{"id":47733386,"url":"https://github.com/aryaminus/controlkeel","last_synced_at":"2026-06-13T08:03:28.193Z","repository":{"id":348565642,"uuid":"1185750834","full_name":"aryaminus/controlkeel","owner":"aryaminus","description":"Agent control plane for governed AI coding: validate changes, enforce policy gates, track findings, proofs, and evals based on your habits.","archived":false,"fork":false,"pushed_at":"2026-06-07T00:34:49.000Z","size":8910,"stargazers_count":8,"open_issues_count":6,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-07T01:18:07.448Z","etag":null,"topics":["agents","ai-agents","ai-governance","benchmark","code-review","compliance","compliance-as-code","devsecops","elixir","evals","llm","mcp","model-context-protocol","observability","phoenix","policy-as-code","security","skills","tooling"],"latest_commit_sha":null,"homepage":"https://controlkeel.com","language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aryaminus.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"docs/support-matrix.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-03-18T22:56:30.000Z","updated_at":"2026-06-06T23:52:58.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/aryaminus/controlkeel","commit_stats":null,"previous_names":["aryaminus/controlkeel"],"tags_count":144,"template":false,"template_full_name":null,"purl":"pkg:github/aryaminus/controlkeel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aryaminus%2Fcontrolkeel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aryaminus%2Fcontrolkeel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aryaminus%2Fcontrolkeel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aryaminus%2Fcontrolkeel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aryaminus","download_url":"https://codeload.github.com/aryaminus/controlkeel/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aryaminus%2Fcontrolkeel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34276507,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents","ai-agents","ai-governance","benchmark","code-review","compliance","compliance-as-code","devsecops","elixir","evals","llm","mcp","model-context-protocol","observability","phoenix","policy-as-code","security","skills","tooling"],"created_at":"2026-04-02T22:01:27.822Z","updated_at":"2026-06-13T08:03:28.124Z","avatar_url":"https://github.com/aryaminus.png","language":"Elixir","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ControlKeel\n\n[![CI](https://github.com/aryaminus/controlkeel/actions/workflows/ci.yml/badge.svg)](https://github.com/aryaminus/controlkeel/actions/workflows/ci.yml)\n[![Release Smoke](https://github.com/aryaminus/controlkeel/actions/workflows/release-smoke.yml/badge.svg)](https://github.com/aryaminus/controlkeel/actions/workflows/release-smoke.yml)\n[![Latest Release](https://img.shields.io/github/v/release/aryaminus/controlkeel.svg)](https://github.com/aryaminus/controlkeel/releases/latest)\n[![npm bootstrap](https://img.shields.io/npm/v/%40aryaminus/controlkeel.svg)](https://www.npmjs.com/package/@aryaminus/controlkeel)\n[![Socket Badge](https://badge.socket.dev/npm/package/@aryaminus/controlkeel)](https://socket.dev/npm/package/@aryaminus/controlkeel/overview)\n[![controlkeel MCP server](https://glama.ai/mcp/servers/aryaminus/controlkeel/badges/score.svg)](https://glama.ai/mcp/servers/aryaminus/controlkeel)\n\n\u003e Turn the way your team works into enforceable memory for AI agents.\n\n**ControlKeel is an agent control plane for day-to-day governed engineering.** Through observation, findings and evaluation, it learns your intent rules, review taste and delivery habits, turning them into typed memory, policy checks and proof bundles. CK sits between your coding agents and production as a portable \"company brain\": comparing *intended* delivery against *actual* delivery and turning raw agent intent into policy-validated tasks.\n\nIf you're using an AI agent today, you probably have an `*.md` telling it how to behave. But a rules/specs file is just a promise made *to* the model. **ControlKeel enforces the output.** Beyond just catching bugs, CK solves the \"Unknown Unknowns\" problem: having to re-explain your domain knowledge in every single session.\n\n## Product loop\n\n1. **Capture intent and policy** — scope, risk, budget, domain pack, and human taste become CK state.\n2. **Validate agent output** — deterministic checks and optional advisory review produce findings before risky work reaches main.\n3. **Gate only when needed** — humans approve high-impact actions when intent, risk, or policy requires it.\n4. **Persist evidence** — findings, reviews, proofs, memory, cost, and task outcomes survive host switches.\n5. **Improve with evals** — traces and recurring failures become bounded regression evidence for specific suites and subjects.\n\nControlKeel transforms your domain knowledge from \"raw\" intent and \"shelfware\" documentation into a living system that remembers, enforces, and evolves.