atlasbridge 1.10.0

Policy-driven autonomous runtime for AI CLI agents — deterministic rule evaluation, built-in human escalation

v1.1 — Local Governance Runtime for AI CLI Agents

---

AtlasBridge is a deterministic, policy-governed runtime that allows AI CLI agents to operate autonomously within defined boundaries. Humans define the rules. AtlasBridge enforces them.

Instead of manually approving every prompt, AtlasBridge evaluates each decision against a strict Policy DSL and executes only what is explicitly permitted. When uncertainty, ambiguity, or high-impact actions arise, AtlasBridge escalates safely to a human.

Autonomy first. Human override when required.

---

What AtlasBridge Is

AtlasBridge is an autonomous execution layer that sits between you and your AI developer agents.

It provides:

• Policy-driven prompt responses
• Deterministic rule evaluation
• Autonomous workflow execution (plan → execute → fix → PR → merge)
• CI-enforced merge gating
• Built-in human escalation
• Structured audit logs and decision traces

AtlasBridge is not a wrapper around a CLI tool. It is a runtime that governs how AI agents execute.

---

How It Works

1. An AI CLI agent emits a prompt or reaches a decision boundary.
2. AtlasBridge classifies the prompt (type + confidence).
3. The Policy DSL is evaluated deterministically.
4. If a rule matches:
   • The action is executed automatically.
5. If no rule matches or confidence is low:
   • The prompt is escalated to a human.
6. Execution resumes.

Every decision is logged, traceable, and idempotent.

---

Autonomy Modes

AtlasBridge supports three operating modes:

Off

All prompts are routed to a human. No automatic decisions.

Assist

AtlasBridge automatically handles explicitly allowed prompts. All others are escalated.

Full

AtlasBridge automatically executes permitted prompts and workflows. No-match, low-confidence, or high-impact actions are escalated safely.

Full autonomy never means uncontrolled execution. Policy always defines the boundary.

---

Human Escalation (Built-In)

Whenever your agent pauses and requires human input — approval, confirmation, a choice, or clarification — AtlasBridge forwards that prompt to your phone.

You respond from Telegram or Slack. AtlasBridge relays your decision back to the CLI. Execution resumes.

Human intervention is always available when policy requires it.

---

Dashboard

AtlasBridge includes a web dashboard for managing everything from your browser.

atlasbridge dashboard start

The dashboard provides:

• Overview — system status, activity feed, autonomy mode control
• Sessions — start, pause, resume, and stop AI agent sessions
• Chat — real-time conversation view with pending prompt replies
• Audit — searchable decision history with JSON/CSV export
• Repositories — connect and scan code repos for vulnerabilities
• Evidence — governance score, evidence bundles, compliance export
• Integrity — verify system components haven't been tampered with
• Settings — policy management with one-click presets, rule toggles, and prompt testing

See the User Guide for a complete walkthrough of every page.

---

Safety by Design

AtlasBridge is built around strict invariants:

• No freestyle decisions
• No bypassing CI checks
• No merging unless all required checks pass
• No force-pushing protected branches
• Default-safe escalation on uncertainty
• Append-only audit log for every decision

Autonomy is powerful — but bounded, deterministic, and reviewable.

---

Install

pip install atlasbridge

# With Slack support:
pip install "atlasbridge[slack]"

Requires Python 3.11+. Works on macOS and Linux.

Update

# Upgrade to latest version:
pip install --upgrade atlasbridge

# Check current version:
atlasbridge version

AtlasBridge automatically checks for updates and shows a notice in the CLI, dashboard, and console when a new version is available. Your config, tokens, and database are preserved across upgrades. See docs/upgrade.md for details.

---

Quick Start — Fastest Path (Telegram)

1. Install

pip install atlasbridge

2. Set up Telegram

atlasbridge setup --channel telegram

You'll be prompted for:

• Bot token — get one from @BotFather
• Your user ID — get it from @userinfobot

3. Start the bot chat

Open Telegram, find your bot, and send /start. This is required — Telegram bots cannot message you until you initiate the conversation.

4. Verify setup

atlasbridge doctor

Confirms config is loaded, channel is reachable, and your bot can send you messages.

5. Run your AI agent

atlasbridge run claude

AtlasBridge wraps Claude Code in a PTY supervisor. When it detects a prompt waiting for input, it forwards the prompt to your phone. You reply from Telegram. AtlasBridge injects your answer into the CLI. Execution resumes.

