{"id":49443090,"url":"https://github.com/g8e-ai/g8e","last_synced_at":"2026-05-30T02:05:10.376Z","repository":{"id":352663114,"uuid":"1206362526","full_name":"g8e-ai/g8e","owner":"g8e-ai","description":"g8e — governance architecture for trustless environments ","archived":false,"fork":false,"pushed_at":"2026-05-06T20:52:29.000Z","size":52221,"stargazers_count":5,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-05-06T21:35:56.223Z","etag":null,"topics":["ai-agents","ai-agents-framework","ai-chatbot-framework","ai-governance","ai-governance-framework","ai-governance-model","ai-safety","ai-security","ai-tool-integration","devops","go","python","self-hosted"],"latest_commit_sha":null,"homepage":"http://g8e.ai","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/g8e-ai.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-09T20:54:29.000Z","updated_at":"2026-05-05T20:17:56.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/g8e-ai/g8e","commit_stats":null,"previous_names":["g8e-ai/g8e"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/g8e-ai/g8e","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g8e-ai%2Fg8e","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g8e-ai%2Fg8e/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g8e-ai%2Fg8e/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g8e-ai%2Fg8e/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/g8e-ai","download_url":"https://codeload.github.com/g8e-ai/g8e/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/g8e-ai%2Fg8e/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32917885,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-11T17:09:15.040Z","status":"ssl_error","status_checked_at":"2026-05-11T17:08:45.420Z","response_time":120,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","ai-agents-framework","ai-chatbot-framework","ai-governance","ai-governance-framework","ai-governance-model","ai-safety","ai-security","ai-tool-integration","devops","go","python","self-hosted"],"created_at":"2026-04-29T21:01:00.667Z","updated_at":"2026-05-30T02:05:10.370Z","avatar_url":"https://github.com/g8e-ai.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"left\"\u003e\n\n# g8e\n\n**Verify, then execute.**\n\ng8e is a ~20MB, zero-dependency binary that provides agentic governance and state-mutation control. It functions as both the **control plane** (host-local policy decision) and the **data plane** (exclusive mutation executor). \n\nIt dials out via mTLS and listens on nothing. Every AI-proposed action clears a fail-closed verification pipeline on the host and is committed to a git-backed ledger before execution. Only scrubbed projections leave the host; raw data never crosses the wire.\n\n\n[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)\n[![Go](https://img.shields.io/badge/Go-1.22%2B-00ADD8.svg)](https://go.dev)\n[![Status](https://img.shields.io/badge/status-active%20development-orange.svg)](#status-v102--core-platform)\n[![Position Paper](https://img.shields.io/badge/read-position%20paper-black.svg)](docs/core/position_paper.md)\n\n[Getting Started](docs/guides/getting_started.md) · [The two roles](#the-two-roles) · [Mental Model](#the-mental-model) · [Protocol](#the-protocol-invariants) · [Docs](#documentation)\n\n\u003c/div\u003e\n\n---\n\n## QuickStart\n\nGet g8e online in under 60 seconds.\n\n```bash\n# 1. Start the Governance Gateway (g8eg)\n./g8e platform start\n\n# 2. Authenticate (first login automatically bootstraps the platform)\n./g8e auth login\n\n# 3. Verify the status\n./g8e platform status\n```\n\nSee the [Full QuickStart Guide](docs/guides/getting_started.md) for mTLS, enrollment, and CLI configuration.\n\n---\n\n## The two roles\n\ng8e is one binary. Run it in Gateway mode or Operator mode — same artifact, copied wherever it's needed. Everything else is detail.\n\n- **As the Gateway (g8eg)**, it's the meeting point. Your agents and clients submit signed work here. It issues the identity everything else authenticates against, enforces freshness and replay defense, scopes sessions, and keeps the network-side record. And it's deliberately powerless where it counts: it can't reach into a host, can't open a connection to an Operator, and can't decide what's safe to run on a machine it isn't sitting on. It admits work and hands it out. It does not execute, and its say-so is not final.\n- **As the Operator (g8eo)**, it's the authority. Run on the host, it dials out to the Gateway, pulls down signed work, and makes up its own mind — re-verifying every proof against its own local state and trusting nothing upstream, the Gateway included. It's the only thing on that box allowed to change state, the only place raw data ever lives, and the local, git-backed record of everything that happened. Decision and execution, both on the host, in one binary.