Most organizations face a false binary: ban autonomous coding agents, or run them blind. SEA-Forge is the third option — a governance layer that evaluates every high-impact action against declared authority before execution, with tamper-evident provenance for every decision.
Works with ZeroClaw, Hermes, OpenClaw, Claude Code, Codex CLI, GitHub Copilot CLI, Goose, OpenCode, and custom agents.
Agent proposes action → SEA evaluates against declared policy → allow | deny | escalate
↓
hash-chained audit record
- Authority is enforced, not requested. Every file write, PR merge, infra change, and outbound API call is evaluated against declared policy before it executes. Agents cannot bypass, hallucinate, or prompt-engineer their way around it.
- Work is measured against spec, not completion. Agents are scored on coherence with declared ADR/PRD/SDS specs. When coherence stalls, execution escalates instead of racing to ship compliant garbage.
- Every autonomous action is provable. Hash-chained, append-only, deterministically reproducible. Auditable without interpretation.
# Bootstrap the workspace
./install.sh
# Install the wrapper for the agent you already use
bash integrations/zeroclaw/install.sh # or: hermes, openclaw, claude-code,
# codex-cli, github-copilot-cli,
# goose-ai, opencode
# Verify
.sea/bin/sea-<runtime> --help
python3 -m tools.sea_integrate doctor --runtime <runtime> --workspace .Default policies land in ~/.sea/<runtime>/policies/. Edit them to tighten file paths, PR-merge gates, and API allowlists for your team.
Authority boundaries in real organizations exist as folklore — implicit stories about who owns what, who approves what, what constraints apply. Humans absorb them through experience. Agents cannot.
When agents move from advising to acting, they act on that folklore. When they hallucinate an approval, invent a permission, or fabricate a policy, the blast radius is no longer bad code. It is security incidents, compliance failures, and production outages.
The standard answers do not work.
- Tighter prompts — agents route around them
- Stricter sandboxes — innovation dies
- Human-in-loop for everything — velocity collapses
- Ban autonomous agents — you fall behind
You need enforcement that agents cannot bypass, hallucinate, or reason around. You need authority that exists before agents interpret it.
Before any file write, PR merge, infra change, or API call executes:
- Normalize. The action is decomposed into
actor → operation → resource → context. - Evaluate. It is checked against declared authority: roles, paths, approvals, constraints.
- Decide deterministically.
allow,deny, orescalate. - Record. The decision, its reasoning, and full context are committed to a tamper-evident provenance chain.
- Surface drift. When runtime behavior diverges from declared intent, drift becomes a computational object — not noise, not a warning, a queryable artifact.
Declared truth is never silently overwritten by runtime behavior. Reconciliation is deliberate.
Every high-impact action is gated against declared policy.
- Filesystem —
/features/**writable,/core/**requires human review,secrets/and.envprotected. - GitHub / CI — PR self-merge gated by path and role; protected-environment deploys require declared approval.
- External APIs — host allowlists (
stripe.com✓,random-api.example✗); correlation IDs logged on every outbound call. - Infrastructure — production promotions gated; escalation events recorded with full context.
No prompts. No sandbox escape. No hallucinated permissions.
Standard agents optimize for task completion. SEA optimizes for specification fidelity.
Work is measured against declared ADR / PRD / SDS specs plus confirmed user intent. Agents execute rapidly while coherence improves. When coherence stalls, degrades, or conflicts with authority, execution escalates instead of proceeding.
Prevents the dominant failure mode of autonomous agents: high-velocity accumulation of compliant garbage that passes every gate and still ships the wrong system.
SEA does not only secure agent edits. It generates entire systems from conversation.
Domain Expert ↔ Conversational Agent → .sea specifications → Full Software System
A conversational agent surfaces ambiguity, asks questions, and confirms understanding. Claims are typed, with evidence pointers back to the conversation. Nothing becomes durable specification without explicit confirmation. Confirmed specs compile into domain logic, ports, adapters, APIs, event schemas, and governance infrastructure.
Developers write integration adapters by hand. SEA generates the governed core. Organizational knowledge becomes enforceable policy, not documentation rot.
See: Transcript-to-Spec Protocol (ADR-015).
Drift is not noise. It is data.
- Spec drift — generated artifacts diverge from declared specification
- Authority drift — runtime behavior diverges from declared intent
Both are append-only, hash-verified, deterministically reproducible, and auditable without interpretation. Drift signals an implementation error, an undocumented change, an authority bypass, or pressure to evolve the declared model — all actionable, all queryable.
just drift-scan # detect
just drift-heal # remediate
just drift-report # audit-ready summaryMost governance systems use binary trust: an agent is trusted, or not. SEA tracks what each agent has actually done and modulates trust by demonstrated domain competence.
Agent trajectory data → materialized prior → semantic alignment check → trust modulation
- An agent with 50 sessions in
/infra/**earns higher trust for infra changes. - The same agent editing
/services/payments/**escalates — no demonstrated payments experience. - Trust grows with logged work, not wall-clock time. Hallucinated expertise is impossible; priors derive from real trajectory data.
