No receipts
Your agent pushes to production. Six months later, compliance asks “Who approved this?” You check git blame, Slack, PR comments — nothing. The agent didn’t leave a trail because nobody asked it to.
The Problem
Section titled “The Problem”AI agents write code, call APIs, and ship features. But nobody is watching them.
No guardrails
You tell your agent “don’t touch .env files.” But that’s a polite suggestion in a system prompt that nothing enforces. One hallucination later, your secrets are in a commit message.
No boundaries
You ask the agent to fix a login bug. It fixes the bug, refactors the payment module, updates three unrelated tests, and adds a dependency you’ve never heard of. Nothing stopped it because nothing could.
LumenFlow is the control plane for AI software delivery — a governance kernel that enforces policy, approvals, and evidence before actions happen, not after.
Four Guarantees
Section titled “Four Guarantees”Structural properties of the kernel — enforced at runtime, every time, for every agent.
Agents stay in their lane
A 4-level scope intersection checks workspace, lane, task, and tool permissions before any action proceeds. All four levels must agree. One “no” and it’s blocked.
Every action has a receipt
Immutable, content-addressed evidence records capture what was requested, what was checked, and what happened. Not logs — cryptographic proof that can be independently verified.
Policies can't be loosened
The deny-wins cascade means a restrictive policy at any level stays restrictive. A lane can’t override a workspace rule. Strictness only goes one direction.
Isolation is real
Agents run in bwrap sandboxes with write confinement and deny overlays on secrets. OS-level isolation — enforced by the Linux kernel, not by the agent runtime.
Works With Any AI
Section titled “Works With Any AI”No vendor lock-in. If your AI can read files and run commands, it can use LumenFlow. Point your agent at AGENTS.md and go.
| Any AI Tool | Enhanced Integrations |
|---|---|
| Works out of the box via markdown instructions | Claude Code, Cursor, Windsurf, Codex get deeper features |
| CLI commands work everywhere — no lock-in | Auto-detection, skills, vendor-specific overlays |
Universal entry points: AGENTS.md, LUMENFLOW.md | Optional: .claude/, .cursor/, .windsurf/ configs |
Extensible by Design
Section titled “Extensible by Design”The kernel is domain-agnostic. Domain knowledge comes from packs — pluggable extensions that add tools, policies, and evidence types for any workflow.
Software Delivery Pack
Ships built-in. Work Units, lanes, gates, worktrees, memory, flow metrics, and 100+ CLI commands for structured software delivery. This is what we use to build LumenFlow itself.
Sidekick Pack
Ships built-in. Workspace-local tasks, memory, routines, channels, and status data under
.sidekick/ for lightweight productivity inside the governed runtime.
Build Your Own
Customer support, data pipelines, infrastructure, compliance — if you can define the rules, you can build a pack for it.
Get Started
Section titled “Get Started”For Humans
Step-by-step setup for developers who want to govern their AI agents today.
For AI Agents
Canonical onboarding guide for AI coding assistants. Hand this to your agent and let it go.
Learn the Architecture
Read how the kernel enforces policy, the packs extend it, and the evidence store proves it.
See the FAQ
Short answers to the common questions — how LumenFlow compares, what it costs to run, and whether it fits your stack.