6. Enable autopilot (optional)

Create a policy file to tell AtlasBridge which prompts to handle automatically:

# ~/.atlasbridge/policy.yaml
policy_version: "0"
name: my-policy
autonomy_mode: full

rules:
  - id: auto-approve-yes-no
    description: Auto-reply 'y' to yes/no prompts
    match:
      prompt_type: [yes_no]
      min_confidence: medium
    action:
      type: auto_reply
      value: "y"

  - id: auto-confirm-enter
    description: Auto-press Enter on confirmation prompts
    match:
      prompt_type: [confirm_enter]
    action:
      type: auto_reply
      value: "\n"

defaults:
  no_match: require_human
  low_confidence: require_human

Then enable it:

atlasbridge autopilot enable
atlasbridge autopilot mode full      # or: assist, off

Validate and test your policy before going live:

atlasbridge policy validate policy.yaml
atlasbridge policy test policy.yaml --prompt "Continue? [y/n]" --type yes_no --explain

See Policy Authoring Guide for patterns and debugging.

7. Start the dashboard

atlasbridge dashboard start

Open http://localhost:41520 in your browser. The dashboard lets you manage everything visually — start sessions, manage policies, monitor decisions, and export evidence. See the User Guide for a full walkthrough of every page.

Alternative setup paths

Interactive TUI — run atlasbridge or atlasbridge ui to launch the terminal UI with guided setup, live status, sessions, logs, and doctor checks.

Slack — atlasbridge setup --channel slack (requires pip install "atlasbridge[slack]"). You'll need a Slack App with Socket Mode, a bot token (xoxb-*), and an app-level token (xapp-*).

Non-interactive (CI/Docker):

export ATLASBRIDGE_TELEGRAM_BOT_TOKEN="your-token"
export ATLASBRIDGE_TELEGRAM_ALLOWED_USERS="your-user-id"
atlasbridge setup --from-env

See Non-Interactive Setup Guide and Channel Token Setup Guide.

Useful commands

atlasbridge status                   # daemon + channel status
atlasbridge sessions                 # active and recent sessions
atlasbridge autopilot status         # autopilot state + recent decisions
atlasbridge autopilot explain        # last 20 decisions with explanations
atlasbridge pause                    # pause autopilot — all prompts go to you
atlasbridge resume                   # re-enable autopilot

You can also send /pause or /resume from Telegram or Slack.

---

Using AtlasBridge as an autonomous runtime

Running an agent under supervision

atlasbridge run claude          # wraps Claude Code in a PTY supervisor
atlasbridge run openai          # OpenAI Codex CLI
atlasbridge run gemini          # Google Gemini CLI
atlasbridge run custom -- cmd   # any interactive CLI

When the supervised agent pauses for input, AtlasBridge detects the prompt and forwards it to your phone via Telegram or Slack. The message includes the prompt text, session context, and expiry countdown.

Telegram: Yes/No and confirmation prompts show inline buttons ([Yes] [No], [Send Enter]). Multiple-choice prompts show numbered buttons. Free-text prompts accept any reply message.

Slack: Prompts appear as Block Kit messages with buttons for structured responses and a text input for free-form replies.

Your reply is injected into the CLI's stdin. Execution resumes.

Autopilot operating loop

Autopilot lets policy rules handle prompts automatically instead of routing every one to your phone.

atlasbridge autopilot enable              # start the autopilot engine
atlasbridge autopilot mode off            # all prompts → human (no automation)
atlasbridge autopilot mode assist         # policy suggests replies; you confirm or override
atlasbridge autopilot mode full           # policy auto-replies when a rule matches; no-match → human
atlasbridge autopilot disable             # stop the autopilot engine

• Off — every prompt goes to your phone. Use this when you want full control.
• Assist — the policy evaluates each prompt and suggests a reply. You confirm or override from your phone within the TTL window.
• Full — matching prompts are auto-handled. Prompts with no matching rule, low confidence, or an explicit require_human action are escalated to your phone.

In all modes, the defaults.no_match and defaults.low_confidence settings in your policy file control what happens when no rule matches. The safe default is require_human.

Observability

atlasbridge autopilot status              # current state, active policy, autonomy mode
atlasbridge autopilot explain             # last 20 decisions with rule, action, confidence
atlasbridge autopilot explain -n 50       # last 50 decisions
atlasbridge autopilot explain --json      # raw JSONL output for scripting

Every autopilot decision is recorded in a hash-chained decision trace (autopilot_decisions.jsonl in your config directory). Every prompt lifecycle event is recorded in the SQLite audit log (atlasbridge.db).