\n\n## Quick start\n\n### One-line setup via your agent\n\nCopy/paste this into your agent (OpenCode, Codex, Claude, or another supported host):\n\n```text\nSet up ControlKeel for this repository. Read and follow https://raw.githubusercontent.com/aryaminus/controlkeel/main/README.md, https://raw.githubusercontent.com/aryaminus/controlkeel/main/docs/getting-started.md, https://raw.githubusercontent.com/aryaminus/controlkeel/main/docs/support-matrix.md, and https://raw.githubusercontent.com/aryaminus/controlkeel/main/docs/agent-integrations.md. Install ControlKeel if missing, run `controlkeel setup`, detect this agent host, attach the strongest supported path with `controlkeel attach \u003chost\u003e`, then run `controlkeel attach doctor`, `controlkeel provider doctor`, `controlkeel status`, `controlkeel findings`, and the host-native MCP check. If CK is available only as MCP, call `ck_attach` for this host. Apply only safe local fixes and redact secrets from logs. Pause and ask before continuing if the host needs workspace trust, manual provider configuration, a restart after attach/plugin changes, or a plan-review approval that cannot auto-wait. Ensure the project is trusted and restart the host after attach/plugin changes.\n```\n\n### CLI install\n\nInstall the CLI:\n\n```bash\nbrew tap aryaminus/controlkeel \u0026\u0026 brew install controlkeel\n# or\nnpm i -g @aryaminus/controlkeel\n# or\ncurl -fsSL https://github.com/aryaminus/controlkeel/releases/latest/download/install.sh | sh\n```\n\nWindows PowerShell:\n\n```powershell\nirm https://github.com/aryaminus/controlkeel/releases/latest/download/install.ps1 | iex\n```\n\nFirst governed run:\n\n```bash\ncontrolkeel\ncontrolkeel setup\ncontrolkeel attach opencode   # or another supported host\ncontrolkeel attach doctor\ncontrolkeel provider doctor\ncontrolkeel status\ncontrolkeel findings\n```\n\nFor the complete first-run path, use [docs/getting-started.md](docs/getting-started.md). For host truth, use [docs/support-matrix.md](docs/support-matrix.md) and [docs/agent-integrations.md](docs/agent-integrations.md).\n\n## Benchmark-backed evidence\n\nControlKeel includes a persisted benchmark engine. Current user-facing evidence is bounded to the named suite, subject, and scoring definition below; [docs/benchmarks.md](docs/benchmarks.md) is the canonical reference for full tables, caveats, JSON exports, and agent-host protocols.\n\n### Verified with-vs-without-CK baseline (`host_comparison_v1`, 12 risky scenarios)\n\nVerified with ControlKeel `0.3.45`:\n\n- Risky suite `host_comparison_v1`: `ungoverned_baseline` caught **0/12**; `controlkeel_validate` caught **12/12**, blocked **9/12**, and hit expected rules **9/12** with median deterministic validation time **52 ms**, **0 provider tokens**.\n- Paired benign suite `benign_baseline_v1`: `controlkeel_validate` produced **0/10 catches**, **0/10 blocks**, FPR **0.000**, median deterministic validation time **42 ms**, **0 provider tokens**.\n\nRead the numbers precisely: deterministic scanner evidence is not the same as model-backed agent-host evidence. Reproduction commands and the OpenCode/Copilot/Claude/Codex comparison protocol live in [docs/benchmarks.md](docs/benchmarks.md).\n\n## What ships today\n\n- **Local governance:** CLI, stdio MCP, project binding, host attach/export bundles, scanner validation, findings, reviews, proof bundles, budgets, and typed memory.\n- **Host and runtime support:** native attach for supported hosts, runtime exports for headless/outer-loop systems, hosted MCP/minimal A2A, and fallback validation/proxy paths.\n- **Team/project operations:** org membership, invitations, OIDC/SAML auth surfaces, workspace GitHub repo bindings, service accounts, webhooks, workspace tool policy, and policy-set APIs.\n- **Cloud evidence paths:** opt-in cloud telemetry, workspace keys, cloud run packages, runtime callbacks, and dormant-until-configured bidirectional sync for findings, reviews, digests, and memory records.\n- **Observability loop:** timelines, memory quality, costs, trends, problem clusters, eval candidates, benchmark drafts/history, and promotion advisories.\n\n## Docs map\n\n- [docs/README.md](docs/README.md) — documentation map by job\n- [docs/getting-started.md](docs/getting-started.md) — install to first finding\n- [docs/support-matrix.md](docs/support-matrix.md) — canonical host/protocol inventory\n- [docs/agent-integrations.md](docs/agent-integrations.md) — integration mechanisms and support tiers\n- [docs/benchmarks.md](docs/benchmarks.md) — benchmark scoring, metadata, and claim discipline\n- [docs/observability-feedback-loop.md](docs/observability-feedback-loop.md) — local evidence-to-regression loop\n- [docs/api-reference.md](docs/api-reference.md) and [docs/cli-reference.md](docs/cli-reference.md) — code-aligned surfaces\n- [docs/packages.md](docs/packages.md) — package and distribution catalog\n- [docs/self-hosting.md](docs/self-hosting.md) — self-host deployment guidance\n\n## Development\n\n```bash\nmix setup\nmix phx.server\nmix test\nmix precommit\n```\n\nPhoenix + Ecto on SQLite. Uses `Req` for HTTP. Single-binary builds ship through Burrito and GitHub Releases.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faryaminus%2Fcontrolkeel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faryaminus%2Fcontrolkeel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faryaminus%2Fcontrolkeel/lists"}