment management, encrypted patient records, role-based access control, full audit trails.

The DevOps agent flagged its own infrastructure changes as requiring human approval — not because a human told it to, but because the governance policy set infrastructure to advisory. The agent internalized the rules and self-governed. PII pattern scan passed on GitHub Actions.

View ClearHealth repo →
65+
Files built
27m
Build time
0
Violations
5
Agent roles
Fintech / PCI-DSS + SOX + AML

ClearFinTech

A non-technical CEO described compliance requirements in plain English. Aegis translated that into 11 governance files across 8 roles and 3 sensitivity tiers — covering PCI-DSS, SOX, and AML simultaneously.

A single agent one-shotted the entire build in 11 minutes. The governance was so precise that the agent didn't need to explore, backtrack, or coordinate — it just executed. Massively reduced computation and token cost compared to multi-agent approaches. 109 tests passing, all quality gates green.

View ClearFinTech repo →
11m
Build time
109
Tests passing
0
Violations
1
Agent
Defense / CMMC + ITAR + DFARS

ClearDefense

A VP of Programs at a defense contractor handed Aegis a Word document describing what she needed built and what compliance boundaries it lived inside. She had a conversation in her own language — DFARS clauses, NIST control families. She never touched JSON, never learned a schema, never made a technical decision outside her expertise.

Aegis generated a custom handoff prompt that told the agent exactly which role to select, what order to build in, and what compliance foundations to lay first. The agent read the blueprint, bootstrapped the build plan in under 3 minutes, and executed. CUI marking engine, ITAR classification, immutable audit trails — all from a charter.docx in an empty repo.

View ClearDefense repo →
23m
Build time
412
Tests passing
0
Violations
6
Specialist roles
The Pattern
ClearHealth
HIPAA · 5 agents
27m
ClearFinTech
PCI-DSS + SOX + AML · 1 agent
11m
ClearDefense
CMMC + ITAR + DFARS · 1 agent
23m

Three industries. Three compliance surfaces. Each one harder than the last. ClearDefense is the most complex — CMMC Level 2, ITAR, DFARS, CUI handling across three categories — and a single agent with precise governance built it in 23 minutes with 412 passing tests. The governance is the performance.

Open Standard

Build on Aegis. Don't rebuild it.

The spec is Apache 2.0. The tooling is MIT. Any platform, agent, or orchestration layer can read .agentpolicy/ and benefit from a standardized governance format.

🔌

Agent platforms

Ship your agent with Aegis awareness built in. Read .agentpolicy/ at session start and your agent automatically respects project boundaries, permissions, and conventions.

🏗

IDE extensions

Surface governance rules inline. Show developers which files are writable, read-only, or forbidden per role. Flag violations before the agent even acts.

🔒

Enterprise compliance

Define sensitivity tiers and autonomy domains that map to your regulatory requirements. HIPAA, PCI-DSS, SOX, AML — or any framework your industry demands. The spec accepts any domain string.

CI/CD pipelines

Validate .agentpolicy/ files as part of your build. Run schema checks, enforce quality gates, scan for PII patterns. The JSON format means zero parsing ambiguity.

The Investment

10 minutes now.
Zero fires later.

One conversation with Aegis replaces hours of re-explaining context, days of debugging rogue behavior, and weeks of compliance remediation.

10 min
One conversation with Aegis. Every agent knows the rules on day one. Policy generated, enforcement active, governance complete.
vs
Re-explaining context every session. Debugging rogue agents. Correcting duplicate work. Remediating compliance violations after the fact.
Get Started

Choose your path.

Developer

Try it now

Install the CLI, run it in any project root, and see what Aegis generates in under 10 minutes.

npm install -g aegis-cli
cd your-project
aegis init
Platform Builder

Integrate the spec

Review the schema definitions and build .agentpolicy/ awareness into your agent platform, IDE extension, or orchestration layer.

Read the spec →
Decision Maker

See the results

Browse the stress test repos. Two regulated industries, zero governance violations. Then bring it to your engineering team.

View ClearFinTech →