I spent three years building this on consumer hardware because I needed
  to run AI agents against real client data and couldn't find anything that
  actually enforced boundaries at the action level.

  Every agent starts at QUARANTINE. Five trust tiers: QUARANTINE → PROBATION
  → RESIDENT → CITIZEN → AGENT. Promotion is sequential and requires a human
  to authorize each step. Demotion is instant. An agent cannot change its own
  trust tier.

  Every action runs through an 8-step governance pipeline. Every decision is
  written to a SHA-256 hash-chained audit trail. One API call kills any agent
  instantly — suspended until a human reinstates it.

  746 tests passing. 51 SOC 2 controls documented. HIPAA, HITRUST, CJIS,
  GDPR, PCI DSS, ABA Model Rules all mapped to source files and passing tests.

  Apache 2.0. Runs on a Raspberry Pi or a cloud VM. No subscription. No data
  leaves your hardware.

  Live demo on HuggingFace — actual governance decisions, not a simulation:
  https://huggingface.co/spaces/QuietFireAI/TelsonBase