A declarative specification language for AI agent capabilities, constraints, and permissions. Like OpenAPI, but for agent behavior.
agent: customer_service
constraints:
max_tokens: 2000
forbidden: [delete_account, modify_billing]
permissions:
data_access: "assigned_region"
Every deployed agent is a black box of scattered logic, undocumented capabilities, and implicit constraints. Teams build agents fast, but govern them not at all.
What can this agent actually do? Without a formal spec, nobody knows -- not even the developers who built it. Capabilities live in scattered code, config files, and tribal knowledge.
Security teams cannot review what they cannot see. Agent capabilities are implicit, buried in prompt templates, tool registrations, and runtime configurations that no one tracks.
Constraints are code comments and hope. There is no runtime that actually prevents spec violations. When an agent misbehaves, you find out from your users, not your monitoring.
Every agent starts from scratch. There is no way to define a base policy and extend it. Teams copy-paste constraints, drift apart, and end up with inconsistent governance across their fleet.
AgentSpec is a declarative YAML language for defining what an agent can do, what it cannot do, and who decides. Write it once, enforce it everywhere.
Write specs anyone on your team can understand. Version them in git. Review them in pull requests. No DSL to learn -- just structured YAML with clear semantics.
The enforcer wraps your agent and validates every action against the spec in real time. Forbidden tool calls are blocked. Token limits are enforced. No exceptions.
Build a base spec and extend it for each agent type. Override specific fields. Share constraints across your entire fleet. Specifications compose like object-oriented classes.
A complete agent specification in fewer lines than a Kubernetes deployment. Every field is meaningful, every constraint is enforceable.
# Agent: Customer Service Bot # Version: 2.1.0 agent: customer_service_bot version: "2.1.0" description: "Handles customer inquiries and support tickets" capabilities: tools: - name: search_knowledge_base description: "Search internal documentation" rate_limit: 100/minute - name: send_email description: "Send email to customer" constraints: max_recipients: 5 require_approval_if: "refund > $100" - name: create_ticket description: "Create support ticket" priority_levels: [low, medium, high] restrictions: forbidden_tools: - delete_customer_data - modify_billing - access_admin_panel token_limits: max_response: 2000 max_context: 8000 content_policy: no_profanity: true no_competitor_mentions: true permissions: data_access: scope: "customers_in_assigned_region" pii_handling: "mask_after_use" escalation: auto_escalate_after: 3 failed_attempts human_review_required: ["account_deletion", "legal_request"] inherits: base_support_agent
From YAML file to runtime enforcement in under five minutes. No infrastructure required.
Define your agent's capabilities, constraints, and permissions in a YAML file.
AgentSpec validates your spec for correctness, completeness, and policy compliance.
The runtime enforcer wraps your agent and blocks any action that violates the spec.
Review structured violation logs and compliance reports for every agent interaction.
A side-by-side look at agent governance before and after AgentSpec.
| Aspect | Without AgentSpec | With AgentSpec |
|---|---|---|
| Documentation | ||
| Enforcement | ||
| Auditability | ||
| Versioning | ||
| Inheritance | ||
| Team Communication | ||
| Security Review | ||
| Onboarding |
Whether you are a startup with one agent or an enterprise with hundreds, AgentSpec scales to meet your governance needs.
Document and enforce ethical guardrails across your entire agent fleet. Prove compliance to stakeholders with formal, versioned specifications that map directly to your AI ethics policy.
Meet compliance requirements in healthcare, finance, and legal with auditable, versioned behavior specifications. Every agent action is traceable back to an approved spec revision.
Coordinate capabilities and constraints across agent networks. Define which agents can communicate, share data, or delegate tasks to each other through composable specifications.
Audit, approve, and enforce agent policies before deployment. Security teams review YAML specs in pull requests, not scattered code. Policy changes are tracked like infrastructure-as-code.
Let contributors understand exactly what each agent should and should not do. Spec files serve as living documentation that is always in sync with actual agent behavior.
Define base policies for your organization and extend them per team, per role, per agent. Specifications compose like well-designed software.
