Get your first agent governed in 5 minutes
IRIS governs what runs — not what deploys. Discover, inventory, define policy, guard every call. Everything runs locally.
Install
Requires Python 3.10+.
iris quickstart
Find what's running ungoverned
Register your agent
--name my-agent \
--owner you@company.com \
--team my-team \
--compliance colorado-ai-act \
--high-risk
Run a compliance check
Write policy in plain English
Edit governance/agents/my-agent/policy-intent.md
It must never access payment data.
It must never write to any external system without user consent.
All data must stay in US regions only.
Compile to Cedar
iris policy compile --agent my-agent --dry-run
iris policy diff --agent my-agent
iris policy commit --agent my-agent
Use iris policy status --agent my-agent any time to see whether policy is bound and current.
Enforce in your agent code
client = IrisAnthropic(passport=passport)
See Runtime Enforcement for full examples.
Verify compliance
iris list
iris status
iris evidence query --decision deny
iris witness --agent my-agent
iris list inventories your fleet. iris status shows compliance scores and next actions. iris evidence query filters vault events to what needs attention. iris witness streams live policy decisions as your agent runs.
Record CI evidence (optional)
Add this to your GitHub Actions, GitLab, or Jenkins pipeline so every run writes a signed evidence event — even when the gate fails.
--system github_actions \
--run-id "$GITHUB_RUN_ID" \
--outcome success
Templates for GitHub Actions, GitLab, Jenkins, Terraform, and ArgoCD: Evidence Vault → CI/CD.