No receipts
Your agent pushes to production. Six months later, compliance asks “Who approved this?” You check git blame, Slack, PR comments — nothing. The agent didn’t leave a trail because nobody asked it to.
The Problem
Section titled “The Problem”AI agents write code, call APIs, and ship features. But nobody is watching them.
No guardrails
You tell your agent “don’t touch .env files.” But that’s a polite suggestion in a system prompt that nothing enforces. One hallucination later, your secrets are in a commit message.
No boundaries
You ask the agent to fix a login bug. It fixes the bug, refactors the payment module, updates three unrelated tests, and adds a dependency you’ve never heard of. Nothing stopped it because nothing could.
LumenFlow sits between your agents and everything they touch — a governance kernel that enforces rules before actions happen, not after.
Four Guarantees
Section titled “Four Guarantees”Structural properties of the kernel — enforced at runtime, every time, for every agent.
Agents stay in their lane
A 4-level scope intersection checks workspace, lane, task, and tool permissions before any action proceeds. All four levels must agree. One “no” and it’s blocked.
Every action has a receipt
Immutable, content-addressed evidence records capture what was requested, what was checked, and what happened. Not logs — cryptographic proof that can be independently verified.
Policies can't be loosened
The deny-wins cascade means a restrictive policy at any level stays restrictive. A lane can’t override a workspace rule. Strictness only goes one direction.
Isolation is real
Agents run in bwrap sandboxes with write confinement and deny overlays on secrets. OS-level isolation — enforced by the Linux kernel, not by the agent runtime.
Works With Any AI
Section titled “Works With Any AI”No vendor lock-in. If your AI can read files and run commands, it can use LumenFlow. Point your agent at AGENTS.md and go.
| Any AI Tool | Enhanced Integrations |
|---|---|
| Works out of the box via markdown instructions | Claude Code, Cursor, Windsurf, Codex get deeper features |
| CLI commands work everywhere — no lock-in | Auto-detection, skills, vendor-specific overlays |
Universal entry points: AGENTS.md, LUMENFLOW.md | Optional: .claude/, .cursor/, .windsurf/ configs |
Open Source by Design
Section titled “Open Source by Design”Free and open source under a dual-license model built for trust:
AGPL v3 — Kernel & Packs
The kernel, runtime, and all packs are AGPL v3. Modify LumenFlow and deploy it as a service? You share your changes. No proprietary forks.
Apache 2.0 — SDK
The Control Plane SDK is Apache 2.0 — use it in proprietary projects, commercial products, or closed-source integrations with zero AGPL obligations.
Every source file carries an SPDX license header. Every package has the correct license in package.json. A NOTICE file documents the full model. Governance software that isn’t transparent about its own governance would be a bad joke.
Need a commercial license? Get in touch.
Extensible by Design
Section titled “Extensible by Design”The kernel is domain-agnostic. Domain knowledge comes from packs — pluggable extensions that add tools, policies, and evidence types for any workflow.
Software Delivery Pack
Ships built-in. Work Units, lanes, gates, worktrees, memory, flow metrics, and 100+ CLI commands for structured software delivery. This is what we use to build LumenFlow itself.
Sidekick Pack
Ships built-in. Workspace-local tasks, memory, routines, channels, and status data under
.sidekick/ for lightweight productivity inside the governed runtime.
Build Your Own
Customer support, data pipelines, infrastructure, compliance — if you can define the rules, you can build a pack for it.
Get Started
Section titled “Get Started”For Humans
Step-by-step setup for developers who want to govern their AI agents today.
For AI Agents
Canonical onboarding guide for AI coding assistants. Hand this to your agent and let it go.
Contribute
Read the Contributing Guide, sign the CLA, and pick up a Work Unit.
Discuss
Questions or feedback? GitHub Discussions or Discord.