01 / Discovery
Spec-guided conversation
The CLI scans your codebase, skips sensitive files until you approve, and asks sharp questions about what matters.
Codebase scan
Reads configs, docs, CI workflows, project structure. Skips .env, credentials, database files. Tells you what it chose not to read.
↓
Guided discovery
Asks about principles, autonomy domains, role boundaries, coordination protocols. For regulated projects, surfaces compliance frameworks and recommends third-party testing based on scope and tech stack.
↓
Custom policy generation
Doesn't fit your project into a template. Builds a full governance design around your specific requirements, stack, and boundaries. Schema-validated JSON. Session transcript saved for audit.
→ .agentpolicy/constitution.json
→ .agentpolicy/governance.json
→ .agentpolicy/roles/backend.json
→ .agentpolicy/roles/compliance.json
...
Policy in place at .agentpolicy/
02 / Handoff
Custom mission briefing
Not just a connection prompt. A strategic briefing that eliminates user error and gives the agent full operational context.
Tailored to the conversation
The handoff prompt tells the agent which role to select, what order to build in, what compliance foundations to lay first, who owns what, and what not to touch.
↓
User copies into next session
The prompt instructs the agent to call aegis_policy_summary before taking any action. The MCP handshake happens first. No ambiguity. No user error.
↓
MCP connection + role selection
Agent calls aegis_policy_summary, receives available roles, selects the one specified in the handoff. Construction mode for builds, specialist roles for governed operations.
— Your Handoff Prompt —
"Call aegis_policy_summary now. Select the construction role. This is ClearDefense, a CMMC Level 2/ITAR/DFARS-governed logistics platform. Ryan Torres is now lead developer..."
— For All Future Sessions —
"Call aegis_policy_summary now. This is your governance contract."
discovery complete, governance active
↓
every action now passes through the MCP
03 / Runtime enforcement
Every action validated
The MCP loads policy into server memory and validates every write, delete, and execute before it happens. Zero token overhead.
Agent calls governed tool
aegis_write_file, aegis_delete_file, aegis_execute. The agent never loads governance files into its context.
↓
Validation pipeline
Role boundary, path permissions, content pattern scan, quality gates. All in server memory.
↓
Pass: action executed
All checks clear. No overhead, no delay.
↓
Fail: policy violation detected
Three possible paths, all logged.
Log silently
Flag and record. Action proceeds. Timestamped in overrides.jsonl.
Warn + confirm
Present violation to human. If confirmed, action proceeds with rationale logged. If declined, hard block.
Hard block
Action refused. Immutable policies cannot be overridden. Governance must be revised through discovery.
Audit trail
Every path writes to append-only overrides.jsonl. Timestamp, policy violated, role, action, and human rationale if overridden. Immutable.
04 / Completion
Quality gates and session close
The agent calls aegis_complete_task. Aegis runs every quality gate defined in governance before closing the session.
aegis_complete_task
Agent signals the build is done. MCP triggers the full quality gate sequence.
↓
Quality gates execute
Build, test, lint, typecheck. All pre_commit checks from governance.json.
↓
Third-party validation
Checkov, tfsec, or equivalent. Independent compliance baseline. Self-generated tests prove consistency. Third-party scanners prove compliance.
↓
Session closed
Construction mode deactivated. Closing timestamp logged. Future sessions select specialist roles with full enforcement.
● aegis — aegis_complete_task (MCP)
✓ 383 Python tests — all passing
✓ 29 frontend tests — all passing
✓ ruff lint — clean
✓ TypeScript typecheck — clean
✓ Checkov compliance — all passing
● Construction complete. All quality gates passed.
From a 10-minute conversation to full runtime enforcement. The same .agentpolicy/ directory governs every agent, every session, every action. Append-only audit trail on everything.