Getting started

The Basics

This doc explains the core concepts and command vocabulary for governing AI agents at runtime with IRIS.

What IRIS is (and isn't)

Terraform governs what deploys. IRIS governs what runs.

After your agent is live, it calls APIs on every request, reads customer data, and makes decisions in production. IRIS is the governance layer that watches runtime behavior — not the provisioning layer that stands infrastructure up.

Deploy time	Runtime (IRIS)
What gets built	What actually executes
`terraform plan` / `apply`	`iris scan` · `iris register` · `@agent.guard()`
Infrastructure as Code	Policy as Code for agents

The four phases

IRIS organizes governance around what is running, not what was deployed yesterday.

1. Discover — what's running without governance?

Scan your codebase for ungoverned LLM clients, agent frameworks, and tool calls.

iris scan --discover --dir .

2. Inventory — register agents in your fleet

Every governed agent gets an AgentPassport — owner, team, compliance scope, allowed models. This is your inventory for regulators and security teams.

iris register --name my-agent --owner you@company.com --team platform --compliance colorado-ai-act

iris list  # fleet inventory (alias: iris agents)

3. Define — write what the agent is allowed to do

Write policy-intent.md in plain English. IRIS compiles it to Cedar — a formally verified policy language from AWS. Every change is a Git PR with a reviewer.

iris policy compile --agent my-agent --dry-run

iris policy diff --agent my-agent

iris policy commit --agent my-agent

iris policy status --agent my-agent

4. Guard — enforce on every call at runtime

Cedar policy evaluates in-process before every LLM call. Violations are blocked. Evidence is logged to the local Evidence Vault.

from iris_anthropic import IrisAnthropic

client = IrisAnthropic(passport=passport)

5. Audit — witness, certify, and prove compliance

After agents run in production, IRIS gives you visibility and evidence for regulators.

iris status                    # compliance dashboard

iris list --filter-ungoverned   # agents missing policy.cedar

iris witness --agent my-agent   # live policy feed

iris certify --agent my-agent --framework colorado-ai-act

iris evidence query --decision deny

iris evidence report --agent my-agent

GitOps layout

Every policy is a file. Every change is a PR.

governance/

  agents/

    my-agent/

      passport.yaml       ← inventory

      policy-intent.md    ← source of truth (plain English)

      policy.cedar        ← compiled output

  models/registry.yaml      ← model tiers & fallbacks

  directives/active.yaml    ← kill switches (hot-reload)

Four environments

IRIS follows a building-permit model — never blocks you in development.

Environment	Behavior
`dev`	Warn inline, never block
`test`	Block critical violations in CI
`staging`	Require security approval (`iris hitl`)
`production`	Fail closed — every violation blocked

export IRIS_ENV=production