Theoretical foundation: Machine Ideolect (OSF preprint).
| Standard approach | SEA-Forge |
|---|---|
| Prompt engineering for safety | Runtime enforcement agents cannot bypass |
| Human-in-loop for every action | Selective escalation based on declared authority |
| Ban autonomous agents entirely | Govern agents so they are safe to deploy |
| Security through sandboxing | Security through declared boundaries + audit trails |
| Code review after the fact | Specification fidelity before execution |
| Treat drift as noise | Treat drift as computational object |
| Authority as implicit folklore | Authority as explicit, enforceable policy |
| Binary trust (on / off) | Domain-specific trust from demonstrated competence |
Theoretical foundation: Organizational Misalignment as a First-Class Computational Object.
| Runtime | Integration shape |
|---|---|
| ZeroClaw | SEA-governed fork, pinned release, sidecar install, backup/restore, adopt-existing + uninstall tests |
| Hermes | SEA-governed fork, runtime-native authority interception, pinned SEA fork, install-order-safe adoption |
| OpenClaw | Wrapper integration, governance-contract examples, documentation assets |
| Claude Code / Codex CLI / GitHub Copilot CLI / OpenCode | Governance wrapper via workspace integration |
| Goose | Long-running delegation via ACP protocol |
| Thoth | In-repo governed shell for native SEA execution |
| Custom agents | Runtime adapter contract in tools/sea_integrate.py |
Agents keep their native UX. SEA governs file writes, PR merges, HTTP/API calls, workspace skill sync, and cross-agent delegation. See: Agent Runtime Model.
SEA-Forge uses a dual-language design. SEA-DSL represents how an organization means to work. SEA-Forge governs how those meanings are compiled, interpreted, validated, and enforced.
| Layer | Language | Location | Purpose |
|---|---|---|---|
| CLI + LSP | Rust + external binary | apps/sea-forge-cli/, domainforge-lsp |
Parsing, validation, orchestration |
| Compilers / validators | Python | tools/*.py |
AST → IR → Manifest, flow lint, schema validation |
| Generators | TypeScript | generators/ |
Nx generators for bounded-context scaffolding |
| Domain logic | TypeScript | libs/<ctx>/domain/ |
Generated entities, value objects, events |
| Adapters | TypeScript | libs/<ctx>/adapters/ |
Handwritten; wrap third-party SDKs |
| Services | Python | services/<n>/ |
FastAPI microservices |
| Knowledge graph | RDF + SHACL | ontologies/, tools/kg_*.py |
Semantic validation and drift reasoning |
| Policy gateway | OPA + LLM routing | infra/opa/, libs/sea/adapters/ |
Runtime enforcement |
| Workbench | TypeScript | apps/workbench/, apps/api/ |
Drift analysis, governance workflows |
| Agent shells / runtime integration | Python + workspace adapters | apps/thoth-shell/, tools/sea_integrate.py |
Governed execution, runtime onboarding |
Development flow:
ADR → PRD → SDS → SEA-DSL → AST → IR → Manifest → Generated Code
Generated code (**/src/gen/**, *.ast.json, *.ir.json, *.manifest.json) is never hand-edited. Adapters are handwritten against SDS port interfaces. All commands go through just.
just setup # Base + ts profiles
just doctor # Environment health check
just pipeline <ctx> # Compile specs end-to-end
just last-mile <ctx> # Generate full system from specs
just sea-validate <f> # 1. SEA-DSL syntax
just flow-lint # 2. Flow annotation compliance
just spec-guard # 3. Full spec validation suite
just drift-scan # detect drift
just drift-heal # remediate
just observe-all <ctx> <log> # mine observed semantics from event logs
just observe-diff <ctx> # compute drift vs declared spec
just ci # Full local CI (lint + spec + test + determinism)
just ci-quick # Fast check- A low-code app builder
- A static documentation generator
- A compliance checklist tool
- A prompt guardrail wrapper
SEA-Forge is infrastructure. It enforces organizational truth before autonomous systems act.
Shipping:
- Deterministic compilation and full system generation
- Conversational specification from domain experts
- Runtime authority enforcement for autonomous coding agents
- Coherence-governed execution (CDAA)
- Dual-track drift detection and remediation
- CI-level behavior guarantees
- Production-grade operational tooling
Some publishing and extension-distribution workflows are in progress — see the roadmap.
SEA-Forge is source-available under the SEA-Forge Sustainable Use License, with commercial licensing available.
SEA-Forge follows the Photoshop Principle: you own what you create with the tool, but you do not own or resell the tool itself.
- You may: use SEA-Forge internally, modify it for internal use, and generate systems, software, documentation, policies, schemas, workflows, and other artifacts for your own organization.
- You may also: own and commercialize outputs generated by SEA-Forge, provided SEA-Forge itself is not embedded, hosted, redistributed, white-labeled, or provided as part of that commercial offering.
- You may not: resell SEA-Forge, offer SEA-Forge as a hosted service, embed it in a paid product, white-label it, provide SEA-Forge-powered managed services to clients, or use enterprise-only components without a separate commercial license.
DomainForge / SEA-DSL is an Apache 2.0 licensed dependency maintained in its own repository.
Running agents in production or need client-facing / enterprise deployment rights? → licensing@godspeedai.com
Contributing, filing issues, or extending SEA? → see AGENTS.md and .github/copilot-instructions.md.
If you ship autonomous agents, star the repo.
Production-grade autonomous coding with enforced authority.