Governed Autonomous System
Patent Pending

AI that operates under
constitutional governance.

Lancelot is a self-hosted autonomous AI system where every action is constrained by a constitutional Soul, classified by risk, verified after execution, and recorded in an immutable audit trail. Sensitive data is processed locally — your PII never touches the frontier model.

Install in One Command See the Architecture
terminal
$ |
0+ Governance Tests Passing
0 Pre-Flight System Checks
0 Integrated Subsystems
0 Risk Governance Tiers

Your PII never touches the frontier model. Period.

Lancelot ships with a local model that handles PII scrubbing and low-level functions on your machine. Sensitive data is processed locally by default, before any frontier model ever sees it. This isn't a configuration option — it's an architectural guarantee.

What is Lancelot?

Not a chatbot.
A governed system.

A Governed Autonomous System (GAS) that plans, executes, verifies, and recovers under explicit constitutional control. Every action produces an auditable receipt. If there is no receipt, it didn't happen.

Constitutional Governance

The Soul

Behavior is governed by a versioned constitutional document — immutable without owner approval, linted, validated, and immune to prompt injection or drift. If the Soul didn't allow it, Lancelot cannot do it. The Soul defines hard behavioral boundaries enforced at pre-execution, runtime, and post-execution stages.

v7 ACTIVE
destructive_actions_require_approval
no_silent_degradation
no_autonomous_irreversible
pii_never_leaves_perimeter
soul_ceiling_tiers_enforced

Risk-Tiered Governance

T0 → T3 Pipeline

Every action is classified into four risk tiers with proportional controls. 80% of actions pass through at near-zero overhead. Critical actions require full policy eval and owner approval.

T0HarmlessCache → Execute
T1LowPolicy → Async Verify
T2ModerateFull Eval → Sync Verify
T3CriticalEval → Approve → Verify

Progressive Trust

Trust Ledger

Capabilities earn autonomy through demonstrated competence. N consecutive successes propose tier reduction. A single failure triggers instant revocation. Trust is earned slowly and lost immediately.

50 consecutive successes → graduation proposal

Immutable Receipts

Ground Truth

Every action produces a structured receipt recording the governance chain — action, risk tier, Soul check, verification result, and rollback reference. If there's no receipt, it didn't happen.

SOUL_CHECK PASS
RISK_CLASSIFY T2
EXECUTE SUCCESS
VERIFY_SYNC VERIFIED

Governed Connector Proxy

External service connectors never make network calls directly. They produce request specifications that pass through an independent governance proxy — policy evaluation, risk classification, credential vault isolation, and audit logging. The agent never sees raw credentials.

Gmail
Slack
Calendar
Telegram
REST API
Teams
Discord
WhatsApp

Kill Switches

Dependency-Resolved Feature Flags

Every subsystem is independently toggleable with dependency-resolved feature flags. Disable any capability without breaking the system. Dependencies are enforced — if the Soul is off, everything downstream stops.

Crusader Mode

Governance Posture Transformation

One-click transformation between governed production mode and unrestricted development mode. Feature flags cascade with dependency resolution, overrides lock, the Soul switches to a posture-appropriate variant. Fully reversible.

Architecture

Twelve integrated subsystems.
Each kill-switchable.

Lancelot is composed of modular subsystems gated by dependency-resolved feature flags. Governance is the foundation — capability is progressively enabled, not the reverse.

Soul

Constitutional governance, versioned rules, posture-switchable variants

FEATURE_SOUL

Risk Pipeline

T0-T3 classification with proportional governance controls

FEATURE_RISK_TIERED

Trust Ledger

Progressive trust graduation with instant revocation on failure

FEATURE_TRUST_LEDGER

Governed Memory

Core, Working, Episodic, Archival — all edits atomic and auditable

FEATURE_MEMORY

Tool Fabric

Provider-agnostic execution with Docker sandbox and policy gating

FEATURE_TOOLS_FABRIC

Governed Connectors

Proxy-mediated external integration with credential vault isolation

FEATURE_CONNECTORS

Skill Security Pipeline

Six-stage security: manifest, static analysis, sandbox, enforce, approve, install

FEATURE_SKILLS

Approval Pattern Learning

Learns delegation habits, proposes automation rules, reduces approval fatigue

FEATURE_APL

Receipt System

Immutable audit trail — every action, every check, every outcome

FEATURE_RECEIPTS

Scheduler

Governance-aware cron and interval jobs with approval gates

FEATURE_SCHEDULER

Plan Artifact

Honest completion semantics — no simulated progress, verified outcomes only

FEATURE_PLAN_ARTIFACT

Heartbeat

Liveness and readiness probes with state transition receipts

FEATURE_HEALTH
The Autonomy Loop

Plan. Execute. Verify.
Every time. No exceptions.

1

Plan

Classify risk tier · Validate against Soul · Check Network Allowlist · Submit for approval if T3 · Check APL automation rules · Record in Plan Artifact

2

Execute

Route through Tool Fabric or Governed Connector Proxy · Credentials from encrypted Vault · Sandboxed if third-party skill

3

Verify

Sync verification (T2/T3) or async (T1) · Update Trust Ledger · Update APL data · Generate immutable receipt · Update Plan Artifact

Both success and failure paths produce receipts. Failures trigger Trust Ledger revocation and are surfaced to the operator — never silently swallowed.