\n\n**The split is the entire point**: the Gateway proposes, the Operator disposes. A compromised Gateway can lie about what to run; it can't make a host run it. The binding go/no-go always happens on the machine that owns the consequences — locally, against local state, recorded before the side effect. There is no trusted middle to compromise, because nothing in the middle has the final word.\n\n---\n\n## The mental model\n\ng8e follows standard MCP topology with integrated BFT governance.\n\n```mermaid\ngraph TD\n    subgraph Clients [\"Any AI client — agent-agnostic\"]\n        C1[\"MCP client\u003cbr/\u003e(Claude / Cursor / BYO)\"]\n        C2[\"Agentic ensemble\u003cbr/\u003e(A2A / tool calls)\"]\n    end\n\n    GW[\"Governance Gateway · g8eg\u003cbr/\u003e(Policy Decision Point)\u003cbr/\u003eadmits signed envelopes · owns PKI\"]\n\n    subgraph Fleet [\"Sovereign hosts — platform-agnostic\"]\n        O1[\"Governed Operator · g8eo\u003cbr/\u003e(Policy Execution Point)\u003cbr/\u003egoverns + executes locally\"]\n        D1[(\"Raw data + audit\u003cbr/\u003estay on host\")]\n        O1 --- D1\n    end\n\n    C1 --\u003e GW\n    C2 --\u003e GW\n    O1 -. \"outbound-only mTLS\" .-\u003e GW\n```\n\n### Execution Flow\n\nThe sequence of a governed transaction execution:\n\n```mermaid\nsequenceDiagram\n    autonumber\n    participant Principal as Principal\u003cbr/\u003e(Human / AI Agent)\n    participant Ensemble as Producer\u003cbr/\u003e(g8e-compatible agentic ensemble / BYO / MCP client)\n    participant Gateway as Governance Gateway\u003cbr/\u003e(g8eg)\n    participant Operator as Governed Operator\u003cbr/\u003e(g8eo)\n\n    Principal-\u003e\u003eEnsemble: Submit intent (MCP / A2A / tool call)\n    Note over Ensemble: Reach Consensus (L2)\u003cbr/\u003eWrap in signed GovernanceEnvelope\n    Ensemble-\u003e\u003eGateway: Submit envelope for admission\n\n    Operator-\u003e\u003eGateway: Open outbound-only mTLS tunnel\n    Operator-\u003e\u003eGateway: Fetch pending GovernanceEnvelope\n\n    Note over Operator: Run verification layers — Doctrine, Consensus, Notary, Warden\u003cbr/\u003e(fail-closed)\u003cbr/\u003eExecute via Actuator\u003cbr/\u003eAnchor to local audit vault\n\n    Operator-\u003e\u003eGateway: Push Sovereignty-scrubbed signed receipt\n    Gateway-\u003e\u003ePrincipal: Return final safe output\n```\n\n---\n\n## Governance Layers\n\nEvery mutation passes through sequential verification layers at the Operator boundary. Failed transactions are rejected and audited immediately.\n\n```mermaid\ngraph TD\n    Start[\"Signed GovernanceEnvelope\u003cbr/\u003e(Incoming Transaction)\"]\n\n    subgraph Verification [\"Operator Verification - protocol-mandated\"]\n        direction TB\n        L1{\"L1: Technical Bedrock\u003cbr/\u003eForbidden Patterns?\"}\n        L2{\"L2: Consensus\u003cbr/\u003eTribunal Signature?\"}\n        L3{\"L3: Authorization\u003cbr/\u003eHuman Presence?\"}\n        State{\"State Check\u003cbr/\u003eMerkle Root Fresh?\"}\n        L4{\"L4: Warden\u003cbr/\u003ePre-dispatch Gate\"}\n        \n        FailClosed[\"Fail Closed\u003cbr/\u003eTyped Rejection + Audit Entry\"]\n        Actuator[\"L5: Actuator\u003cbr/\u003eExecute + Signed Receipt\"]\n        LocalVault([Local Audit Vault])\n\n        L1 -- \"Passed\" --\u003e L2\n        L1 -- \"Violated\" ----\u003e FailClosed\n        \n        L2 -- \"Passed\" --\u003e L3\n        L2 -- \"Invalid/Missing\" ---\u003e FailClosed\n        \n        L3 -- \"Authorized\" --\u003e State\n        L3 -- \"Denied\" --\u003e FailClosed\n        \n        State -- \"Fresh\" --\u003e L4\n        State -- \"Stale\" --\u003e FailClosed\n\n        L4 -- \"Verified\" --\u003e Actuator\n        L4 -- \"Failed\" --\u003e FailClosed\n\n        Actuator --\u003e LocalVault\n        FailClosed --\u003e LocalVault\n    end\n\n    LocalVault --\u003e Done[\"Recorded · Signed · Audited\"]\n\n    Start --\u003e L1\n```\n\n| Layer | Name | Mechanism | What it proves |\n| :---: | --- | --- | --- |\n| **L1** | **L1Doctrine** | Forbidden patterns + MITRE heuristics | No hard gate violations (privesc, destruction). |\n| **L2** | **L2Consensus** | Ed25519 k-of-n over transaction hash | Independent model ensemble co-signed intent. |\n| **L3** | **L3Notary** | WebAuthn / mTLS cert fingerprint | Human authorized *this exact* transaction hash. |\n| **L4** | **L4Warden** | Fail-closed pre-dispatch gate | Hash, freshness, state root, and signer trust. |\n| **L5** | **L5Actuator** | Atomic dispatch + signed receipt | The only code path allowed to mutate the host. |\n\n---\n\n## Optional AI Engine (g8ee)\n\nThe reference AI Engine (`g8ee`) is an optional application-layer adapter that produces signed GovernanceEnvelope transactions. It implements a multi-layered agentic hierarchy for high-fidelity intent translation.