Governed Autonomous System
Patent Pending

AI that operates under
constitutional governance.

Lancelot is a self-hosted autonomous AI system where every action is constrained by a constitutional Soul, classified by risk, verified after execution, and recorded in an immutable audit trail. Sensitive data is processed locally. Your PII never touches the frontier model.

›_ Install in One Command See the Architecture →
terminal
$ |
~0s
Full Excel workbook: pivot tables, charts, formatting
0+
Tests passing across all subsystems
0
Provisional patents filed
0
Integrated subsystems

Your PII never touches the frontier model. Period.

Lancelot ships with a local model that scrubs sensitive data before it ever reaches a frontier LLM. This isn't a configuration option. It's an architectural guarantee baked into the system.

What is Lancelot

Not a chatbot.
A governed system.

A Governed Autonomous System (GAS) that plans, executes, verifies, and recovers under explicit constitutional control with durable execution that persists across hours, days, or weeks. Every action produces an auditable receipt.

Core Principle

"If there is no receipt, it didn't happen."

Every action Lancelot takes is recorded in an immutable, structured receipt. The governance chain (action, risk tier, Soul check, verification result, and rollback reference) is permanently logged. Failures surface to the operator, never silently swallowed.

No Silent Degradation

Failures surface. Always.

If a step fails, the operator knows. If verification fails, the action is rolled back. Errors are never silently swallowed or retried without visibility. The Soul enforces explicit failure handling. No quiet degradation, no hallucinated success, no hidden retry loops.

Durable Execution

Sleep for a week. Wake up intact.

Lancelot treats an agent as a durable process. It can pause, serialize state to a database, and resume with zero context loss and zero idle cost. Plan Artifacts track honest completion status across arbitrary time horizons. No simulated progress, no hallucinated completions.

Progressive Trust

Earned autonomy, not granted permissions.

Agents earn autonomy like an intern earns responsibility. Week 1: approve every action. Month 3: 50 consecutive successes triggers graduation. Single failure: instant revocation. The Trust Ledger tracks this lifecycle automatically. Binary trust models are a liability at scale.

Competitive Matrix

How Lancelot Is Different

Capability-first versus governance-first. Different problem, different architecture. Here is how Lancelot compares to the frameworks you already know.

Lancelot is an AI agent governance framework built for operators who need architectural guarantees, not advisory policies. Unlike LangGraph or CrewAI, which define how agents work, Lancelot defines what agents cannot do. If you are building an agent that will touch a corporate bank account, customer PII, or production infrastructure, governance is not optional.

Capability LangGraph CrewAI AutoGen Lancelot
Constitutional governanceImmutable Soul, 5 enforced invariants
Application controlUAB: 8 frameworks + legacy apps
Sub-agent orchestrationSubgraph nestingPersistent crewsPersistent groupsEphemeral Hive Mesh with LLM decomposition
Sub-agent governanceInherits graphRole-scopedMonotonic restriction, always stricter
Risk classificationT0–T3 pipeline, proportional controls
Trust modelBinaryBinaryBinaryProgressive graduation, instant revocation
Immutable audit trailTrace logsBasicBasicStructured receipts, every action
PII protectionLocal model scrubs before frontier sees it
Secret managementEnv varsEnv varsEnv varsFernet-encrypted vault with hot rotation
PersistenceCheckpointedLimitedFragileDatabase-backed durable execution
Kill switchesDependency-resolved per subsystem
Skill / plugin securityTool defsTool defsTool defs6 mandatory gates: sandbox, analysis, approval
Human oversightManual checkpointsTask interruptsConversation pausesDurable sleep/wake + APL reduces fatigue
Enterprise readinessHigh (engineers)ModerateModerateBuilt for compliance, legal, security, ops
Compliance exportPartialOne-click SOC 2 / ISO 27001 / GDPR
FederationMulti-instance governed topology with peering
A2A protocolNative (ungoverned)Governed pipelines with trust tiers
Observability (OTel)LangSmithBasicOTel export, Datadog/Grafana, webhook SIEM
Prompt injection defense16 banned patterns, 10 regex detectors
Time-travel debuggingCheckpointsInspect, replay, or fork any receipt

If you're building an agent to help write code, those frameworks are excellent. If you're building an agent that will touch a corporate bank account, customer PII, or production infrastructure, governance isn't optional.