Run atlasbridge doctor to see your config directory path.

Safe rollout guidance

1. Start with Off. Run atlasbridge autopilot mode off and operate purely via your phone. Get comfortable with the prompt relay.
2. Move to Assist. Write a minimal policy (see config/policies/minimal.yaml) and switch to atlasbridge autopilot mode assist. Review suggestions before confirming.
3. Graduate to Full. Once your policy handles common prompts correctly, switch to atlasbridge autopilot mode full. Keep defaults.no_match: require_human so unexpected prompts still reach you.

Always validate and test your policy before going live:

atlasbridge policy validate policy.yaml
atlasbridge policy test policy.yaml --prompt "Continue? [y/n]" --type yes_no --explain

Next steps

• Policy Authoring Guide — write your first policy, patterns, debugging
• Policy DSL Reference — full schema, match fields, action types
• Autopilot Engine — engine architecture, decision trace, kill switch
• Troubleshooting — common issues and solutions
• Full Documentation Index — all docs organized by audience

---

How it works

1. atlasbridge run claude wraps your AI CLI in a PTY supervisor
2. The tri-signal prompt detector watches the output stream
3. When a prompt is detected:
   • Autopilot off — prompt is forwarded to Telegram/Slack; you reply from your phone
   • Autopilot assist — policy suggests a reply; you confirm or override from your phone
   • Autopilot full — policy auto-replies if a rule matches; unmatched prompts escalate to your phone
4. AtlasBridge injects the answer (yours or the policy's) into the CLI's stdin
5. Every decision is recorded in an append-only audit log

---

Supported Agents

Agent	Command	Notes
Claude Code	atlasbridge run claude-code	claude is an alias
OpenAI Codex CLI	atlasbridge run openai
Google Gemini CLI	atlasbridge run gemini
Any interactive CLI	atlasbridge run custom -- <cmd>	Generic PTY wrapper

Run atlasbridge adapters to see all registered adapters and their status.

---

Supported Channels

Channel	Install	Status
Telegram	pip install atlasbridge	Stable
Slack	pip install "atlasbridge[slack]"	Stable

Not getting Telegram notifications? Make sure you sent /start to your bot in Telegram. Bots cannot message you until you initiate the conversation. Also check that notifications are unmuted for the bot chat in your Telegram app settings.

---

Changelog

See CHANGELOG.md for the full version history, or GitHub Releases for release notes and assets.

---

Editions

AtlasBridge ships two editions, both open source (MIT license):

• Core — policy engine, PTY supervisor, prompt detection, channel relay, audit log, local dashboard (sessions + settings). Fully functional. The default.
• Extended — everything in Core plus decision trace browsing, integrity verification, session export, capability views, and extended settings.

Feature	Available
Policy DSL v1	Yes
Autopilot engine	Yes
Hash-chained audit log	Yes
Dashboard (sessions, traces, settings)	Yes
Deterministic risk classifier	Yes
Decision trace browsing	Yes
Integrity verification	Yes
Session export (JSON/HTML)	Yes
Decision evidence export	Yes
Decision score + bundle manifest	Yes

Key principles:

• Execution stays local. The AI CLI agent always runs on your machine.
• Deterministic, not heuristic. Risk classification uses a fixed decision table. No ML. No guesswork.
• Offline-first. The runtime works without any network dependency.

atlasbridge dashboard start

The dashboard includes a Decision Evidence page for exporting verifiable audit artefacts (decisions, escalations, integrity report, policy snapshot) as JSON, CSV, or a hash-verified bundle. See docs/governance-evidence.md for details.

---

Versioning and Support

AtlasBridge follows Semantic Versioning. All 8 contract surfaces (Adapter API, Channel API, Policy DSL, CLI, Dashboard, Console, Audit, Config) are frozen and enforced by safety tests in CI. See versioning-policy.md.

Invariants — these hold at all times:

• All execution happens on your machine
• No remote execution control
• Read-only dashboard (localhost-only by default)
• Deterministic policy evaluation before every injection
• Append-only, hash-chained audit log

Future roadmap includes additional dashboard features and extended capabilities — but v1.0 is strictly local-first.

Status

See CHANGELOG.md for full version history.

