Build & integrate

Build an Agent with IRIS

Follow these steps to register an agent, set up governance files, and prepare for runtime enforcement.

1. Install IRIS

pip install iris-security-sdk iris-security-cli
iris quickstart

Requires Python 3.10+. No cloud account. Runs fully local.

2. Discover existing agents (optional)

Before registering, scan your repo for ungoverned LLM calls and agent patterns.

iris scan --discover --dir .
iris scan --discover --govern # show one-line fixes

3. Register your agent

Registration creates an AgentPassport — the inventory record regulators and security teams expect. Primary command: iris declare (iris register is an alias).

iris register \
  --name loan-processor \
  --owner you@company.com \
  --team platform \
  --compliance colorado-ai-act \
  --high-risk

Creates governance/agents/loan-processor/passport.yaml.

4. Check compliance posture

iris framework suggest --agent loan-processor
iris compliance check --framework colorado-ai-act

IRIS shows which rules you violate and how to fix each one in plain English.

5. Write policy intent

Edit governance/agents/loan-processor/policy-intent.md:

This agent processes loan applications.
It may call the credit bureau API in US regions only.
User consent must be logged before any loan decision.
It must never call any API not listed here.

6. Compile to Cedar

export ANTHROPIC_API_KEY=your-key
iris compile --agent loan-processor
iris policy diff --agent loan-processor # preview drift
iris preview --agent loan-processor # risk impact

Commit both policy-intent.md and policy.cedar to Git. Review in a PR.

7. Wire runtime enforcement

See Runtime Enforcement for drop-in LLM clients and @agent.guard() decorators.

Tip: Check governance/ into your repo. Validate on every PR with iris scan --fail-on critical and iris compliance check.

← The Basics Runtime Enforcement →