Governance Operating System

Who governs your AI agents?

Know what your agents are doing. Stop them when you need to. Prove it happened.

Agentomy gives teams a governed operating layer for discovering agents, enforcing runtime policies, and producing audit-ready proof across the agent stack.

See the governance layer View Agentomy Agent

The bar -- verifiable

GovernanceBench 224/224| VIGIL 125/125| 15,000+ tests| 6 verticals| 22 integration points
$ npx governancebench run --target https://your-platform-url

Self-hosted by design. Bring your own model, bring your own key -- your data never leaves your infrastructure. Read the sovereignty model →

Operating Model

Discover. Enforce. Prove. Govern.

Agentomy gives AI teams a practical governance loop: find the agents already operating, enforce policy at runtime, produce evidence, and govern the system as it evolves.

Discover
Find agents your org does not know it runs.
Map agent activity, ownership, frameworks, connectors, model routes, and runtime permissions.
Enforce
Policies that enforce themselves at runtime.
Turn policy into runtime decisions: allow, block, quarantine, route, or review.
Prove
Audit-ready proof, not audit-ready promises.
Convert policy decisions and runtime events into traceable evidence.
Govern
One governance layer for every agent framework.
Coordinate governance across frameworks, connectors, models, and runtime environments.
Auditable Proof

Governance has to produce evidence.

Agentomy is designed around traceability: every policy decision, runtime exception, connector request, and approval path can become part of an evidence trail.

Cryptographic audit trail -- tamper-evident, operator-owned, independently verifiable.
Adversarial governance testing -- GovernanceBench tests whether the governance layer itself can be bypassed, not just whether agents perform tasks.
Vendor-neutral halt -- one command stops all connected agents regardless of which platform built them, with cryptographic proof of halt.

The category's Forrester Wave leader archived their open source. We published ours as Apache 2.0 licensed.

Why This Matters

Real incidents, real consequences

These are documented governance failures from the last 90 days. Each maps to specific Agentomy detection capabilities.

Lilli Breach, February 2026
46.5M messages exfiltrated in under 2 hours
Autonomous agent exploited 22 unauthenticated API endpoints at a major consultancy. 57K user accounts, 384K AI assistants compromised. 95 system prompts were writable -- attacker could reprogram thousands of consultants' AI without deploying code. No agent identity verification, no authorization checks, no audit trail, no kill switch. (CodeWall disclosure, February 2026)

Detected by: Identity Resolution, Permission Enforcement, Behavioral Baseline, Content Scanning, Hash-Chain Audit, Fleet Halt

Shai-Hulud Worm, May 2026
Anti-remediation: wipes machine if you revoke tokens
Autonomously constructed worm spreads through agent processes, not traditional network vectors. Steals credentials from agent environments, then triggers immediate machine destruction if defenders attempt to revoke stolen tokens. Russian roulette random wipe on each execution. Defense requires halting the agent BEFORE token revocation.

Detected by: Shadow Discovery, Content Scanner, Behavioral Monitor, Desktop Interceptor, Sovereign Halt

node-ipc Supply Chain Attack, May 2026
822K weekly downloads, 90+ credential categories stolen
Attacker re-registered a package maintainer's expired email domain, hijacked their npm account, and published three poisoned versions. Payload fires on require() with no postinstall script. First documented npm attack targeting AI tool configs (.claude.json). DNS tunneling exfiltration disguised as Azure infrastructure.

Detected by: IOC Package Flagging, Version Pinning, C2 Domain Detection, Obfuscated Script Detection

Governance Capabilities

Discover. Enforce. Prove. Govern.

Discover

Find agents your org does not know it runs.

Agentomy maps active agents, frameworks, permissions, and runtime state before they become ungoverned risk.

