agentrc · agentrc
Working Draft — agentrc 0.1.0-draft.6 is an evolving specification draft, not a finished standard. Expect breaking changes. Changelog →
★ Star
Open specification
portable, governed ai agents_
Like bashrc or zshrc, but for an agent. An Agentfile declares one AI agent's identity, capabilities, system prompt, and tools, plus its requests for models, resources, and network — as typed policy a security team can review. Package it as an OCI artifact; compatible runners execute and enforce it. Not a runtime, cloud, model provider, or agent framework.
Read the specification →<br>Start with an Agentfile
View on GitHub<br>Join the Discord
01 > { } _ /mnt<br>=> POLICY 10<br>arc build ..<br>0x1f 4a2b >_<br>IDENTITY ::<br>{ agent } //<br>CAPABILITY 1<br>SOP -> run<br>label 0.1.0<br>$ arc lint _<br>network:443<br>grant|narrow<br>oci://ghcr..<br>04a2 > 1101<br>deny-default<br>>_ cedar ok
agentrc:~$ cat Agentfile
# syntax=agentrc.agentfile/v0.1<br>FROM python:3.11-slim<br>IDENTITY name=hello version=0.1 author=acme<br>IDENTITY description="Minimal agentrc agent"<br>CAPABILITY text<br>SOP You are a minimal example agent. Read a<br>file when asked; do nothing else.<br>CMD python ./agent.py
# Tool (local, embedded) → /mnt/tools/<br>COPY --chmod=755 ./tools/file_read /mnt/tools/file_read
# Requests: the platform grants, narrows, or rejects<br>POLICY model.name claude-sonnet-4<br>POLICY agent.tool_timeout 30s<br>POLICY network dns:api.example.com:443
HEALTHCHECK --interval=60s CMD /mnt/tools/file_read --agentrc-schema
arc lint: okcompiles to OCI + ai.agentrc.* labelspolicy reviewable
Declarative & reproducible
One Agentfile captures identity, capability, policy, tools, and resources — reusing standard Dockerfile keywords plus four agent-native ones: IDENTITY, CAPABILITY, SOP, POLICY.
Policy, not hope
A POLICY line requests a model, resource, or constraint. The platform grants, narrows, or rejects it and enforces the decision with Cedar, deny-by-default.
Portable everywhere
The build translates intent into namespaced ai.agentrc.* OCI labels. Platforms read the labels — never the Agentfile — so agents ship, sign, and mirror like any container image.
Install the CLI
One binary — agentrc (alias arc). It scaffolds, validates, and builds Agentfiles, inspects what an agent requests, and translates an artifact into a backend's deploy config.
macOS & Linux<br>curl -fsSL https://agentrc.ai/install.sh | sh
Homebrew<br>brew install<br>adeelahmad/tap/agentrc
Go 1.25+<br>go install<br>github.com/adeelahmad/agentrc/cmd/agentrc@latest
From source<br>git clone https://github.com/adeelahmad/agentrc<br>cd agentrc && go build -o arc ./cmd/agentrc
Prebuilt, checksum-verified binaries for macOS & Linux (amd64 / arm64). Confirm with arc version. Prefer to read first? curl -fsSL https://agentrc.ai/install.sh and inspect it.
Build and run — locally
Scaffold, validate, and compile an agent into a portable OCI artifact, then preview exactly what a local runner would execute.
Scaffoldarc init › writes ./Agentfile
Validatearc lint Agentfile › identity, policy & schema
Buildarc build -t ghcr.io/you/hello:0.1 . › OCI artifact
Preview the runarc run ghcr.io/you/hello:0.1 --backend local --dry-run
arc build produces a real OCI image (via docker build and the agentrc BuildKit frontend). --dry-run prints the config a runner would apply — agentrc declares and translates; it ships no runtime of its own.
Ship the same artifact to the cloud
The build writes ai.agentrc.* labels once. Point arc run at any backend to translate those labels into that platform's deploy form.
Push once
arc push<br>ghcr.io/you/hello:0.1<br>→ any OCI registry
AWS Bedrock
arc run …hello:0.1<br>--backend bedrock --dry-run<br>→ CreateAgentRuntime JSON
Kubernetes
arc run …hello:0.1<br>--backend kubernetes --dry-run<br>→ deploy manifests
Same artifact, same labels, three substrates. Reference translators — a proof of concept until platforms read ai.agentrc.* labels natively. Not production runners.
The separation agentrc creates
ConcernDefined byRead / enforced byWhy it matters
Agent identity, capabilities, objectiveIDENTITY / CAPABILITY / SOPagent authorClear purpose and scope<br>Tools, skills, MCP serversCOPY / ADD --remote into /mntcompiler → layers + labelsPortable across stacks<br>Resource, model, network, lifecycle requestsPOLICY (typed namespaces)platform (grant / narrow / reject)Governed and reviewable<br>Enforcementtyped requests compiled to Cedarplatform (deny-by-default, forbid > permit)Least privilege by design<br>Packaging and sharingOCI artifact + ai.agentrc.* labelsany OCI registryInteroperable distribution<br>Execution substraterun-time choice (arc run --backend)local, container, microVM, cloud runnersFreedom with guardrails
Core slogan: The Agentfile declares one agent. The lockfile pins dependencies. The package makes it portable. The policy makes boundaries reviewable. The registry makes it shareable. Compatible runners execute it.
Current draft
Working Draft 0.1.0-draft.6<br>Four keywords<br>/mnt projection<br>OCI labels<br>Cedar enforcement<br>Secrets...