autonomy run

Run a subprocess under policy governance

Synopsis

Starts an in-process policy-gated runtime on a random localhost port, exports AUTONOMY_RUNTIME_URL to the subprocess environment, then exec’s with any additional arguments.

When –policy is omitted the embedded demo policy is used (allows tool.echo and tool.http_get at the policy layer; denies everything else). tool.http_get still requires an allowlisted endpoint at runtime and is fail-closed by default. Pass –policy to use a custom bundle already present in the local managed cache.

The runtime server shuts down gracefully when the subprocess exits.

ROS2 governed launch (ros2.launch dispatch):

When the first argument is “ros2.launch”, execution is dispatched through runtime/ros2.RunGoverned instead of starting a subprocess. Use –image to select the container path; native path is used as a fallback when Docker is unavailable and ros2 is in PATH.

autonomy run [–image ] [–workspace

] [–runtime-url ]
ros2.launch launch <launch_file> [ros2-args…]

autonomy run ros2.launch topic list

Usage

autonomy run <command> [args...] [flags]

Options

      --image string         [ros2.launch] OCI image for container-path execution (must include the ROS2 toolchain, e.g. ghcr.io/autonomyops/adk-ros2-runtime:v1.0.0)
      --policy string        OCI reference of the policy bundle from the local managed cache (default: embedded demo policy); for ros2.launch: forwarded as the ros2 policy ref
      --runtime-url string   [ros2.launch] AutonomyOps runtime HTTP address for governance callbacks (e.g. http://localhost:8080; default: local-only evaluation)
      --workspace string     [ros2.launch] ROS2 workspace directory forwarded as AUTONOMY_ROS2_WORKSPACE (native path only)