AGENT REGISTRY

Discovered agents

Demo environment
AgentTypeStatusModuleScore
sales-research-agentResearchActiveRuntimeMonitor92
support-triage-agentSupportActiveAuditLogger88
vendor-review-agentProcurementMonitoredPermissionRouter74
finance-extract-agentFinanceQuarantinedHaltProtocol41
policy-draft-agentLegalMonitoredEthicsConstraint79
report-builder-agentOpsActiveDecisionLog90

Enforce

Policies that enforce themselves at runtime.

Runtime checks route decisions through policy controls before sensitive actions execute.

POLICY CONTROL

Enforcement policies

Demo environment
EU AI Act evidence captureTrustScorerActiveUpdated 4m ago
NIST RMF runtime reviewRuntimeMonitorActiveUpdated 9m ago
OWASP Agentic Top 10 guardrailEthicsConstraintPendingUpdated 16m ago
Vendor connector permissioningPermissionRouterViolatedUpdated 22m ago
Unsafe execution haltHaltProtocolActiveUpdated 31m ago

Prove

Audit-ready proof, not audit-ready promises.

Every evaluated action can become a traceable evidence record with policy context and decision history.

AUDIT EVIDENCE

Evidence chain

TimestampAgentActionResultHash
12:42:08PermissionRouterdata_access_requestBlocked...9f2a81c4
12:41:54AuditLoggeroutput_validationAllowed...3d91a0be
12:41:37TrustScorerpolicy_checkAllowed...71e43d22
12:40:58RuntimeMonitorbehavior_driftFlagged...a48c0e19
12:40:21HaltProtocolhalt_initiatedBlocked...6be802aa

Govern

One governance layer for every agent framework.

Unify policy state, agent visibility, runtime controls, and evidence records across the agent stack.

GOVERNANCE OVERVIEW

Operating state

Demo environment
86%Governance score
47agents governed
18policies active
12,842demo events today
12:40last halt event
Powered by the Agentomy Governance Protocol →
Skill-Native Governance

Every Agentomy primitive ships in the Agent Skills format.

AI agent platforms increasingly discover capabilities through the open Agent Skills spec (Claude Code, Cursor, Copilot, Gemini CLI, Codex, Goose, OpenHands, Kiro, Tabnine, and ~15 more). Agentomy ships 16 spec-conformant skills covering every IP-named primitive in our vocabulary -- discoverable in the agent's native namespace, not just our REST API.

📦

SovereignSkillRegistry

Runtime-loaded registry of every spec-conformant SKILL.md. SHA-256 contentHash per skill + registryHash (hash-of-hashes) for tamper-detect across the full inventory. Public discovery at GET /api/skills/registry/status.

🔐

SignedSkillAttestation

Every Agentomy skill carries an Ed25519 attestation binding skill content + version to the constant Agentomy issuer. Verifier returns 5 specific tamper reasons. Differentiates from unsigned community skill libraries.

🔑

govern.skill() SDK

The SDK method that turns "loaded a skill" into "loaded a governed skill". Three-gate decision: skill exists in registry + caller tier permits + attestation verifies. const r = await agent.skill("agent-certificate", { callerTier: "Operator" }).

View the 5-tier feature matrix →    Browse the 16 skills →

Command Center

A command center for governed agents.

Monitor agent inventory, policy coverage, enforcement actions, evidence records, and model routing from one operational surface.

EU AI ActAlignment
78%
NIST RMFAlignment
92%
OWASP AgenticAlignment
85%
12:42PermissionRouterVendor access blocked
12:41AuditLoggerEvidence record generated
12:40RuntimeMonitorBehavior drift flagged
12:39TrustScorerGovernance score updated
12:38TraceBindingConnector trace attached
12:37DecisionLogPolicy decision recorded
12:36EthicsConstraintOutput review queued
12:35HaltProtocolUnsafe action halted
Agent Registry Demo environment
AgentTypeStatusModuleScore
sales-research-agentResearchActiveRuntimeMonitor92
support-triage-agentSupportActiveAuditLogger88
vendor-review-agentProcurementMonitoredPermissionRouter74
finance-extract-agentFinanceQuarantinedHaltProtocol41
policy-draft-agentLegalMonitoredEthicsConstraint79
report-builder-agentOpsActiveDecisionLog90
Active Policies Demo environment
vendor-accessPermissionRouterBlock external data access without approval
audit-trailAuditLoggerRecord every governed action as evidence
runtime-scoreTrustScorerScore each action against policy at runtime
drift-thresholdRuntimeMonitorFlag behavior drift beyond baseline
unsafe-actionHaltProtocolHalt agents on unsafe action attempts
restricted-outputEthicsConstraintQueue restricted output for review
decision-proofDecisionLogBind each decision to a proof record
Runtime Events Demo environment
12:42PermissionRouterdata_access_request blocked (vendor-access)
12:41AuditLoggeroutput_validation allowed (audit-trail)
12:40RuntimeMonitorbehavior_drift flagged (drift-threshold)
12:39TrustScorerpolicy_check allowed (runtime-score)
12:38TraceBindingconnector_trace allowed (crm-access)
12:37DecisionLogevidence_recorded allowed (decision-proof)
12:36EthicsConstraintprompt_review flagged (restricted-output)
12:35HaltProtocolhalt_initiated blocked (unsafe-action)
Audit Trail Demo environment
#a7f312:42:08PermissionRouter -> data_access_request -> Blocked
#a7f212:41:54AuditLogger -> output_validation -> Allowed
#a7f112:41:37TrustScorer -> policy_check -> Allowed
#a7f012:40:58RuntimeMonitor -> behavior_drift -> Flagged
#a7ef12:40:21HaltProtocol -> halt_initiated -> Blocked
#a7ee12:39:12DecisionLog -> evidence_recorded -> Allowed
#a7ed12:38:44TraceBinding -> connector_trace -> Allowed

Each entry is hash-linked to the previous for tamper-evident replay.

Connectors Demo environment
crmCRM connectorTrace-bound
warehouseData warehouse connectorTrace-bound
ticketingTicketing connectorTrace-bound
repoRepository connectorMonitored
messagingMessaging connectorTrace-bound
Framework Alignment Self-assessed readiness
EU AI ActAlignment
78%
NIST RMFAlignment
92%
OWASP AgenticAlignment
85%
SOC 2Readiness trackedLogical access, change management, monitoring
ISO 27001Readiness trackedAccess control, logging, operations security
GDPRReadiness trackedAccess records, breach detection support
Open Source Foundation

Open where trust begins. Commercial where governance scales.

Agentomy Agent gives builders an open governed agent framework. Agentomy builds the commercial governance operating system around discovery, enforcement, evidence, and enterprise control.

PermissionRouter
AuditLogger
HaltProtocol
ExecutionTimer
AgentSandbox
DecisionLog
TraceBinding
TeamCoordinator
EthicsConstraint
TrustScorer
RuntimeMonitor
DeploymentManifest
Discover, enforce, prove.

Bring Your Own Key. Self-hosted (Tier 1) or API key (Tier 2). Your governance data stays in your infrastructure. Deploy to Azure Container Apps, Kubernetes, Docker, or air-gapped environments. Self-hosted deployment eliminates network transport exposure entirely.

$ npm install agentomy-agent
import
{ GovernancePipeline } from 'agentomy-agent'
const gov = new GovernancePipeline()
const result = await gov.evaluate({ action: 'data_export' })
console.log(result.auditTrail)
View on npm Read the docs
12 / 250+
Open source / governance modules
15,000+
Automated tests
5/5
GovernanceBench suites confirmed
MIT / Apache 2.0 / AGPL
Open source licensing
Governance is not the opposite of innovation. It is the structure that makes it possible.

Govern the agents already operating inside your organization.

Agentomy gives teams the operating layer to discover, enforce, prove, and govern AI agent activity before it becomes unmanaged risk.

View open source