See the full 7-platform competitive matrix →
Architecture Overview

Twenty integrated subsystems.
Each kill-switchable.

Lancelot is composed of modular subsystems gated by dependency-resolved feature flags. Governance is the foundation. Capability is progressively enabled, not the reverse.

Governance Foundation
The constitutional layer
The core primitives that make every other subsystem governed. Capability is built on top of these, not the reverse.
Constitutional Soul
Versioned constitutional document, immutable without owner approval. Linted, validated, and immune to prompt injection or drift.
FEATURE_SOUL
Risk Pipeline
T0–T3 classification with proportional controls. 80% of actions pass at near-zero overhead. T3 always requires approval.
FEATURE_RISK_TIERED
Trust Ledger
Progressive trust graduation with instant revocation on failure. 50 consecutive successes triggers a graduation proposal.
FEATURE_TRUST_LEDGER
Receipt System
Immutable audit trail for every action, every check, every outcome. Both success and failure paths produce receipts.
FEATURE_RECEIPTS
Governed Memory
Core, Working, Episodic, Archival. All edits are atomic and auditable. Memory poisoning is architecturally blocked.
FEATURE_MEMORY
Approval Pattern Learning
Governance gets smarter over time. Observes decisions, detects patterns, proposes automation rules. Approval fatigue drops; audit stays at 100%.
FEATURE_APL
Execution Layer
How the agent acts
The mechanisms through which governed actions are planned, executed, and tracked. Every capability routes through governance, not around it.
Tool Fabric
Provider-agnostic execution with Docker sandbox and policy gating. Six mandatory security gates before any skill reaches production.
FEATURE_TOOLS_FABRIC
Universal App Bridge
Framework-level control over desktop and server apps across 8 UI frameworks plus legacy software. No APIs, no plugins, no screen reading.
FEATURE_TOOLS_UAB
Hive Agent Mesh
Ephemeral sub-agent orchestration with monotonic governance restriction. Sub-agents can only be more restricted than the parent, never less.
FEATURE_HIVE
Plan Artifact
Honest completion semantics. No simulated progress, no hallucinated completions. Verified outcomes only, tracked across any time horizon.
FEATURE_PLAN_ARTIFACT
Scheduler
Governance-aware cron and interval jobs with approval gates. No job executes outside the governance pipeline.
FEATURE_SCHEDULER
Skill Security Pipeline
Six mandatory gates before any third-party capability is installed. Manifest, static analysis, sandbox, enforcement, approval, monitoring.
FEATURE_SKILLS
Connectivity
Governed integration
How Lancelot connects to external services, other agents, and other Lancelot instances. Always through a governance proxy, never directly.
Governed Connectors
Proxy-mediated external integration with credential vault isolation. The agent never sees raw credentials or makes network calls directly.
FEATURE_CONNECTORS
Federation
Multi-instance governed topology with trust-verified peering, federated receipt chains, and mission control War Room.
FEATURE_FEDERATION
A2A Protocol
Google A2A standard with governed inbound/outbound pipelines, agent registry with trust tiers, and agent card generation.
FEATURE_A2A
Health Monitor
System health monitoring with liveness, readiness, and diagnostic state transitions. All transitions produce verifiable receipts.
FEATURE_HEALTH
Observability & Compliance
See everything. Prove it.
Real-time visibility, forensic debugging, and one-click compliance reporting. All derived from the same immutable receipt trail.
Compliance Export
One-click SOC 2 Type II, ISO 27001, and GDPR Article 30 report generation from the receipt DAG with chain integrity verification.
FEATURE_COMPLIANCE
Observability
OpenTelemetry span export, Datadog/Grafana dashboard templates, HMAC-signed webhook SIEM integration, and Metrics API.
FEATURE_OBSERVABILITY
Time-Travel Debugger
Pause, inspect, modify, and resume at any receipt in the execution DAG. Three modes: inspect, replay, and fork.
FEATURE_TIME_TRAVEL
Incident Response
Playbook engine with severity classification, automated containment actions, and post-incident receipt trails.
FEATURE_INCIDENTS
Constitutional Governance

The governance layer
is the foundation.