\n\n```mermaid\ngraph TD\n    classDef principal fill:#f9d0c4,stroke:#333,stroke-width:2px,color:#000;\n    classDef engine fill:#e1f5fe,stroke:#0288d1,stroke-width:2px,color:#000;\n    classDef protocol fill:#fff3e0,stroke:#f57c00,stroke-width:2px,color:#000;\n\n    Principal((\"Principal (Human / Agent)\")):::principal\n\n    subgraph Engine [\"g8ee AI Engine (Application Layer)\"]\n        direction TB\n        Triage[\"Triage Agent (Intent \u0026 Posture)\"]:::engine\n        Reasoner[\"Sage / Dash (Reasoning Path)\"]:::engine\n        \n        subgraph Tribunal [\"Tribunal (L2 Producer)\"]\n            direction TB\n            Panel[\"5-Member Agent Panel\"]:::engine\n            Warden[\"Warden (Two-Strike Circuit Breaker)\"]:::engine\n            Auditor[\"Auditor (L2 Verifier)\"]:::engine\n            \n            Panel --\u003e Warden\n            Warden --\u003e Auditor\n        end\n        \n        Triage --\u003e Reasoner\n        Reasoner --\u003e Panel\n        \n        %% Short Circuits (Feedback Loops)\n        Warden -. \"Risk Feedback (Short Circuit)\" .-\u003e Reasoner\n        Auditor -. \"Rejection / Revision (Short Circuit)\" .-\u003e Reasoner\n    end\n\n    Principal -- \"Initiates Intent\" --\u003e Triage\n    Auditor -- \"Produces L2 Signed Intent\" --\u003e Protocol[\"g8e Protocol Envelope\"]:::protocol\n```\n\n**Agentic Hierarchy Components:**\n- **Triage \u0026 Dash:** Specialized agents for routing, posture assessment, and high-speed trivial responses.\n- **Sage (Reasoning Engine):** Primary interpreter of user intent. Sage stakes reputation on proposals but **cannot execute**; it must submit intent to the Tribunal.\n- **Tribunal (Consensus):** Isolated agents generating command proposals from unique perspectives. Requires consensus (2/5 or 5/5) to proceed. If consensus fails, it loops back to Sage for refinement.\n- **Warden (Circuit Breaker):** Heuristic blocker that rejects \"off-the-wall\" proposals. Rejections trigger a loop back to Sage to improve intent translation.\n- **Auditor (History \u0026 Grounding):** Final verification layer. Reviews the full investigation history to ensure progressive accuracy before signing the protocol envelope.\n\n---\n\n## The Protocol Invariants\n\n- **GovernanceEnvelope**: The single canonical container for every mutation.\n- **Hash-based Integrity**: `id == SHA-256(canonical_fields)`. Wire format is canonical JSON (protojson).\n- **Zero Ambient Context**: Session IDs and identity are body-embedded; no implicit authority.\n- **Outbound-Only mTLS**: Operators dial out; zero inbound ports required on the host.\n- **Sovereignty Boundary**: Automated scrubbing/rehydration ensures raw data never leaves the host.\n- **No Backward Compatibility**: Rip and replace. Stale formats or unsigned inputs are rejected.\n\n---\n\n## Status: v1.0.3 — Core Platform\n\ng8e is the mandatory governance platform. Agent ensembles and Dashboard (g8ed) are optional application-layer adapters.\n\n**Operational Today**\n- **Universal Protocol Translation**: Intercept MCP/A2A tool calls into signed envelopes.\n- **BFT Governance**: Fail-closed L1/L2/L3/L4 verification paths.\n- **Sovereign Execution**: Git-backed ledger and host-local audit vault.\n- **mTLS Reverse Tunnels**: Secure connectivity for firewalled/air-gapped hosts.\n- **L3 Notary**: Out-of-band human-in-the-loop authorization (CLI/WebAuthn).\n- **Data Sovereignty**: Automated PII scrubbing and local forensic persistence.\n\n**In Development**\n- **RBAC**: Granular role-based access control.\n- **Complex Policy**: Dynamic intent allowlisting and advanced L1 heuristics.\n- **Multi-tenancy**: Organization partitioning and tenant isolation.\n\n---\n\n## Documentation\n\n- **[Getting Started](docs/guides/getting_started.md)** · **[Position Paper](docs/core/position_paper.md)**\n- **[Protocol](docs/architecture/g8e.md)** · **[Operator (g8eo)](docs/architecture/operator.md)** · **[Gateway (g8eg)](docs/architecture/gateway.md)**\n- **[Guides](docs/guides/)** · **[Reference](docs/reference/)** · **[Contributing](CONTRIBUTING.md)**\n\n---\n\n## License\n\nApache 2.0. See [LICENSE](LICENSE). Built by [Lateralus Labs](https://lateraluslabs.com).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fg8e-ai%2Fg8e","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fg8e-ai%2Fg8e","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fg8e-ai%2Fg8e/lists"}