Skip to content

GodSpeedAI/SEA

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,408 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SEA-Forge™

Run autonomous coding agents in production. Without the prompt-engineering theater.

CI License Semantic Engine Crates.io DeepWiki

Most organizations face a false binary: ban autonomous coding agents, or run them blind. SEA-Forge is the third option — a governance layer that evaluates every high-impact action against declared authority before execution, with tamper-evident provenance for every decision.

Works with ZeroClaw, Hermes, OpenClaw, Claude Code, Codex CLI, GitHub Copilot CLI, Goose, OpenCode, and custom agents.

Agent proposes action  →  SEA evaluates against declared policy  →  allow | deny | escalate
                                                                    ↓
                                                          hash-chained audit record

Three guarantees

  • Authority is enforced, not requested. Every file write, PR merge, infra change, and outbound API call is evaluated against declared policy before it executes. Agents cannot bypass, hallucinate, or prompt-engineer their way around it.
  • Work is measured against spec, not completion. Agents are scored on coherence with declared ADR/PRD/SDS specs. When coherence stalls, execution escalates instead of racing to ship compliant garbage.
  • Every autonomous action is provable. Hash-chained, append-only, deterministically reproducible. Auditable without interpretation.

60-second quickstart

# Bootstrap the workspace
./install.sh

# Install the wrapper for the agent you already use
bash integrations/zeroclaw/install.sh      # or: hermes, openclaw, claude-code,
                                           #     codex-cli, github-copilot-cli,
                                           #     goose-ai, opencode

# Verify
.sea/bin/sea-<runtime> --help
python3 -m tools.sea_integrate doctor --runtime <runtime> --workspace .

Default policies land in ~/.sea/<runtime>/policies/. Edit them to tighten file paths, PR-merge gates, and API allowlists for your team.


The problem: authority as folklore

Authority boundaries in real organizations exist as folklore — implicit stories about who owns what, who approves what, what constraints apply. Humans absorb them through experience. Agents cannot.

When agents move from advising to acting, they act on that folklore. When they hallucinate an approval, invent a permission, or fabricate a policy, the blast radius is no longer bad code. It is security incidents, compliance failures, and production outages.

The standard answers do not work.

  • Tighter prompts — agents route around them
  • Stricter sandboxes — innovation dies
  • Human-in-loop for everything — velocity collapses
  • Ban autonomous agents — you fall behind

You need enforcement that agents cannot bypass, hallucinate, or reason around. You need authority that exists before agents interpret it.


The mechanism

Before any file write, PR merge, infra change, or API call executes:

  1. Normalize. The action is decomposed into actor → operation → resource → context.
  2. Evaluate. It is checked against declared authority: roles, paths, approvals, constraints.
  3. Decide deterministically. allow, deny, or escalate.
  4. Record. The decision, its reasoning, and full context are committed to a tamper-evident provenance chain.
  5. Surface drift. When runtime behavior diverges from declared intent, drift becomes a computational object — not noise, not a warning, a queryable artifact.

Declared truth is never silently overwritten by runtime behavior. Reconciliation is deliberate.


What SEA-Forge actually does

1. Runtime authority enforcement (the hero)

Every high-impact action is gated against declared policy.

  • Filesystem/features/** writable, /core/** requires human review, secrets/ and .env protected.
  • GitHub / CI — PR self-merge gated by path and role; protected-environment deploys require declared approval.
  • External APIs — host allowlists (stripe.com ✓, random-api.example ✗); correlation IDs logged on every outbound call.
  • Infrastructure — production promotions gated; escalation events recorded with full context.

No prompts. No sandbox escape. No hallucinated permissions.

2. Coherence-governed execution (CDAA)

Standard agents optimize for task completion. SEA optimizes for specification fidelity.

Work is measured against declared ADR / PRD / SDS specs plus confirmed user intent. Agents execute rapidly while coherence improves. When coherence stalls, degrades, or conflicts with authority, execution escalates instead of proceeding.

Prevents the dominant failure mode of autonomous agents: high-velocity accumulation of compliant garbage that passes every gate and still ships the wrong system.

3. Specification-driven system generation

SEA does not only secure agent edits. It generates entire systems from conversation.

Domain Expert  ↔  Conversational Agent  →  .sea specifications  →  Full Software System

A conversational agent surfaces ambiguity, asks questions, and confirms understanding. Claims are typed, with evidence pointers back to the conversation. Nothing becomes durable specification without explicit confirmation. Confirmed specs compile into domain logic, ports, adapters, APIs, event schemas, and governance infrastructure.

Developers write integration adapters by hand. SEA generates the governed core. Organizational knowledge becomes enforceable policy, not documentation rot.

See: Transcript-to-Spec Protocol (ADR-015).

4. Drift as a computational object

Drift is not noise. It is data.

  • Spec drift — generated artifacts diverge from declared specification
  • Authority drift — runtime behavior diverges from declared intent

Both are append-only, hash-verified, deterministically reproducible, and auditable without interpretation. Drift signals an implementation error, an undocumented change, an authority bypass, or pressure to evolve the declared model — all actionable, all queryable.

just drift-scan     # detect
just drift-heal     # remediate
just drift-report   # audit-ready summary

5. Experience-based trust (the part most systems do not have)

Most governance systems use binary trust: an agent is trusted, or not. SEA tracks what each agent has actually done and modulates trust by demonstrated domain competence.

Agent trajectory data  →  materialized prior  →  semantic alignment check  →  trust modulation
  • An agent with 50 sessions in /infra/** earns higher trust for infra changes.
  • The same agent editing /services/payments/** escalates — no demonstrated payments experience.
  • Trust grows with logged work, not wall-clock time. Hallucinated expertise is impossible; priors derive from real trajectory data.