Every other framework adds governance on top of capability. Lancelot builds capability on top of governance. The difference is architectural, not configurational.

The Soul

Constitutional document. Immutable. Versioned.

The Soul is a versioned constitutional document that defines hard behavioral boundaries enforced at pre-execution, runtime, and post-execution stages. If the Soul did not allow it, Lancelot cannot do it.

v7 ACTIVE
destructive_actions_require_approval
no_silent_degradation
no_autonomous_irreversible
pii_never_leaves_perimeter
soul_ceiling_tiers_enforced
Immutable Receipts

Ground truth for every action taken.

Every action produces a structured receipt recording the full governance chain. The agent does not write to its own memory directly. Memory poisoning is architecturally blocked.

SOUL_CHECKPASS
RISK_CLASSIFYT2
EXECUTESUCCESS
VERIFY_SYNCVERIFIED
TRUST_LEDGERUPDATED
RECEIPTPERSISTED
Risk-Tiered Governance

T0 to T3 Pipeline. Every action classified.

Every action is classified into four risk tiers with proportional controls. 80% of actions pass through at near-zero overhead. Critical actions require full policy evaluation and owner approval.

Governed Connector Proxy

The agent never sees raw credentials.

External service connectors never make network calls directly. They produce request specifications that pass through an independent governance proxy. Policy evaluation, risk classification, credential vault isolation, and audit logging on every outbound call.

1 Request Spec
2 Policy Eval
3 Vault Inject
4 Execute & Record
5 Verify & Update
Gmail Slack Teams Telegram Discord Calendar REST API WhatsApp
Approval Pattern Learning

Governance gets faster
the more you use it.

Lancelot observes operator approval decisions and identifies patterns. When it detects consistent behavior (the same action type approved repeatedly under the same conditions) it proposes an automation rule. Approval fatigue drops. Audit coverage stays at 100%.

01 / Observe

Monitor Decisions

Monitor operator approval and denial decisions across all risk tiers over time.

02 / Detect

Identify Patterns

Identify consistent approval behavior for specific action types and conditions.

03 / Propose

Generate Rule

Generate an automation rule and present it to the operator for review.

04 / Approve

Human Reviews

Human reviews and activates the rule, or rejects it. Always in control.

05 / Execute

Auto-Execute

Future matching actions execute automatically. Still receipted, still auditable, still revocable.

Governance doesn't mean slow. APL ensures that governance gets smarter over time. Approval fatigue drops while audit coverage stays at 100%.

Six-Stage Skill Security

Every third-party capability
passes through six mandatory gates.

Skills never access the network directly. Each stage can halt the pipeline. No skill reaches production without surviving all six.

01
Manifest
Declares capabilities, permissions, and resource requirements. No manifest, no entry.
Gate
02
Static Analysis
Code scanned for banned patterns, dangerous imports, and policy violations before execution.
Gate
03
Sandbox
Executed in isolated Docker container. No network access. No filesystem escape.
Gate
04
Enforce
Runtime policy constraints applied. Resource limits, execution timeouts, output validation.
Gate
05
Approve
Owner explicitly approves installation after reviewing analysis results and sandbox behavior.
Gate
06
Install
Skill registered in Tool Fabric with ongoing monitoring. Revocable at any time via Kill Switch.
Live

Skills produce request specifications. They never make network calls directly. All external communication routes through the Governed Connector Proxy.

Universal Application Bridge

The USB port for AI agents.
Connect to any application.

No APIs to configure. No plugins to install. No screen reading or OCR. UAB gives AI agents framework-level control over desktop and server applications, hooking directly into application frameworks to enumerate UI elements, read state, and execute actions.

