Shape
Governance for AI agents that actually works.
One file. Zero dependencies. Pure Python.
THE PROBLEM
Agents Have Tools. Nobody Has Control.
AI agents are getting access to databases, APIs, payment systems, and infrastructure.
The frameworks that power them optimize for capability. None of them optimize for permission.
No lifecycle phases. No transactions. No budget control. No audit trail.
Your agent just mass-emailed 10,000 customers with a hallucinated discount. It had the tool. It had the permission. Nobody told it to stop.
THE SOLUTION
Four Missing Pieces
1. Phases — Explore → Decide → Commit. No writing before reading.
2. Transactions — All-or-nothing. Fail halfway? Everything rolls back.
3. Budget gates — Cost changes behavior, not just logs.
4. Proof traces — Know why every action was allowed.
Shape doesn't fix agent behavior. It constrains it until only safe behavior survives.
HOW IT WORKS
Rules Anyone Can Read
BLOCK send_email WHEN phase IS NOT commit
BLOCK * WHEN budget ABOVE 90%
REQUIRE APPROVAL FOR * WHEN tool IS irreversible
FLAG * WHEN time OUTSIDE 09:00-17:00No Cedar. No Rego. No policy server.
Your product manager can read these. Your compliance team can write them.
GET STARTED
One File. Zero Dependencies.
cp shape.py /your/project/