Security

Safe by architecture.
Not by configuration.

The model is treated as untrusted logic inside a governed, observable, reversible system. Security is enforced through architecture — not prompt discipline or optional settings.

Local PII Scrubbing

Ships with a local model for sensitive data processing. PII is scrubbed before it ever reaches a frontier model. Not optional — architectural.

Encrypted Credential Vault

Credentials encrypted at rest, decrypted only by the proxy at execution time. Never exposed to the language model's context, memory, or logs.

Network Allowlist

Domain-level allowlist restricts all agent network access to explicitly approved domains. Defense-in-depth alongside other governance controls.

Six-Stage Skill Security

Third-party capabilities pass through manifest, static analysis, sandbox, enforcement, approval, and monitoring. Skills never access the network directly.

Prompt Injection Defense

16 banned patterns, 10 regex detectors, homoglyph normalization, zero-width character stripping. Soul constraints are immune to injection.

Network Allowlist
Governed Proxy
Policy Engine
Soul
Operator Interface

The War Room.
Mission control for your AI.

Every governance subsystem is visible, inspectable, and controllable through a unified mission-control dashboard. Real-time visibility into everything your agent does and why it was allowed to do it.

Command Center

Active tasks, conversation interface, defense status, agent stats, Crusader Mode toggle

📜

Soul Inspector

Active Soul version, constitutional constraints, autonomy posture, override indicators

📊

Governance Dashboard

Risk tier distribution, approval statistics, policy evaluation performance

🔍

Receipt Explorer

Searchable audit trail with subsystem filter, risk tier coding, and expandable details

📈

Trust Ledger

Capability tracking, graduation thresholds, revocation history, Soul ceiling enforcement

🧠

Approval Pattern Learning

Active automation rules, pattern detection, operator decision history, rule lifecycle

Get Started

One command.
Operational AI.

A 13-point pre-flight check verifies your system, guides dependency installation, configures your providers, and opens the War Room. No manual setup required.

install.sh 
# One command. That's it.
$ npx create-lancelot

# The installer handles everything:
✓ Node.js 18+ .............. found
✓ Docker CLI ............... found
✓ Docker running ........... ready
✓ Docker Compose v2 ........ found
✓ Git ...................... found
✓ Disk space ............... 42GB free
✓ RAM ...................... 16GB
ℹ GPU + VRAM ............... CPU mode (no GPU)
✓ Internet ................. connected
✓ Ports 8000/8080 .......... available
✓ Docker socket ............ accessible
✓ Write permissions ........ OK

# Select your comms connectors
  → Gmail, Slack, Telegram

# Choose your AI provider
  → Anthropic (Claude)
  → API Key: sk-ant-••••••••

✓ All systems operational
✓ War Room opening at localhost:8501

13-Point Pre-Flight

Checks dependencies, ports, disk, RAM, GPU, network, Docker, and permissions before installing anything.

Local Model Included

Ships with a local model for PII scrubbing and low-level functions. Sensitive data never leaves your machine.

Multi-Provider

Anthropic, OpenAI, Google. Four prioritized routing lanes. Save 75-90% on tokens with intelligent routing.

War Room Dashboard

Mission-control interface for real-time visibility into every subsystem, every decision, every receipt.

The Story

Built entirely with
Claude Code.

Lancelot was designed and built by a single architect using AI-assisted development through Anthropic's Claude Code — without writing any code manually. Every subsystem, every test, every governance primitive was generated from detailed architectural specifications and step-by-step blueprints.

This isn't a limitation. It's the point. The value is in the architectural thinking — the pattern recognition from hundreds of enterprise conversations that identified governance as the critical gap in AI agent adoption. The code is the expression of that insight, and AI-assisted development is how one person can build what would traditionally require a team.

The entire system is governed by the architecture you see documented here. 231 passing tests. 12 integrated subsystems. A provisional patent. And a one-command installer that gets you operational in minutes.

Architect
Myles Hamilton
Built With
Claude Code by Anthropic
Patent Status
Patent Pending (#63/982,183)
License
AGPL-3.0
Pricing

Governance is the moat.
Start free, scale with confidence.

The full governance engine is open source under AGPL-3.0. Commercial licensing available for organizations that need it.

Open Source

Free forever · AGPL-3.0

The complete governed autonomous system. Every subsystem, every governance primitive, every feature.

  • Constitutional Soul engine
  • Risk-tiered governance (T0-T3)
  • Trust Ledger + APL
  • Governed connectors + Credential Vault
  • Local PII scrubbing model
  • War Room dashboard
  • Community support
Get Started on GitHub
Coming Soon

Commercial License

Custom

For organizations that need to integrate Lancelot without AGPL obligations.

  • Everything in Open Source
  • Proprietary integration rights
  • Priority support
  • Security hardening profiles
  • SLA guarantees
Contact for Licensing

Ready to deploy AI
you can actually govern?

One command. Thirteen pre-flight checks. Constitutional governance. Your PII stays local.

Star on GitHub Read the Documentation