Railway Signal System for AI Agents — gate, guard, govern.
A lightweight control plane for agent output validation, pipeline orchestration, and semantic drift detection. Built on the principle that agents should be controlled, not trusted.
AI agents are powerful. They're also unreliable: they hallucinate, drift semantically, skip safety checks, and make unauthorized tool calls.
Existing frameworks (LangGraph, CrewAI, AutoGen) focus on making agents more capable. Nobody is focused on making them more controllable.
We model agent control after railway safety systems — the most reliable human-designed control infrastructure in existence.
┌─────────────────────────────────────────────────────────┐
│ RAILWAY SIGNAL SYSTEM │
├─────────────────────────────────────────────────────────┤
│ │
│ Control Tower (You) │
│ │ │
│ ┌────┴────┐ │
│ │ CLI │ ← Your control console │
│ └────┬────┘ │
│ │ │
│ ┌────┴──────────────────────────────────┐ │
│ │ GATE (Signal Lights) │ │
│ │ Pre-Gate → In-Gate → Post-Gate → Final│ │
│ └────┬──────────────────────────────────┘ │
│ │ │
│ ┌────┴────┐ │
│ │ AGENT │ ← The train. Runs on rails you define. │
│ │ (Train) │ Cannot choose its own track. │
│ └─────────┘ │
│ │
│ The train doesn't control the signals. │
│ The control tower does. │
│ │
└─────────────────────────────────────────────────────────┘
v4.2 — Production Ready
- Pure Interception: Gate blocks non-compliant outputs, logs reasons, suggests fixes
- Measurement Logging: Every interception logged with reason, station, timestamp
- Reminder Language: "Remind" instead of "punish" — interception is context injection for next turn
- Station Schemas: Output validation per pipeline station
- Auto-Dispatcher: Fully automated compliance engine (no manual triggers)
┌─────────────────────────────────────────────────────────┐
│ Agent Governance Framework │
├─────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────┐ ┌──────────────┐ │
│ │ Gate │ │ Dispatcher │ │
│ │ (v4.2) │ │ (Auto) │ │
│ └──────┬───────┘ └──────┬───────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌─────────────────────────────────────────────────┐ │
│ │ Rules Engine │ │
│ │ • Signal checks (encoding lines, panels) │ │
│ │ • Schema validation (per-station output) │ │
│ │ • Interception logging │ │
│ │ • Auto-remediation suggestions │ │
│ └─────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────┐ │
│ │ Agent │ ← Runs on rails you define │
│ │ (Train) │ Cannot choose its own track │
│ └──────────────┘ │
│ │
└─────────────────────────────────────────────────────────┘
git clone https://github.com/luts36/agent-governance-framework.git
cd agent-governance-framework
pip install -r requirements.txtfrom src.gate import pass_gate, get_interception_stats
# Check agent output
result = pass_gate(
"### 任务编码:R1-C2 → M3 | tag:review | gate:Y\n\nTask completed successfully.",
station="review"
)
if result.passed:
print("✅ Output compliant")
else:
print(f"❌ Blocked: {result.reason}")
print(f"💡 Fix: {result.fix_suggestion}")
# Get interception statistics
stats = get_interception_stats()
print(f"Total interceptions: {stats['total']}")The dispatcher runs automatically, consuming cron job outputs:
from src.dispatcher import Dispatcher
# Initialize dispatcher
dispatcher = Dispatcher()
# Process latest outputs
actions = dispatcher.process()
for action in actions:
print(f"Action: {action['type']} - {action['message']}")Pre-Gate → In-Gate → Post-Gate → Final
│ │ │ │
▼ ▼ ▼ ▼
Entry Tool Use Output Departure
Check Permission Schema Validation
| Check | Description | Block Condition |
|---|---|---|
| R0 | Encoding line present | Missing or malformed |
| R1 | Panel visible | Hidden or omitted |
| R2 | Station schema match | Fields mismatch |
| R3 | Interception logged | Repeat violation |
Every interception is logged to ~/.agent-governance/logs/gate-interceptions.jsonl:
{
"timestamp": "2026-05-30T14:30:00Z",
"station": "review",
"reason": "missing_encoding_line",
"input_hash": "abc123",
"fix_suggestion": "Add: ### 任务编码:R?-C? → M?"
}The dispatcher consumes outputs from 4 cron jobs and automatically:
- Compliance Scan: Checks agent behavior patterns
- Config Hash: Detects configuration drift
- TRCM Audit: Validates TRCM compliance
- Friend Log: Monitors interaction patterns
| Condition | Action |
|---|---|
| Compliance violation | Auto-encode + suggest roundtable |
| Config drift | Alert + rollback suggestion |
| TRCM non-compliance | Block + remediation |
| Pattern anomaly | Log + investigate |
# Rules file location
export AG_RULES_PATH=~/.agent-governance/rules.yaml
# Station schemas
export AG_SCHEMAS_PATH=~/.agent-governance/station-schemas.yaml
# Log directory
export AG_LOG_DIR=~/.agent-governance/logsrules:
R0:
pattern: "###\\s*任务编码[::].*→?\\s*M(?P<m>\\d)"
fix: "### 任务编码:R?-C? → M? | tag:<标签> | gate:Y/N"
R1:
require_panel: true
R2:
schemas_dir: "station-schemas/"This project is part of the AI Agent Governance ecosystem:
┌─────────────────────────────────────────────────────────┐
│ AI Agent Governance │
├─────────────────────────────────────────────────────────┤
│ │
│ agent-governance-framework unified-inertia-theory │
│ (Process Governance) (Cognitive Governance) │
│ │ │ │
│ │ │ │
│ ▼ ▼ │
│ ┌──────────────┐ ┌──────────────┐ │
│ │ Gate System │ │ Inertia │ │
│ │ • Signal │ │ • Detection │ │
│ │ • Schema │ │ • Measurement│ │
│ │ • Auto-fix │ │ • Correction │ │
│ └──────────────┘ └──────────────┘ │
│ │
│ "Did the agent follow "Is the agent stuck │
│ the process?" in a pattern?" │
│ │
└─────────────────────────────────────────────────────────┘
- unified-inertia-theory: Detect, measure, and correct AI Agent cognitive inertia
| Feature | LangGraph Guardrails | NeMo Guardrails | This Framework |
|---|---|---|---|
| Process enforcement | ❌ | ❌ | ✅ |
| Signal system | ❌ | ❌ | ✅ |
| Auto-dispatcher | ❌ | ❌ | ✅ |
| Schema validation | ❌ | ❌ | ✅ |
| Interception logging | ❌ | ❌ | ✅ |
| Auto-remediation | ❌ | ❌ | ✅ |
- AI Agent developers building reliable autonomous systems
- MLOps engineers monitoring agent behavior in production
- AI safety teams establishing behavioral standards
- Enterprise teams deploying agents in critical workflows
v4.2 — Stable, production-ready
MIT License — see LICENSE for details.
@software{agent_governance_framework,
title={Agent Governance Framework: Railway Signal System for AI Agents},
author={Agent Governance Framework Team},
year={2026},
url={https://github.com/luts36/agent-governance-framework}
}