61
Action Types
9+
UI Frameworks
17
MCP Tools
~35s
Full Excel Workbook
2D

Spatial Map Engine.

Converts flat UI Automation elements into a 2D rows/columns grid with spatial indexing. Agents understand where elements are relative to each other. No screenshots needed.

MCP

17 native MCP tools for Claude.

Desktop scan, spatial map, smart invoke, action chains, flow library. All exposed natively over MCP. Auto-configured on install.

Five-tier cascade control.

P1: Chrome Extension Bridge. P2: Browser CDP. P3: Framework-specific hooks (Electron, Office, Qt). P4: Windows UI Automation. P5: Vision fallback via LLM Vision API. Each tier auto-falls to the next.

Gov

Governed by default.

Every UAB action flows through governance. Risk classification (safe, moderate, destructive), rate limiting (100/min per PID), audit logging, and receipt tracing on every operation.

Supported Frameworks

EXT
Chrome / Edge
CDP
Electron
COM
Microsoft Office
UIA
Qt 5/6
UIA
GTK 3/4
UIA
WPF / .NET
UIA
Flutter
JAB
Java Swing/FX
UIA
Win32 / Legacy
VIS
Vision Fallback
Independently Licensable

UAB is not tied to Lancelot or any specific agent framework. Works with any orchestration layer. Patent pending.

Lancelot CrewAI LangGraph Any Orchestrator
Action Chains

Multi-step workflows with verification.

Sequential execution with conditional branching, wait steps, delays, and error handling. Pre-built templates for form filling and menu navigation. Learned sequences stored in the Flow Library for instant replay.

Chrome Extension Bridge

Zero-disruption browser control.

Manifest V3 WebSocket extension. No browser restart required. Full tab management, cookies, local/session storage, DOM interaction, and JavaScript execution. Priority 1 in cascade.

Deep Query

Full UI tree with positions and actions.

Scans the entire UIA tree via FindAll and RAWCrawler. Returns every named element with type, supported actions, and screen coordinates. Smart Invoke uses a 6-method activation cascade to find and trigger any element.

Three Access Modes

Library. CLI. HTTP Server.

Import as TypeScript library, use 20+ CLI commands with JSON output, or run as REST API server on port 3100. Same capabilities, three interfaces.

Dual-Mode Architecture

Desktop, server, and container.

Desktop mode (Session 1+, full UIA/CDP, 100/min). Server mode (Session 0, Session Bridge via Task Scheduler). Container mode (minimal, 30/min). Works transparently in SSH and Windows Service contexts.

Production Hardening

Cache, retry, rate limit, health.

Three-tier smart caching with auto-invalidation. Exponential backoff retry with jitter. Rate limiting per PID. 30s health checks with auto-reconnect. 1000-entry audit log.

The UAB has no equivalent in any other agent framework. Other systems read pixels off a screen. UAB operates at the framework layer: structured, deterministic, governed, and capable of controlling legacy enterprise software that predates modern UI frameworks.

Hive Agent Mesh

Ephemeral sub-agents.
Constitutionally governed.

Complex tasks are decomposed into parallel execution groups by an LLM-powered task planner. Each sub-agent is ephemeral, scoped, and governed. Spawned for a task, collapsed when done.

Monotonic Restriction

Sub-agent Souls can only be more restrictive than the parent, never less. A Hive agent can never exceed the governance boundaries of the agent that spawned it. Enforced architecturally at every level of every federated HIVE simultaneously.

Control Methods
Fully Autonomous Supervised (default) Manual Confirm
No Identical Retry

Failed plans are rehashed. Replanned tasks must produce a genuinely new approach, preventing infinite loops and compounding failures.

UAB Integration

When FEATURE_HIVE_UAB is enabled, sub-agents can control desktop applications through the Universal Application Bridge with full governance. Every UAB action is risk-classified and receipt-traced.

01

Decompose

LLM-powered planner breaks goal into parallel execution groups with scoped Souls assigned to each sub-agent.

