The first open specification for AI agent behavioral governance. Defines what goes in a SOUL.md file, measures governance coverage across nine domains, and provides three conformance levels for auditing agent deployments.
# Generate a governance file
$ npx hackmyagent harden-soul
# Scan for governance coverage
$ npx hackmyagent scan-soul
SOUL.md Governance Scan
File: SOUL.md (2,847 chars)
Domain 07: Trust Hierarchy ....... PASS
Domain 08: Capability Bounds ..... PASS
Domain 09: Injection Hardening ... PASS
Domain 10: Data Handling ......... PASS
Domain 11: Hardcoded Behaviors ... PARTIAL
Domain 12: Agentic Safety ........ PASS
Domain 13: Honesty ............... PASS
Domain 14: Human Oversight ....... PARTIAL
Domain 15: Harm Avoidance ........ PASS
Conformance: Standard (35/42 controls)The AI agent ecosystem has standards for several layers of the stack, but behavioral governance at the deployment level has been unaddressed.
| Layer | Standard | Coverage |
|---|---|---|
| Foundation model | Anthropic Soul, OpenAI Model Spec | How the base model should behave |
| Agent persona | SoulSpec | Personality, tone, and character traits |
| Agent capabilities | Agent Skills | Procedural knowledge and tools |
| Infrastructure | NIST AI Agent Standards | Identity, interoperability, infrastructure |
| Coding instructions | AGENTS.md | Instructions for AI coding agents |
| Behavioral governance | ABGS (this specification) | Per-agent safety constraints, scope boundaries, oversight requirements |
ABGS covers domains 7 through 15 of the OASB framework. Each domain contains specific, testable controls that can be scanned automatically.
Defines who the agent trusts, in what order, and how conflicts between principals are resolved.
Declares what the agent can and cannot do. Explicit scope limits, denied actions, and escalation paths.
How the agent handles prompt injection, context manipulation, and adversarial inputs.
Rules for sensitive data: what to retain, what to redact, and how to handle PII across sessions.
Non-negotiable behaviors that cannot be overridden by any principal, including the developer.
Constraints for tool use, multi-step planning, resource consumption, and autonomous decision-making.
Requirements for truthfulness, uncertainty expression, and disclosure of agent identity and limitations.
When the agent must pause and request human approval before proceeding with high-impact actions.
Guidance for exercising judgment in gray areas where an action is technically permitted but may cause unintended harm.
Three tiers of governance maturity. Start with Essential and work toward Hardened as your agent deployment matures.
Minimum governance for any deployed agent. Covers trust hierarchy, basic boundaries, and data handling.
Full behavioral governance for tool-using and agentic agents. Adds injection hardening, agentic safety, and human oversight.
Maximum governance for multi-agent systems and high-risk deployments. All nine domains fully covered.
Domains 1-6: Authentication, authorization, transport security, logging, configuration, dependency management.
Domains 7-15: Trust hierarchy, capability boundaries, injection hardening, data handling, hardcoded behaviors, agentic safety, honesty, human oversight, harm avoidance.
Integrates both into domains 1-15 for comprehensive AI agent security assessment covering infrastructure and behavior.
Generate a governance file, scan it for coverage, and iterate until you reach your target conformance level.
# 1. Generate a SOUL.md with guided prompts
$ npx hackmyagent harden-soul
# 2. Scan the file for governance coverage
$ npx hackmyagent scan-soul
# 3. Or start from a template
$ npx hackmyagent harden-soul --template agentic
# 4. Validate conformance level
$ npx hackmyagent scan-soul --level standardStart with a template, scan for coverage, and reach conformance.