@@ -25,7 +25,7 @@ Today, writing agent instructions is fragmented on two axes:
2525 unstructured rationale all drop silently at 7B. You don't find out
2626 until the agent misbehaves in production.
2727
28- Eight packages solve that in one pipeline with a control layer and feedback loop:
28+ Nine packages solve that in one pipeline with a control layer and feedback loop:
2929
3030- ** Four build-time tools** turn your authored source into every harness's file layout:
3131 [ ` @razroo/agentmd ` ] ( ./packages/agentmd ) validates * structure* ,
@@ -37,9 +37,10 @@ Eight packages solve that in one pipeline with a control layer and feedback loop
3737- ** One orchestration library** handles durable runtime control:
3838 [ ` @razroo/iso-orchestrator ` ] ( ./packages/iso-orchestrator ) provides resumable
3939 steps, keyed mutexes, and bounded fan-out for side-effectful agent workflows.
40- - ** Two feedback tools** close the loop after deploy:
40+ - ** Three feedback tools** close the loop after deploy:
4141 [ ` @razroo/iso-eval ` ] ( ./packages/iso-eval ) scores * did the agent complete the task?* and
42- [ ` @razroo/iso-trace ` ] ( ./packages/iso-trace ) parses production transcripts to show * what the agent actually did* .
42+ [ ` @razroo/iso-trace ` ] ( ./packages/iso-trace ) parses production transcripts to show * what the agent actually did* ,
43+ while [ ` @razroo/iso-guard ` ] ( ./packages/iso-guard ) enforces operational policies against those event streams.
4344
4445```
4546 authoring build output feedback
@@ -49,6 +50,7 @@ Eight packages solve that in one pipeline with a control layer and feedback loop
4950 │ │ render │ load-bearing why │ │ │ │ .cursor/rules/* │ iso-trace ──▶ production events,
5051 └────────────────────┘ └───────────────────┘ └─────────────────┘ │ .opencode/agents/* │ which rules ever fired,
5152 │ settings.json │ regression-fixture mining
53+ │ │ iso-guard ─▶ policy pass / fail
5254 ┌────────────────────┐ │ .codex/config.toml │
5355 │ models.yaml │ ───────────────────── iso-route build ─────────────────────────────────────▶│ opencode.json │
5456 │ (roles + fallback) │ │ .mcp.json │
@@ -99,6 +101,8 @@ the repo now supports a tighter loop:
99101 tend to surface first on Claude Code, Codex, and OpenCode.
100102- ` iso-trace export-fixture --runner <name> ` turns a real failure into an
101103 ` iso-eval ` suite you can replay across shipped runners.
104+ - ` iso-guard audit ` checks whether a real run obeyed operational policy
105+ without turning those rules into more prompt tokens.
102106
103107## Packages
104108
@@ -158,6 +162,13 @@ the repo now supports a tighter loop:
158162 transcripts do not yet expose stable model metadata. Zero upload —
159163 everything is local reads and user-controlled output.
160164
165+ - ** [ ` packages/iso-guard ` ] ( ./packages/iso-guard ) ** — [ ` @razroo/iso-guard ` ] ( https://www.npmjs.com/package/@razroo/iso-guard )
166+ Deterministic runtime policy checks for agent workflows. Reads normalized
167+ event streams or ` iso-trace export ` JSON/JSONL and verifies invariants
168+ such as bounded fan-out, cleanup-before-dispatch, required follow-up
169+ commands, no overlapping same-key work, and prompt secret redaction.
170+ No model calls, no MCP server, and no injected prompt overhead.
171+
161172- ** [ ` packages/iso-orchestrator ` ] ( ./packages/iso-orchestrator ) ** — ` @razroo/iso-orchestrator `
162173 Durable orchestration primitives for the runtime layer above a single
163174 agent session. Persists workflow state to local disk, memoizes
@@ -261,6 +272,15 @@ iso-trace export <id> --format jsonl --redact > session.jsonl
261272iso-trace export-fixture < id> --out fixtures/my-task --runner codex --edit-checks exists-only --run
262273```
263274
275+ ### ` @razroo/iso-guard ` — did the run obey policy?
276+
277+ ``` bash
278+ iso-guard audit guard.yaml --events session.json
279+ iso-guard audit guard.yaml --events session.jsonl --json
280+ iso-guard verify guard.yaml --events session.json --fail-on warn
281+ iso-guard explain guard.yaml
282+ ```
283+
264284## Layout
265285
266286```
275295 ├── iso-route/ # one model policy → per-harness config
276296 ├── iso-orchestrator/ # durable runtime control above one agent session
277297 ├── iso-eval/ # behavioral eval on the produced harness
278- └── iso-trace/ # parse + query real agent transcripts (observability)
298+ ├── iso-trace/ # parse + query real agent transcripts (observability)
299+ └── iso-guard/ # deterministic runtime policy checks over events
279300```
280301
281302## Build & test
@@ -290,6 +311,7 @@ npm run test:pack # pack local tarballs and smoke installed CLIs
290311npm run test:pipeline # end-to-end demo (agentmd → isolint → iso-harness)
291312npm --workspace @razroo/iso-eval run example # iso-eval against the bundled example suite
292313npm --workspace @razroo/iso-trace run example # iso-trace stats on the bundled sample transcript
314+ npm --workspace @razroo/iso-guard run test # iso-guard policy engine tests
293315
294316# Target a single package
295317npm run build --workspace @razroo/isolint
@@ -325,7 +347,7 @@ build, and `npm publish --provenance`.
325347## End-to-end example
326348
327349[ ` examples/pipeline/ ` ] ( ./examples/pipeline ) is an executable demonstration
328- that exercises ** seven of the eight packages end-to-end** in one `npm run
350+ that exercises ** seven of the nine packages end-to-end** in one `npm run
329351test: pipeline ` invocation: ` agentmd lint` + ` render` → ` isolint lint` →
330352` iso-route build ` (from a bundled ` models.yaml ` that extends the
331353` standard ` preset) → ` iso-harness build ` (which consumes iso-route's
@@ -344,8 +366,9 @@ downstream repo would use.
344366
345367` npm run test:pack ` goes one level further: it packs the local workspaces into
346368tarballs, installs them into fresh temp projects, and smoke-tests the packaged
347- ` iso-harness ` , ` iso ` , ` iso-eval ` , and ` iso-trace ` CLIs. This guards against
348- packaging regressions that workspace-only tests can miss.
369+ ` iso-harness ` , ` iso ` , ` iso-eval ` , ` iso-trace ` , ` iso-route ` , and ` iso-guard `
370+ CLIs. This guards against packaging regressions that workspace-only tests can
371+ miss.
349372
350373[ ` packages/iso-eval/examples/suites/echo-basic/ ` ] ( ./packages/iso-eval/examples/suites/echo-basic )
351374is a runnable eval suite for the downstream side: a baseline workspace, a
0 commit comments