Quickstart

Install and run the demo — 2 minutes

Prerequisites: python3 on PATH. No build required.

curl -fsSL https://get.autonomyops.ai/install.sh | bash
autonomy demo openclaw
autonomy demo validate

Supported platforms: macOS (arm64, amd64), Linux (arm64, amd64). No Docker, no network access after install.

What you will see: the OpenClaw agent submits three tool calls against a live governance runtime. An environment probe is permitted and runs. A shell exfiltration attempt is denied before execution — the shell command is never spawned. A policy-scoped rollback fires on the unsafe state. Every decision is written to the local WAL and survives process restart.

autonomy demo validate runs six objective checks (python3 present, demo completes without error, ALLOW and DENY signals present, WAL evidence present, elapsed under 5 minutes) and exits 0 when all pass.

autonomy demo validate

Connect your own agent

Once installed, wrap any subprocess-based agent with policy governance:

autonomy run python3 my_agent.py

autonomy run starts an in-process policy-gated runtime on a random localhost port, injects AUTONOMY_RUNTIME_URL into the subprocess environment, and propagates the subprocess exit code. Your agent calls the runtime via HTTP; the runtime returns {"decision":"allow",...} or {"decision":"deny",...} with HTTP 200 or HTTP 403 respectively.

Advanced: persistent runtime daemon

Start the runtime with the embedded demo policy on a fixed port. Useful for iterating on agent logic without restarting governance on every run.

autonomy runtime start --demo

Default listen address: 127.0.0.1:7777.

Liveness check:

curl http://127.0.0.1:7777/health

{"status":"ok"}

Direct tool call:

curl -s -X POST http://127.0.0.1:7777/v1/tool \
  -H 'Content-Type: application/json' \
  -d '{"kind":"tool.echo","params":{"message":"hello"}}'

{"decision":"allow","output":"hello","policy_ref":"embedded:demo"}

Denied call:

curl -s -X POST http://127.0.0.1:7777/v1/tool \
  -H 'Content-Type: application/json' \
  -d '{"kind":"tool.shell","params":{"cmd":"id"}}'

{"decision":"deny","reason":"policy: deny","policy_ref":"embedded:demo"}

HTTP 200 = allow + executed. HTTP 403 = deny (policy rejected, tool never ran).

Inspect the telemetry WAL

Every decision and tool execution writes a durable event to the local WAL:

autonomy wal status

WAL dir:   ~/.cache/autonomyops/telemetry
Total:     8
Exported:  0 (pos=0)
Pending:   8

Inspect the most recent entries:

autonomy wal inspect --limit 5

Export to JSONL:

autonomy telemetry export --out - | head -1 | python3 -m json.tool

{
  "seq": 1,
  "written_at": "2026-02-27T20:07:54Z",
  "event": {
    "kind": "autonomy.lifecycle",
    "attrs": {"event": "policy.bundle.loaded", "bundle_version": "1.0.0"}
  }
}

Supported tools

Kind

Behavior

Default policy

tool.echo

Returns the message param unchanged

Allow

tool.http_get

HTTP GET to an allowlisted endpoint key (params.endpoint)

Allow (restricted endpoints)

tool.shell

Executes a shell command

Deny (hardcoded in demo policy)

--allowed-domains controls the endpoint-key allowlist for tool.http_get (default: api.anthropic.com,ifconfig.me). The runtime rejects legacy params.url and requires params.endpoint.

Contributor path — build from source

For contributors only. External users should use the binary install above.

Prerequisites: Go 1.25.7, make.

git clone https://github.com/autonomyops/adk
cd adk
make build
./bin/autonomy demo policy
./bin/autonomy run python3 examples/agent.py

autonomy demo policy starts an in-process runtime backed by the embedded demo policy, fires three tool calls (tool.echo → ALLOW, tool.http_get → ALLOW, tool.shell → DENY), and prints governance verdicts.

Full-stack path (Docker required)

Prerequisites: Go 1.25.7, Docker, Python 3.12 + uv.

Private image access (Stage 1 beta): images under ghcr.io/autonomyops/* are invite-only. Authenticate before pulling:

echo "$TOKEN" | docker login ghcr.io -u "$USER" --password-stdin

Start infrastructure (registry + runtime + OTLP sink + Jaeger):

make demo-up

Bootstrap policy, attach OCI sidecars, run the Python agent:

make demo-run

Expected final line:

✓ PASS — echo allowed, shell denied correctly

Tear down:

make demo-clean

Next steps