02

Spawn

Ephemeral agents created with restricted governance. State machine tracks lifecycle from creation to collapse.

03

Execute

Each action passes through RiskClassifier, TrustLedger, and MCPSentry. T3 always requires approval, even in sub-agents.

04

Intervene

Operator can Pause, Resume, Kill, Modify, or Kill-All at any time during execution.

05

Collapse

Agent completes and is destroyed. Results returned, receipts persisted, resources freed. No persistent agent identities.

Unlike persistent multi-agent frameworks (CrewAI, AutoGen), Hive agents are temporary and constitutionally governed. No persistent agent identities, no ungoverned inter-agent communication. The Mesh has no equivalent in any other framework.

The Autonomy Loop

Plan. Execute. Verify.
Every time. No exceptions.

01

Plan

Classify risk tier. Validate against Soul. Check Network Allowlist. Submit for approval if T3. Check APL automation rules. Record in Plan Artifact.

02

Execute

Route through Tool Fabric or Governed Connector Proxy. Credentials from encrypted Vault. Sandboxed if third-party skill.

03

Verify

Sync verification (T2/T3) or async (T1). Update Trust Ledger. Update APL data. Generate immutable receipt. Update Plan Artifact.

Both success and failure paths produce receipts. Failures trigger Trust Ledger revocation and are surfaced to the operator. Never silently swallowed.

Security Infrastructure

Safe by architecture.
Not by configuration.

The model is treated as untrusted logic inside a governed, observable, reversible system. Security is enforced through architecture, not prompt discipline or optional settings.

Local Processing

Local PII Scrubbing

Ships with a local model for sensitive data processing. PII is scrubbed before it ever reaches a frontier model. Not optional. Architectural. Your data sovereignty is the foundation, not a feature.

Vault-Backed Secrets

Fernet-Encrypted Vault

AES-128-CBC plus HMAC-SHA256 with 3-phase hardening: encrypted storage, in-memory cache with environ scrub, and hot rotation without restart. Secrets never live in environment variables.

Network Control

Domain Allowlist

Domain-level allowlist restricts all agent network access to explicitly approved domains. Defense-in-depth alongside the governance pipeline. No domain? No connection.

Prompt Defense

Injection Protection

16 banned patterns, 10 regex detectors, homoglyph normalization, and zero-width character stripping. Soul constraints are architecturally immune to injection. The threat is stopped at input, not at execution.

Kill Switches

Dependency-Resolved Flags

Every subsystem is independently toggleable with dependency-resolved feature flags. Disable any capability without breaking the system. If the Soul is off, everything downstream stops.

Crusader Mode

Posture Transformation

One-click transformation between governed production mode and unrestricted development mode. Feature flags cascade with dependency resolution. Fully reversible. The governance posture is always intentional.

The War Room

Mission control
for your AI.

Every governance subsystem is visible, inspectable, and controllable through a unified mission-control dashboard. Real-time visibility into everything your agent does and why it was allowed to do it.

Command Center

Active Command Interface

Active tasks, conversation interface, defense status, agent stats, and Crusader Mode toggle. Everything operational in one view.

Soul Inspector

Constitutional State

Active Soul version, constitutional constraints, autonomy posture, and override indicators. The current behavioral envelope, always visible.

Governance Dashboard

Policy Performance

Risk tier distribution, approval statistics, and policy evaluation performance metrics in real time.

Receipt Explorer

Searchable Audit Trail

Searchable audit trail with subsystem filter, risk tier coding, and expandable receipt details. Inspect any action, any time.

Trust Ledger

Capability Lifecycle

Capability tracking, graduation thresholds, revocation history, and Soul ceiling enforcement. The earned-autonomy record.

Approval Pattern Learning

Decision Intelligence

Active automation rules, pattern detection, operator decision history, and rule lifecycle management. Governance that learns.

Federation

Multi-Instance Topology

Multi-instance topology, peering status, federated receipt chains, and graph builder. Govern the mesh from a single pane.