Theoretical foundation: Machine Ideolect (OSF preprint).


Why SEA-Forge is different

Standard approach SEA-Forge
Prompt engineering for safety Runtime enforcement agents cannot bypass
Human-in-loop for every action Selective escalation based on declared authority
Ban autonomous agents entirely Govern agents so they are safe to deploy
Security through sandboxing Security through declared boundaries + audit trails
Code review after the fact Specification fidelity before execution
Treat drift as noise Treat drift as computational object
Authority as implicit folklore Authority as explicit, enforceable policy
Binary trust (on / off) Domain-specific trust from demonstrated competence

Theoretical foundation: Organizational Misalignment as a First-Class Computational Object.


Supported agent runtimes

Runtime Integration shape
ZeroClaw SEA-governed fork, pinned release, sidecar install, backup/restore, adopt-existing + uninstall tests
Hermes SEA-governed fork, runtime-native authority interception, pinned SEA fork, install-order-safe adoption
OpenClaw Wrapper integration, governance-contract examples, documentation assets
Claude Code / Codex CLI / GitHub Copilot CLI / OpenCode Governance wrapper via workspace integration
Goose Long-running delegation via ACP protocol
Thoth In-repo governed shell for native SEA execution
Custom agents Runtime adapter contract in tools/sea_integrate.py

Agents keep their native UX. SEA governs file writes, PR merges, HTTP/API calls, workspace skill sync, and cross-agent delegation. See: Agent Runtime Model.


Architecture

SEA-Forge uses a dual-language design. SEA-DSL represents how an organization means to work. SEA-Forge governs how those meanings are compiled, interpreted, validated, and enforced.

Layer Language Location Purpose
CLI + LSP Rust + external binary apps/sea-forge-cli/, domainforge-lsp Parsing, validation, orchestration
Compilers / validators Python tools/*.py AST → IR → Manifest, flow lint, schema validation
Generators TypeScript generators/ Nx generators for bounded-context scaffolding
Domain logic TypeScript libs/<ctx>/domain/ Generated entities, value objects, events
Adapters TypeScript libs/<ctx>/adapters/ Handwritten; wrap third-party SDKs
Services Python services/<n>/ FastAPI microservices
Knowledge graph RDF + SHACL ontologies/, tools/kg_*.py Semantic validation and drift reasoning
Policy gateway OPA + LLM routing infra/opa/, libs/sea/adapters/ Runtime enforcement
Workbench TypeScript apps/workbench/, apps/api/ Drift analysis, governance workflows
Agent shells / runtime integration Python + workspace adapters apps/thoth-shell/, tools/sea_integrate.py Governed execution, runtime onboarding

Development flow:

ADR  →  PRD  →  SDS  →  SEA-DSL  →  AST  →  IR  →  Manifest  →  Generated Code

Generated code (**/src/gen/**, *.ast.json, *.ir.json, *.manifest.json) is never hand-edited. Adapters are handwritten against SDS port interfaces. All commands go through just.


Core commands

just setup              # Base + ts profiles
just doctor             # Environment health check
just pipeline <ctx>     # Compile specs end-to-end
just last-mile <ctx>    # Generate full system from specs

just sea-validate <f>   # 1. SEA-DSL syntax
just flow-lint          # 2. Flow annotation compliance
just spec-guard         # 3. Full spec validation suite

just drift-scan         # detect drift
just drift-heal         # remediate

just observe-all <ctx> <log>   # mine observed semantics from event logs
just observe-diff <ctx>        # compute drift vs declared spec

just ci                 # Full local CI (lint + spec + test + determinism)
just ci-quick           # Fast check

What SEA-Forge is not

  • A low-code app builder
  • A static documentation generator
  • A compliance checklist tool
  • A prompt guardrail wrapper

SEA-Forge is infrastructure. It enforces organizational truth before autonomous systems act.


Status

Shipping:

  • Deterministic compilation and full system generation
  • Conversational specification from domain experts
  • Runtime authority enforcement for autonomous coding agents
  • Coherence-governed execution (CDAA)
  • Dual-track drift detection and remediation
  • CI-level behavior guarantees
  • Production-grade operational tooling

Some publishing and extension-distribution workflows are in progress — see the roadmap.


License & commercial use

SEA-Forge is source-available under the SEA-Forge Sustainable Use License, with commercial licensing available.

SEA-Forge follows the Photoshop Principle: you own what you create with the tool, but you do not own or resell the tool itself.

  • You may: use SEA-Forge internally, modify it for internal use, and generate systems, software, documentation, policies, schemas, workflows, and other artifacts for your own organization.
  • You may also: own and commercialize outputs generated by SEA-Forge, provided SEA-Forge itself is not embedded, hosted, redistributed, white-labeled, or provided as part of that commercial offering.
  • You may not: resell SEA-Forge, offer SEA-Forge as a hosted service, embed it in a paid product, white-label it, provide SEA-Forge-powered managed services to clients, or use enterprise-only components without a separate commercial license.

DomainForge / SEA-DSL is an Apache 2.0 licensed dependency maintained in its own repository.

Running agents in production or need client-facing / enterprise deployment rights?licensing@godspeedai.com

Contributing, filing issues, or extending SEA? → see AGENTS.md and .github/copilot-instructions.md.


If you ship autonomous agents, star the repo.
Production-grade autonomous coding with enforced authority.

````

About

Run AI agents in production with runtime authority enforcement, specification-driven quality control, and full audit trails—without sacrificing velocity.

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors