AIToday

Agentrc: Open spec for portable, governed AI agents

Hacker News1d ago5 min read
Agentrc: Open spec for portable, governed AI agents

Key takeaway

Agentrc is an open specification that lets developers package AI agents like container images, with portable OCI artifacts that carry policy declarations and can run on any platform—local, cloud, or Kubernetes—without changes. The specification uses a Dockerfile-like syntax with agent-specific keywords (IDENTITY, CAPABILITY, SOP, POLICY) and enforces governance through Cedar's deny-by-default model, making agent boundaries reviewable and interoperable across cloud providers.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  • What happened

    A new open specification called Agentrc has been released, enabling developers to define AI agents using an Agentfile (similar to Dockerfile) that declares the agent's identity, capabilities, tools, and policy requirements in a single declarative format, then compile it into a portable OCI container artifact.

  • Why it matters

    The specification separates agent declaration from execution, allowing the same compiled artifact to run unchanged on local systems, AWS Bedrock, or Kubernetes without modification. Platform operators can review and enforce policies using Cedar's deny-by-default model, addressing governance and security concerns when deploying AI agents across different environments.

  • What to watch

    The project is published as a standards-style repository with specification first and reference tooling second, currently at Working Draft 0.1.0-draft.6. A CLI tool (agentrc) is available for macOS, Linux, and via Homebrew or Go, allowing developers to scaffold, validate, build, and test agents locally before shipping them.

FAQ

How do I get started with Agentrc?
Install the agentrc CLI binary via curl, Homebrew, or Go. Then use arc init to scaffold an Agentfile, arc lint to validate it, and arc build to compile it into a portable OCI artifact.
What makes Agentrc different from just using a container?
Agentrc adds agent-native declarations (IDENTITY, CAPABILITY, SOP, POLICY) and policy enforcement through Cedar. The build compiles these into OCI labels that platforms read to grant, narrow, or reject resource and model requests, enforcing least-privilege access by design.
Can I run the same agent on different platforms?
Yes. The arc build produces one OCI artifact with ai.agentrc.* labels. You can push it to any OCI registry once, then use arc run with different --backend flags (local, bedrock, kubernetes) to translate those labels into each platform's deploy format without rebuilding.

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →