ExoArmur is an AI agent governance framework that provides deterministic governance runtime for autonomous and AI-driven systems. It makes decisions replayable, auditable, and enforceable under an immutable contract layer with comprehensive audit trails and safety checks.
It is designed for teams building AI agents or autonomous workflows that require strict accountability, reproducibility, and policy enforcement.
AI agents are making autonomous decisions in production environments without proper oversight. ExoArmur provides the governance framework needed for safe AI agent deployment through:
- Audit Trail: Complete decision logging for compliance and debugging
- Safety Checks: Pre-execution validation and policy enforcement
- Replay System: Deterministic replay of autonomous decisions
- Risk Management: Controlled execution with approval workflows
- Executes decisions under immutable governance contracts
- Produces verifiable audit records
- Enables deterministic replay of decision paths
- Enforces phase-gated and feature-flag boundaries
- Provides a stable Core with gated V2 capability scaffolding
- Not an orchestration framework
- Not an LLM agent framework
- Not a general workflow engine
- Not a distributed systems research project
ExoArmur Core is the invariant enforcement layer within a modular execution architecture. It sits between upstream decision systems and downstream execution targets, ensuring that autonomous system execution remains deterministic, replayable, and independently verifiable through proper governance and audit trails.
Core deliberately separates intelligence from enforcement. Decision systems may evolve independently, but execution integrity and audit guarantees remain stable at this layer.
Gateway → ActionIntent → ProxyPipeline.execute_with_trace() → PolicyDecisionPoint → SafetyGate → Approval Workflow → ExecutorPlugin → ExecutionTrace → ExecutionProofBundle
- ProxyPipeline is the sole execution boundary - All actions must pass through this governance boundary
- Executors are untrusted capability modules - Treated as external, sandboxed components
- Execution must remain deterministic - Same inputs always produce identical outputs
- Evidence artifacts must be replayable - Audit trails enable exact reconstruction of decisions
- CI invariant gates enforce integrity - Automated checks preserve architectural guarantees
V2 capabilities are gated behind feature flags to ensure safe, incremental adoption:
v2_federation_enabled- Enables multi-cell coordinationv2_control_plane_enabled- Activates governance control planev2_operator_approval_required- Requires human approval for actions
V2 defaults to disabled - Core remains fully functional without any V2 features.
Architecture / Contract: v1.0.0 (stable) Package (pip): 0.3.0
The core architecture is contract-stable. Public interfaces evolve only through test-verified changes.
- Python >= 3.8 (CI tested on 3.12.x)
- Pytest is a dev dependency (not installed with runtime deps).
- Minimal test setup:
python -m pip install pytest pytest-asyncio
python -m pytest -q- Optional dev extra (installs pytest + async support):
python -m pip install -e ".[dev]"
python -m pytest -q- Golden Demo is optional and requires NATS JetStream + Docker; if you skip it, the rest of the suite still runs.
python -m venv .venv
source .venv/bin/activate
pip install .
pip install ".[v2]" # optional extrasEditable installs (pip install -e . and pip install -e ".[v2]") are supported for current development and CI validation.
- Runtime and CLI imports should use the installed
exoarmur.*namespace. - V1 contracts are available via
exoarmur.spec.contracts.models_v1. spec.contracts.models_v1remains available as an installed compatibility surface for existing V1 consumers.- Repo-root compatibility shims such as
main.pyandmodels_v1.pyare not installed package entry points and should not be treated as canonical imports.
python -m venv .venv
source .venv/bin/activate
python -m pip install .
exoarmur --help
python examples/quickstart_replay.pyexoarmur --helppython examples/quickstart_replay.py
python -m pytest -qExoArmur integrates with existing AI agent frameworks as a governance layer, adding audit trails and safety checks to autonomous decision making without requiring changes to your existing agent architecture.
The V2 demo shows ExoArmur's governance pipeline with operator approval:
# Enable V2 capabilities and run demo with deny decision
EXOARMUR_FLAG_V2_FEDERATION_ENABLED=true \
EXOARMUR_FLAG_V2_CONTROL_PLANE_ENABLED=true \
EXOARMUR_FLAG_V2_OPERATOR_APPROVAL_REQUIRED=true \
python scripts/demo_v2_restrained_autonomy.py --operator-decision denyExpected Output Markers:
DEMO_RESULT=DENIED
ACTION_EXECUTED=false
AUDIT_STREAM_ID=<stream-id>
Replay the audit stream:
python scripts/demo_v2_restrained_autonomy.py --replay <AUDIT_STREAM_ID>Requirements:
- Docker
- Docker Compose
- Running NATS JetStream server
docker compose up -d
EXOARMUR_LIVE_DEMO=1 python -m pytest tests/test_golden_demo_live.py::test_golden_demo_flow_live_jetstream -v- Snapshot file:
artifacts/openapi_v1.json - Regenerate:
python scripts/export_openapi_and_schemas.py - CI enforces contract stability via snapshot tests.
- Determinism
- Explicit safety enforcement
- Replay-verifiable audit chains
- Phase-gated feature activation
Core is fully functional on its own. Optional proprietary modules can extend capabilities but are not required and remain opt-in.
V2 paths are gated scaffolding; defaults keep V2 disabled. docs/PHASE_STATUS.md is a historical phase snapshot rather than the authoritative current-state status page for main.
- Patch: bug fixes and documentation-only changes with no contract impact.
- Minor: additive, backward-compatible changes (feature-flagged by default) with updated docs.
- Major: any contract change or incompatible behavior (requires governance and updated Golden Demo alignment).
pip install . # Clean package installation from sourceexoarmur --version # Returns consistent version across all componentspython examples/quickstart_replay.py # Demonstrates deterministic replay functionalityexoarmur demo --operator-decision deny # V2 restrained autonomy with human approvalThe V2 demo produces verifiable output markers:
DEMO_RESULT=DENIED- Action approval decisionACTION_EXECUTED=false- Execution statusAUDIT_STREAM_ID=<stream-id>- Replayable audit stream identifier
- Core invariant gates prevent architectural violations
- Automated enforcement of ProxyPipeline execution boundary
- Deterministic replay verification through test suites
- Schema stability checks prevent contract drift
pip install .in a fresh isolated environmentpip install -e .in a fresh isolated environmentpip install -e ".[v2]"with the V2 deny demotests/test_v2_restrained_autonomy.pywith 18 passing tests
RELEASE_NOTES_v0.2.0.mdprovides complete release documentation- Release notes capture release-time state and should not be treated as the current status of
main - Demo output markers provide deterministic proof points
This project has been validated through continuous integration and deterministic demo execution. All functionality claims are supported by reproducible artifacts in the repository. External independent validation is encouraged - the complete test suite and demo markers provide verification capability for any interested party.
- Architecture Overview → docs/ARCHITECTURE_SIMPLE.md
- Design Principles → docs/DESIGN_PRINCIPLES.md
- Validation Guide → VALIDATE.md
- Reviewer Checklist → docs/REVIEW_CHECKLIST.md
- Technical Systems Paper → docs/EXOARMUR_SYSTEMS_PAPER.md