Milestone	Status	Highlights
v0.1–v0.3	Released	Architecture, macOS MVP, Linux + systemd
v0.4	Released	Slack channel, MultiChannel, renamed to AtlasBridge
v0.5	Released	Interactive terminal UI, setup wizard, doctor
v0.6	Released	Policy DSL v0, autopilot engine, kill switch
v0.7.x	Released	Per-rule rate limits, hot-reload, adapter auto-registration
v0.8.x	Released	Zero-touch setup, Policy DSL v1, extended edition scaffolding
v0.9.0	Released	Contract freeze — 8 frozen surfaces, 155 safety tests
v0.9.1–v0.9.3	Released	Local dashboard MVP, hardening, remote-ready UX
v0.9.4	Released	Platform automation — CI hardening, release pipeline
v0.9.5	Released	Operator console — atlasbridge console process management TUI
v0.9.6	Released	GA hard freeze, release pipeline, project automation, 1336 tests
v0.9.7	Released	Sprint S1 — mypy strict, audit rotation, circuit breaker, cloud spec extraction
v0.9.8	Released	Conversation UX v2 — interaction pipeline, ML classifier protocol, session binding, output router
v0.9.9	Released	Chat mode UX — per-plan escalation, folder trust detection, no more "arrow keys" messages
v0.10.0	Released	Full conversational agent mode — streaming state, plan detection, secret redaction
v1.6.2	Released	Formal edition contract — router separation, CapabilitySpec enrichment, 41 new enforcement tests
v1.6.3	Released	Decision Evidence page — real sessions, 36 vitest tests, unified dashboard (one audience), governance-evidence.md
v1.6.4	Released	Operator write actions — kill switch, autonomy mode, CSRF, rate limiting, audit log, 15 vitest tests
v1.9.0	Released	Dashboard-first CLI, remove Telegram/Slack, operator directives, live polling, evidence bundles, monitor daemons
v1.8.0	Released	Auth integration, CVE lookups (OSV.dev + GitHub Advisory), cloud scanning (remote/container/IaC), evidence ZIP bundles
v1.7.2	Released	Real repository scanning — live API-based scanning across GitHub, GitLab, Bitbucket, Azure DevOps with actionable remediation
v1.7.1	Released	Public messaging cleanup — neutralise compliance frameworks, rename Enterprise to Extended, remove marketing language
v1.7.0	Released	Dashboard session lifecycle — pause/resume/stop from browser, chat prompt relay, channels optional, custom adapter fallback
v1.6.7	Released	Dashboard Settings consolidation — Channels tab (Telegram/Slack setup), Providers + Workspaces moved into Settings, channel remove CLI
v1.6.6	Released	Dashboard-first sessions — workspace trust, provider key management, session start/stop, phone-first gate messages, 232 new tests
v1.6.5	Released	P0 hardening sprint — 24 audit attack tests, dashboard payload limits + content-type, deployment profiles, threat model v1.6.x, audit export spec, role separation
v1.6.1	Released	Security fix — terminal sandbox, loopback-only WebSocket guard
v1.6.0	Released	Dashboard edition split — Core/Extended editions, badge system, capability-gated routes
v1.5.0	Released	Q1 Foundations — remove tui/, simplify CLI, doctor LLM check, keyring-first, audit export, environment tagging
v1.4.1	Released	Flatten assets directory, remove unused placeholders
v1.4.0	Released	Direct LLM chat mode — talk to Claude/GPT-4o/Gemini via Telegram with policy-governed tool use
v1.3.2	Released	Fix trust prompt detection — Unicode bullet handling in detector and choice extractor
v1.3.1	Released	Fix "Agent is busy" gate race, accept natural text replies, phone-first prompt UX
v1.3.0	Released	Automatic update check across CLI, dashboard, and console
v1.2.1	Released	Fix FOLDER_TRUST normalization, dashboard path, favicon
v1.2.0	Released	Fix trust prompt reply semantics, choices fallback, expanded synonyms
v1.1.9	Released	Version bump release
v1.1.8	Released	Fix "Agent is busy" rejection on valid Telegram replies, session status authority
v1.1.7	Released	Fix "No active session" Telegram reply bug, auto-stop daemon on run
v1.1.6	Released	GA core runtime — risk classification, policy explain, session replay, Telegram dedup
v1.1.5	Released	Phone-first trust prompt relay, free-text reply binding
v1.1.0–v1.1.4	Released	Node.js/React dashboard, bundled pip package, port fixes
v1.0.1	Released	Prompt spam dedup fix, GA-stable
v1.0.0	Released	GA — stable APIs, 2005 tests, 8 frozen contract surfaces

---

Documentation

See docs/README.md for the full documentation index.

