Agentrc – Dockerfile-shaped, governed packaging for AI agents

adeelahmadch1 pts0 comments

agentrc · agentrc

Working Draft — agentrc 0.1.0-draft.6 is an evolving specification draft, not a finished standard. Expect breaking changes. Changelog →

★ Star

Open specification

portable, governed ai agents_

Like bashrc or zshrc, but for an agent. An Agentfile declares one AI agent's identity, capabilities, system prompt, and tools, plus its requests for models, resources, and network — as typed policy a security team can review. Package it as an OCI artifact; compatible runners execute and enforce it. Not a runtime, cloud, model provider, or agent framework.

Read the specification →<br>Start with an Agentfile

View on GitHub<br>Join the Discord

01 > { } _ /mnt<br>=> POLICY 10<br>arc build ..<br>0x1f 4a2b >_<br>IDENTITY ::<br>{ agent } //<br>CAPABILITY 1<br>SOP -> run<br>label 0.1.0<br>$ arc lint _<br>network:443<br>grant|narrow<br>oci://ghcr..<br>04a2 > 1101<br>deny-default<br>>_ cedar ok

agentrc:~$ cat Agentfile

# syntax=agentrc.agentfile/v0.1<br>FROM python:3.11-slim<br>IDENTITY name=hello version=0.1 author=acme<br>IDENTITY description="Minimal agentrc agent"<br>CAPABILITY text<br>SOP You are a minimal example agent. Read a<br>file when asked; do nothing else.<br>CMD python ./agent.py

# Tool (local, embedded) → /mnt/tools/<br>COPY --chmod=755 ./tools/file_read /mnt/tools/file_read

# Requests: the platform grants, narrows, or rejects<br>POLICY model.name claude-sonnet-4<br>POLICY agent.tool_timeout 30s<br>POLICY network dns:api.example.com:443

HEALTHCHECK --interval=60s CMD /mnt/tools/file_read --agentrc-schema

arc lint: okcompiles to OCI + ai.agentrc.* labelspolicy reviewable

Declarative & reproducible

One Agentfile captures identity, capability, policy, tools, and resources — reusing standard Dockerfile keywords plus four agent-native ones: IDENTITY, CAPABILITY, SOP, POLICY.

Policy, not hope

A POLICY line requests a model, resource, or constraint. The platform grants, narrows, or rejects it and enforces the decision with Cedar, deny-by-default.

Portable everywhere

The build translates intent into namespaced ai.agentrc.* OCI labels. Platforms read the labels — never the Agentfile — so agents ship, sign, and mirror like any container image.

Install the CLI

One binary — agentrc (alias arc). It scaffolds, validates, and builds Agentfiles, inspects what an agent requests, and translates an artifact into a backend's deploy config.

macOS & Linux<br>curl -fsSL https://agentrc.ai/install.sh | sh

Homebrew<br>brew install<br>adeelahmad/tap/agentrc

Go 1.25+<br>go install<br>github.com/adeelahmad/agentrc/cmd/agentrc@latest

From source<br>git clone https://github.com/adeelahmad/agentrc<br>cd agentrc && go build -o arc ./cmd/agentrc

Prebuilt, checksum-verified binaries for macOS & Linux (amd64 / arm64). Confirm with arc version. Prefer to read first? curl -fsSL https://agentrc.ai/install.sh and inspect it.

Build and run — locally

Scaffold, validate, and compile an agent into a portable OCI artifact, then preview exactly what a local runner would execute.

Scaffoldarc init › writes ./Agentfile

Validatearc lint Agentfile › identity, policy & schema

Buildarc build -t ghcr.io/you/hello:0.1 . › OCI artifact

Preview the runarc run ghcr.io/you/hello:0.1 --backend local --dry-run

arc build produces a real OCI image (via docker build and the agentrc BuildKit frontend). --dry-run prints the config a runner would apply — agentrc declares and translates; it ships no runtime of its own.

Ship the same artifact to the cloud

The build writes ai.agentrc.* labels once. Point arc run at any backend to translate those labels into that platform's deploy form.

Push once

arc push<br>ghcr.io/you/hello:0.1<br>→ any OCI registry

AWS Bedrock

arc run …hello:0.1<br>--backend bedrock --dry-run<br>→ CreateAgentRuntime JSON

Kubernetes

arc run …hello:0.1<br>--backend kubernetes --dry-run<br>→ deploy manifests

Same artifact, same labels, three substrates. Reference translators — a proof of concept until platforms read ai.agentrc.* labels natively. Not production runners.

The separation agentrc creates

ConcernDefined byRead / enforced byWhy it matters

Agent identity, capabilities, objectiveIDENTITY / CAPABILITY / SOPagent authorClear purpose and scope<br>Tools, skills, MCP serversCOPY / ADD --remote into /mntcompiler → layers + labelsPortable across stacks<br>Resource, model, network, lifecycle requestsPOLICY (typed namespaces)platform (grant / narrow / reject)Governed and reviewable<br>Enforcementtyped requests compiled to Cedarplatform (deny-by-default, forbid > permit)Least privilege by design<br>Packaging and sharingOCI artifact + ai.agentrc.* labelsany OCI registryInteroperable distribution<br>Execution substraterun-time choice (arc run --backend)local, container, microVM, cloud runnersFreedom with guardrails

Core slogan: The Agentfile declares one agent. The lockfile pins dependencies. The package makes it portable. The policy makes boundaries reviewable. The registry makes it shareable. Compatible runners execute it.

Current draft

Working Draft 0.1.0-draft.6<br>Four keywords<br>/mnt projection<br>OCI labels<br>Cedar enforcement<br>Secrets...

agentrc agent policy agentfile identity build

Related Articles