Agent Governance Suite

A from-scratch stack for governing what AI coding agents are actually allowed to do — built deterministic and local-first, with no LLM anywhere in the decision path. The same policy always produces the same verdict, and you can audit the thing making the call by reading it. The tools chain into one pipeline: decide → enforce → detect → consolidate → observe.

• Decide — warden, an allow / deny / ask policy engine written from scratch in Rust with zero dependencies.
• Enforce — barbican, an MCP stdio proxy that binds warden’s verdict on the wire before a tool call ever reaches the server.
• Detect — a scanner suite that runs at PR time and over live sessions: ScopeTrail (what changed in agent config files), PolicyMesh (policy contradictions across MCP, Claude, Cursor, VS Code), CapabilityEcho (new network / subprocess / eval / lifecycle signals on added lines), TaskBound (stated task vs. the actual change), and SessionTrail (runtime transcript audit of Cursor / Claude Code / Codex sessions).
• Consolidate — GovVerdict, which folds the whole detector suite into one PR result.
• Observe — AgentPulse, live trajectory observation: converging, exploring, stuck, drifting, done, idle.

Underneath sits agent-gov-core: a canonical Finding schema plus the JSONC / TOML / MCP / shell / transcript parsers the whole suite shares. Everything is open source.