# Inherits all base_support_agent rules
# Override only what's different for Tier 1
agent: tier1_support
inherits: support_agent
restrictions:
token_limits:
max_response: 1000 # Lower than parent
forbidden_tools:
- issue_refund # Tier 1 can't refund
- modify_subscription # Must escalate
permissions:
escalation:
escalate_to: tier2_support
auto_escalate_after: 2 failed_attempts
A complete toolkit for defining, validating, enforcing, and auditing agent behavior at any scale.
Human-readable agent specifications that anyone on your team can write, review, and understand.
Wrap any agent with a spec-aware enforcer that blocks violations in real time.
Fine-grained data access scoping, PII handling rules, and role-based capabilities.
Structured violation logs and compliance reports for every agent interaction and decision.
Extend base specs and override specific fields. Compose governance like object-oriented code.
Catch errors before deployment. Schema validation ensures your specs are correct and complete.
First-class TypeScript support with full type definitions, validation helpers, and enforcer middleware.
Native Python package with Pydantic models, async support, and seamless framework integration.
Install the Python package or the TypeScript SDK. Parse, validate, lint, and enforce specs with just a few lines of code.
from agentspec import parse_spec, validate_spec, lint_spec, Enforcer, create_context # Parse and validate a spec from YAML spec = parse_spec(yaml_content) result = validate_spec(spec) # Lint for quality and best practices lint = lint_spec(spec) print(f"Score: {lint.score}/100") # Runtime enforcement enforcer = Enforcer(spec) ctx = create_context( agent_id="agent-1", action="read", input_data="query" ) result = enforcer.enforce(ctx)
import { parseSpec, validateSpec, lintSpec } from '@anthropic/agentspec-core'; import { Enforcer, createContext } from '@anthropic/agentspec-sdk'; // Parse and validate a spec from YAML const spec = parseSpec(yamlContent); const result = validateSpec(spec); // Lint for quality and best practices const lint = lintSpec(spec); console.log(`Score: ${lint.score}/100`); // Runtime enforcement const enforcer = new Enforcer(spec); const ctx = createContext({ agentId: "agent-1", action: "read", inputData: "query" }); const enforcement = enforcer.enforce(ctx);
{ "dependencies": { "@anthropic/agentspec-core": "^0.1.0", "@anthropic/agentspec-sdk": "^0.1.0" } }
Drop-in guards for the most popular agent frameworks. Add spec enforcement with a single import.
Enforce AgentSpec constraints on every CrewAI agent and task. The guard wraps your crew and validates each action against the spec before execution.
from agentspec.integrations.crewai import AgentSpecCrewAIGuard
guard = AgentSpecCrewAIGuard(spec)
crew = guard.wrap(my_crew)
crew.kickoff() # Spec-enforced
Add AgentSpec enforcement as LangChain middleware. Works with chains, agents, and any runnable. Violations are caught before they reach the LLM.
from agentspec.integrations.langchain import AgentSpecLangChainGuard
guard = AgentSpecLangChainGuard(spec)
chain = guard.wrap(my_chain)
chain.invoke(input) # Spec-enforced
Wrap the OpenAI API client with spec enforcement. Every chat completion request is validated against your AgentSpec before it is sent to the model.
from agentspec.integrations.openai import AgentSpecOpenAIGuard
guard = AgentSpecOpenAIGuard(spec, api_key="...")
response = guard.chat(messages) # Spec-enforced
Connect AgentSpec to the platforms you already use. Expose your spec-governed agents via OpenAPI for ChatGPT or as MCP tools for Claude.
Use the AgentSpec OpenAPI specification to create ChatGPT Custom GPT Actions. Your GPT can validate, lint, and enforce specs through a standard API.
spec/openapi.yaml
# spec/openapi.yaml
openapi: "3.1.0"
info:
title: "AgentSpec API"
version: "0.1.0"
paths:
/validate: ...
/lint: ...
/enforce: ...
Run AgentSpec as a Model Context Protocol (MCP) server. Claude can parse, validate, lint, and enforce specs as native tools inside any conversation.
npm install @anthropic/agentspec-mcp
validate, lint, enforce
// claude_desktop_config.json
{
"mcpServers": {
"agentspec": {
"command": "npx",
"args": ["@anthropic/agentspec-mcp"]
}
}
}
Open source. Framework-agnostic. Production-ready.