Agent Run Config
Portable, governed AI agents.
AgentRC is an open specification for declaring, packaging, securing, and sharing AI agents. It defines the contract an agent declares; compatible runners decide how to execute it.
```dockerfile
# syntax=agentrc.agentfile/v0.1
AGENT code-reviewer
CMD claude --print
TOOL utci:file_read
TOOL utci:shell
MOUNT /workspace rw
SECRET github_token env:GITHUB_TOKEN
AUDIT all
POLICY
permit(
principal == AgentRC::Agent::"code-reviewer",
action == AgentRC::Action::"tool.invoke",
resource == AgentRC::Tool::"file_read"
);
END
```
Not a runtime
AgentRC does not implement containers, microVMs, cloud sandboxes, or model loops. It declares what must be true before a runner executes an agent.
Security by declaration
Tools, mounts, network egress, credentials, rate limits, and audit requirements are declared in a reviewable file and pinned into a package.
Registry-native
AgentRC packages are designed for OCI-compatible registries, so agents, bases, tools, policies, and skills can be shared like container images.
The separation AgentRC creates
| Concern | Defined by | Implemented by |
|---|---|---|
| Agent identity and entrypoint | Agentfile |
agent author |
| Tools, skills, functions, MCP servers | Agentfile + lockfile |
package builder / runner |
| Security boundaries | policy and declarations | compatible runner |
| Packaging and sharing | AgentRC package profile | OCI registry |
| Execution substrate | runner profile | Docker, gVisor, Firecracker, cloud runners, local runners |
| Multi-agent workflow | future workflow profile | workflow engines |
Core claim: The Agentfile declares one agent. The lockfile pins dependencies. The package makes it portable. The policy makes boundaries reviewable. The registry makes it shareable. Compatible runners execute it.
Current draft
Working Draft 0.1
Agentfile
OCI package
Cedar profile
Runner conformance
Workflow draft
The project is ready to publish as a standards-style repository: specification first, reference tooling second.