2-Minute CE Demo¶

Audience: evaluator. This page proves ADK works on your machine in two minutes using CE-tier (Community Edition) artifacts — no Docker, no source clone, no agreement required. For real deployments (single-node first stack, robotics first stack, Controlled fleet deployment), see Install & Run.

Install and run the demo — 2 minutes¶

Prerequisites: python3 on PATH. No build required.

curl -fsSL https://get.autonomyops.ai/install.sh | bash
autonomy demo openclaw
autonomy demo validate

Supported platforms: macOS (arm64, amd64), Linux (arm64, amd64). No Docker, no network access after install.

What you will see: the OpenClaw agent submits three tool calls against a live governance runtime. An environment probe is permitted and runs. A shell exfiltration attempt is denied before execution — the shell command is never spawned. A policy-scoped rollback fires on the unsafe state. Every decision is written to the local WAL and survives process restart.

autonomy demo validate runs six objective checks (python3 present, demo completes without error, ALLOW and DENY signals present, WAL evidence present, elapsed under 5 minutes) and exits 0 when all pass.

Preserve the WAL for inspection. By default the demo’s WAL is written to a temp directory and removed on exit. To keep it:

# Preserve the auto-generated WAL directory; the footprint panel prints the
# next-step inspect command with the absolute path baked in.
autonomy demo openclaw --keep

# Or pin to a known location via AUTONOMY_DEMO_WAL_DIR (the path is created
# if missing and is never auto-removed).
AUTONOMY_DEMO_WAL_DIR=~/audit-evidence autonomy demo openclaw
autonomy wal inspect --dir ~/audit-evidence

To dump the embedded policy bundle that produced the demo’s decisions:

autonomy policy inspect --embedded                # manifest + rego file list
autonomy policy inspect --embedded --show-source  # …with full Rego inline

autonomy demo validate

Connect your own agent¶

Once installed, wrap any subprocess-based agent with policy governance:

autonomy run python3 my_agent.py

autonomy run starts an in-process policy-gated runtime on a random localhost port, injects AUTONOMY_RUNTIME_URL into the subprocess environment, and propagates the subprocess exit code. Your agent calls the runtime via HTTP; the runtime returns {"decision":"allow",...} or {"decision":"deny",...} with HTTP 200 or HTTP 403 respectively.

Every tool decision is recorded in a local WAL, including the layered governance trail (policy.allow + runtime.deny under the same audit_id when a runtime-enforcement layer like AllowedDomains for tool.http_get rejects). A System footprint (this run) panel is printed to stderr at exit naming the WAL path, the file sizes, the frame count, the subprocess command, and the policy source.

By default the WAL is written to a temp directory and removed on exit. Two ways to preserve it for inspection:

# Pass --keep to preserve the auto-generated WAL directory; the footprint
# panel prints the next-step inspect command with the absolute path baked in.
autonomy run --keep python3 my_agent.py
autonomy wal inspect --dir /tmp/autonomy-run-wal-<random>

# Or pin to a known location via AUTONOMY_RUN_WAL_DIR (the path is created
# if missing and is never auto-removed).
AUTONOMY_RUN_WAL_DIR=~/audit-evidence autonomy run python3 my_agent.py
autonomy wal inspect --dir ~/audit-evidence

The two preservation knobs are mutually compatible: --keep is ignored when AUTONOMY_RUN_WAL_DIR is set because operator-named directories are always preserved.

Advanced: persistent runtime daemon¶

Start the runtime with the embedded demo policy on a fixed port. Useful for iterating on agent logic without restarting governance on every run.

autonomy runtime start --demo

Default listen address: 127.0.0.1:7777.

Liveness check:

curl http://127.0.0.1:7777/health

{"status":"ok"}

Direct tool call:

curl -s -X POST http://127.0.0.1:7777/v1/tool \
  -H 'Content-Type: application/json' \
  -d '{"kind":"tool.echo","params":{"message":"hello"}}'

{"decision":"allow","output":"hello","policy_ref":"embedded:demo"}

Denied call:

curl -s -X POST http://127.0.0.1:7777/v1/tool \
  -H 'Content-Type: application/json' \
  -d '{"kind":"tool.shell","params":{"cmd":"id"}}'

{"decision":"deny","reason":"policy: deny","policy_ref":"embedded:demo"}

HTTP 200 = allow + executed. HTTP 403 = deny (policy rejected, tool never ran).

Inspect the telemetry WAL¶

Every decision and tool execution writes a durable event to the local WAL:

autonomy wal status

WAL dir:   ~/.cache/autonomyops/telemetry
Total:     8
Exported:  0 (pos=0)
Pending:   8

Inspect the most recent entries:

autonomy wal inspect --limit 5

Export to JSONL:

autonomy telemetry export --out - | head -1 | python3 -m json.tool

{
  "seq": 1,
  "written_at": "2026-02-27T20:07:54Z",
  "event": {
    "kind": "autonomy.lifecycle",
    "attrs": {"event": "policy.bundle.loaded", "bundle_version": "1.0.0"}
  }
}

Supported tools¶

Kind	Behavior	Default policy
`tool.echo`	Returns the `message` param unchanged	Allow
`tool.http_get`	HTTP GET to an allowlisted endpoint key (`params.endpoint`)	Allow (restricted endpoints)
`tool.shell`	Executes a shell command	Deny (hardcoded in demo policy)

--allowed-domains controls the endpoint-key allowlist for tool.http_get (default: api.anthropic.com,ifconfig.me). The runtime rejects legacy params.url and requires params.endpoint.

Contributor path — build from source¶

For contributors only. External users should use the binary install above.

Prerequisites: Go 1.25.11, make.

In-repo:

git clone https://github.com/autonomyops/adk
cd adk
make build
./bin/autonomy demo policy
./bin/autonomy run python3 examples/agent.py

Installed: equivalent to the install one-liner at the top of this page — autonomy demo openclaw runs the same in-process governance flow against the embedded policy without needing a build.

autonomy demo policy starts an in-process runtime backed by the embedded demo policy, fires three tool calls (tool.echo → ALLOW, tool.http_get → ALLOW, tool.shell → DENY), and prints governance verdicts.

Full-stack path (Docker required)¶

Prerequisites: Go 1.25.11, Docker, Python 3.12 + uv.

Private image access (Stage 1 beta): images under ghcr.io/autonomyops/* are invite-only. Authenticate before pulling:

echo "$TOKEN" | docker login ghcr.io -u "$USER" --password-stdin

Start infrastructure (registry + runtime + OTLP sink + Jaeger):

In-repo:

make demo-up

Installed:

cd ~/.autonomyops/quickstart
bash demo/scripts/demo_up.sh

Bootstrap policy, attach OCI sidecars, run the Python agent:

In-repo:

make demo-run

Installed:

# Run once per extracted bundle:
bash demo/keys/generate.sh
# Then the demo flow:
bash demo/scripts/01_build.sh
bash demo/scripts/02_push_attach_sign.sh
bash demo/scripts/03_verify_and_run.sh

Expected final line:

✓ PASS — echo allowed, shell denied correctly

Tear down:

In-repo:

make demo-clean

Installed:

docker compose -f demo/docker-compose.yml down -v && rm -rf demo/data

Next steps¶

getting-started/connect-your-agent.md — advanced path: wrap your own subprocess or use a persistent daemon
policy.md — bundle semver, LKG rollback, runtime compatibility
oci.md — attach lock and policy to an OCI image
security-model.md — trust boundaries and verification order
demo-runbook.md — failure drills and expected outputs