A2A Protocol

Agent Registry

Agent registry, trust tiers, agent card management, inbound/outbound activity log. Governed inter-agent communication.

Observability

Full-Stack Telemetry

OpenTelemetry span export, webhook SIEM integration, Metrics API, and pre-built Datadog/Grafana dashboard templates.

Compliance Export

One-Click Reports

SOC 2, ISO 27001, and GDPR report generation with chain integrity verification and download center.

Time-Travel Debugger

Inspect Any Receipt

Inspect, replay, or fork any point in the execution DAG with full state reconstruction. Three modes: inspect, replay, fork.

Incident Response

Playbook Engine

Playbook engine with severity classification, automated containment actions, and post-incident analysis tied to the receipt trail.

Get Started

One command.
Operational AI.

A 13-point pre-flight check verifies your system, guides dependency installation, configures your providers, and opens the War Room. No manual setup required.

$ npx create-lancelot
Node.js 18+ .............. found
Docker CLI ............... found
Docker running ........... ready
Docker Compose v2 ........ found
Git ...................... found
Disk space ............... 42GB free
RAM ...................... 16GB
ℹ GPU + VRAM ............... CPU mode (no GPU)
Internet ................. connected
Ports 8000/8080 .......... available
Docker socket ............ accessible
Write permissions ........ OK
Select comms connectors: Gmail, Slack, Telegram
Choose AI provider: Anthropic (Claude)
API Key: sk-ant-••••••••
All systems operational
War Room opening at localhost:8501
13

13-Point Pre-Flight Check

Checks dependencies, ports, disk, RAM, GPU, network, Docker, and permissions before installing anything. No surprises.

Local

Local Model Included

Ships with a local model for PII scrubbing and low-level functions. Sensitive data never leaves your machine. Architectural, not optional.

4x

Multi-Provider Routing

Anthropic, OpenAI, Google, xAI. Four prioritized routing lanes. Save 75-90% on tokens with intelligent routing across providers.

War

War Room Dashboard

Mission-control interface opens automatically. Real-time visibility into every subsystem, every decision, every receipt from minute one.

The Story

Built entirely with
Claude Code.

Lancelot was designed and built by a single architect using AI-assisted development through Anthropic's Claude Code, without writing any code manually. Every subsystem, every test, every governance primitive was generated from detailed architectural specifications and step-by-step blueprints.

This is not a limitation. It is the point. The value is in the architectural thinking: the pattern recognition from hundreds of enterprise conversations that identified governance as the critical gap in AI agent adoption. The code is the expression of that insight, and AI-assisted development is how one person can build what would traditionally require a team.

The entire system is governed by the architecture you see documented here. 5,500+ passing tests across 249 test files. Twenty integrated subsystems. Five provisional patents. And a one-command installer that gets you operational in minutes.

Architect
Myles Hamilton
Built With
Claude Code by Anthropic
Patent Status
Patent Pending (#63/982,183)
License
BSL 1.1
5,500+
Tests Passing Across 249 Files
20
Integrated Subsystems
5
Provisional Patents Filed
1
Command to Deploy
Pricing

Governance is the moat.
Start free, scale with confidence.

The full governance engine is available under BSL 1.1, free for non-production use. Converts to AGPL-3.0 on March 4, 2030.

Open Source

Free

The complete governed autonomous system for evaluation, development, testing, and personal projects.

BSL 1.1 / Converts to AGPL-3.0 on March 4, 2030.
  • Constitutional Soul engine
  • Risk-tiered governance (T0–T3)
  • Trust Ledger and APL
  • Governed connectors and Credential Vault
  • Local PII scrubbing model
  • Universal Application Bridge
  • Hive Agent Mesh
  • Federation and A2A Protocol
  • Compliance Export (SOC 2, ISO, GDPR)
  • Observability and Time-Travel Debugger
  • War Room dashboard
  • Community support
Get Started on GitHub
Commercial License

Custom

For organizations that need to deploy Lancelot in production environments with enterprise-grade support and legal guarantees.