Key starting points:

Document	What it covers
User Guide	Complete walkthrough — install to daily use, every dashboard page explained
channel-token-setup.md	Step-by-step Telegram and Slack token setup
policy-authoring.md	Policy authoring guide — quick start, patterns, debugging
autonomy-modes.md	Off / Assist / Full mode specs
dashboard.md	Dashboard deployment — SSH tunnel, reverse proxy, remote access
troubleshooting.md	Common issues and solutions
architecture.md	System design, data flow, invariants

---

Repository structure

src/atlasbridge/
  core/
    prompt/     — detector, state machine, models
    session/    — session manager and lifecycle
    routing/    — prompt router (events → channel, replies → PTY)
    store/      — SQLite database
    audit/      — append-only audit log with hash chaining
    daemon/     — daemon manager (orchestrates all subsystems)
    policy/     — Policy DSL v0/v1: model, parser, evaluator, explain
    autopilot/  — AutopilotEngine, kill switch, decision trace
  os/tty/       — PTY supervisors (macOS, Linux)
  os/systemd/   — Linux systemd user service integration
  adapters/     — CLI tool adapters (Claude Code, OpenAI CLI, Gemini CLI)
  channels/     — notification channels (Telegram, Slack, MultiChannel)
  enterprise/   — extended edition features (local risk, RBAC, trace v2)
  cli/          — Click CLI entry point and subcommands
tests/
  unit/         — pure unit tests (no I/O)
  policy/       — policy model, parser, evaluator tests + fixtures
  integration/  — SQLite + mocked HTTP
  prompt_lab/   — deterministic QA scenario runner
    scenarios/  — QA-001 through QA-023 scenario implementations
  safety/       — ethics & safety invariant tests (CI-gated)
docs/           — design documents (see docs/README.md for index)
config/
  policy.example.yaml     — annotated full-featured example policy
  policy.schema.json      — JSON Schema for IDE validation
  policies/               — ready-to-use policy presets
    minimal.yaml          — safe start: only Enter confirmations auto-handled
    assist-mode.yaml      — assist mode with common automation rules
    full-mode-safe.yaml   — full mode with deny guards for dangerous operations
    pr-remediation-dependabot.yaml  — auto-approve Dependabot PR prompts
    escalation-only.yaml  — all prompts routed to human (no automation)

---

Core invariants

AtlasBridge enforces the following invariants regardless of channel, adapter, or concurrency:

1. No duplicate injection — nonce idempotency via atomic SQL guard
2. No expired injection — TTL enforced in the database WHERE clause
3. No cross-session injection — prompt_id + session_id binding checked
4. No unauthorised injection — allowlisted identities only
5. No echo loops — 500ms suppression window after every injection
6. No lost prompts — daemon restart reloads pending prompts from SQLite
7. Bounded memory — rolling 4096-byte buffer, never unbounded growth

---

Development

# Install in editable mode with dev dependencies
pip install -e ".[dev]"

# Run tests
pytest tests/ -q

# Run a Prompt Lab scenario
atlasbridge lab run partial-line-prompt

# Lint and format
ruff check . && ruff format --check .

# Type check
mypy src/atlasbridge/

# Full CI equivalent (local)
ruff check . && ruff format --check . && mypy src/atlasbridge/ && pytest tests/ --cov=atlasbridge

---

Troubleshooting

Wrong binary or version?

atlasbridge version --verbose

Shows the exact install path, config path, Python version, and platform.

atlasbridge: command not found after pip install

Ensure your Python scripts directory is on PATH:

python3 -m site --user-scripts   # shows user scripts dir
# or for venv:
which atlasbridge

Config not found

atlasbridge doctor

Shows where AtlasBridge expects its config file. Run atlasbridge setup to create it.

Telegram: "chat not found" or bot not sending messages

Your bot cannot message you until you open the bot chat in Telegram and send /start. This is a Telegram requirement, not an AtlasBridge limitation.

Telegram: 409 Conflict error

Another AtlasBridge instance (or poller) is already running. Stop it first:

atlasbridge stop

Ensure only one instance is running at a time.

Upgrading from Aegis?

AtlasBridge automatically migrates ~/.aegis/config.toml on first run. Your tokens and settings are preserved.

See docs/troubleshooting.md for more solutions.

---

Contributing

See CONTRIBUTING.md. All contributions require:

• Existing tests to remain green
• New code to have unit tests
• Prompt Lab scenarios for any PTY/detection changes

---

License

MIT — see LICENSE.