Coming Soon / Contact for Licensing
  • Everything in Open Source
  • Proprietary integration rights
  • Priority support
  • Security hardening profiles
  • SLA guarantees
Contact for Licensing
FAQ

Common Questions

What is a Governed Autonomous System (GAS)?
A Governed Autonomous System (GAS) is an AI agent architecture where every action is constrained by a constitutional governance document (the Soul), classified by risk tier (T0-T3), verified after execution, and recorded in an immutable audit trail. Unlike standard agent frameworks, governance is architectural, not advisory. The agent cannot act outside the boundaries defined by its Soul, regardless of what the underlying model reasons.
How does Lancelot differ from LangGraph?
LangGraph defines how an agent works through graph-based state machines. Lancelot defines what an agent cannot do through constitutional constraints. LangGraph has no Soul, no Risk Tier, no Trust Ledger, no immutable receipt system, and no local PII scrubbing. Lancelot is governance-first: capability is progressively enabled on top of a constitutional foundation. For applications that touch production infrastructure, customer PII, or require compliance export (SOC 2, ISO 27001, GDPR), Lancelot provides architectural guarantees that LangGraph cannot.
How does Lancelot differ from CrewAI?
CrewAI assigns roles to orchestrate agent collaboration and defines how agents work together. Lancelot defines constitutional constraints on what any agent can do, regardless of its role. CrewAI has no constitutional governance, no risk-tiered pipeline, no Trust Ledger, and no immutable audit trail. Lancelot's Hive Agent Mesh enforces monotonic restriction: sub-agents can only be more restricted than their parent, never less. This makes Lancelot suitable for enterprise deployments requiring compliance, auditability, and behavioral guarantees.
Does Lancelot support SOC 2 and ISO 27001 compliance?
Yes. Lancelot includes a Compliance Export subsystem that generates one-click SOC 2 Type II, ISO 27001, and GDPR Article 30 reports directly from the immutable receipt DAG. Every action, approval, risk classification, and verification result is permanently recorded in structured receipts with chain integrity verification. The receipt trail is the compliance evidence.
What is the Trust Ledger?
The Trust Ledger is Lancelot's progressive trust graduation system. Rather than treating agents as binary (trusted or untrusted), the Trust Ledger tracks every action outcome. After 50 consecutive successes for a given capability, the system proposes a tier reduction, requiring less oversight for proven behavior. A single failure triggers instant revocation. Trust is earned slowly and lost immediately.
Does Lancelot protect against prompt injection?
Yes. Lancelot's Soul constraints are architecturally immune to prompt injection. The governance layer uses 16 banned pattern detectors, 10 regex detectors, homoglyph normalization, and zero-width character stripping at the input layer. Because the Soul is a versioned constitutional document that cannot be modified without owner approval, a prompt injection attack cannot alter behavioral boundaries at runtime.
What is the Universal Application Bridge (UAB)?
The Universal Application Bridge (UAB) gives AI agents framework-level control over desktop and server applications without APIs, plugins, or screen reading. It hooks directly into application frameworks (Chrome DevTools Protocol for Electron apps, COM Automation for Microsoft Office, UI Automation for Windows apps) to enumerate UI elements, read state, and execute actions on real controls. UAB supports 9+ UI frameworks, 61 action types, 17 native MCP tools, and includes a Spatial Map Engine for 2D spatial understanding of application interfaces.
How do I install Lancelot?
Run: npx create-lancelot. The installer performs a 13-point pre-flight check covering Node.js, Docker, disk space, RAM, GPU, network, ports, and permissions before installing anything. It guides you through selecting communication connectors (Gmail, Slack, Telegram) and AI providers (Anthropic, OpenAI, Google, xAI), then opens the War Room dashboard at localhost:8501. No manual configuration required.
Ready for Deployment

SECURE YOUR
INFRASTRUCTURE

One command. Thirteen pre-flight checks. Constitutional governance. Your PII stays local.

Request Access Star on GitHub
Deployment confirmed // Security: Governed // Architecture: Sovereign