agentward-ai/agentward

Highlights

• Two new compliance frameworks for European regulated workloads: DORA (EU 2022/2554) and MiFID II / RTS 6 algorithmic-trading governance.
• Scan now suggests the right framework. agentward scan detects PHI, financial, trading, personal-data, and cardholder-data patterns and prints the exact agentward comply --framework <name> command to run.
• Auto-fix DSL extended. New set_chain_depth (only-tightens) and set_policy_flag (only-enables, allowlist-protected) fix types power the new framework auto-fixes.
• Relicensed Apache 2.0 → BUSL 1.1. Source remains public; the only newly-restricted use is hosting AgentWard as a paid managed service that competes with OpenSafe Inc. License automatically reverts to Apache 2.0 on 2028-04-24. See LICENSE-CHANGE.md.

DORA Framework (9 controls)

Maps AgentWard's existing technical controls to the operational provisions of DORA that are enforceable through agent tool-call policy:

| Article | Control | Severity |
|---|---|---|
| Art. 5 | ICT risk management — zero-trust default | REQUIRED |
| Art. 9 | Protection — write-capable service control | REQUIRED |
| Art. 10 | Detection — behavioral baseline | RECOMMENDED |
| Art. 17 | Incident management — audit trail | REQUIRED |
| Art. 17 | Incident detection — sensitive content | REQUIRED |
| Art. 28 | Third-party service register | REQUIRED |
| Art. 28 | Concentration risk — outbound control | REQUIRED |
| Art. 28 | Cascading risk — chain depth | RECOMMENDED |
| Art. 28 | Unregistered third-party surfacing | RECOMMENDED |

Run: agentward comply --framework dora --fix

MiFID II / RTS 6 Framework (10 controls)

Covers Article 17 algorithmic trading via Commission Delegated Regulation (EU) 2017/589 (RTS 6):

| RTS 6 Article | Control | Severity |
|---|---|---|
| Art. 1 | Documented governance — zero-trust default | REQUIRED |
| Art. 1 | Credential leak detection | REQUIRED |
| Art. 12 | Trading-skill access control | REQUIRED |
| Art. 13 | Pre-trade controls / kill switch | REQUIRED |
| Art. 13 | Outbound order routing | REQUIRED |
| Art. 14 | Real-time monitoring | RECOMMENDED |
| Art. 16 | Segregation of duties | REQUIRED |
| Art. 16 | Bounded inter-skill cascade | RECOMMENDED |
| Art. 18 | Trading data boundary | REQUIRED |
| Art. 28 | Record-keeping audit trail | REQUIRED |

Trading-skill detection via tokenized name matching plus FIX-protocol prefix; honors explicit data_boundaries classifications (trading, mifid, mifid2, rts6).

Run: agentward comply --framework mifid2 --fix

Scan compliance hints

When agentward scan detects relevant skill patterns, it appends a structured hint block to terminal, JSON, and markdown output. Example:

Compliance frameworks worth evaluating:
  → MiFID II / RTS 6 — 3 skill(s) match algorithmic-trading patterns (Art. 17 / RTS 6 scope).
    $ agentward comply --framework mifid2
  → DORA (EU 2022/2554) — 3 financial/trading skill(s) detected.
    $ agentward comply --framework dora

JSON output now embeds compliance_suggestions[].

License change

AgentWard moved from Apache License 2.0 to Business Source License 1.1. Internal production use, modification, redistribution, and embedding inside non-competing products remain freely permitted. The new restriction blocks one specific scenario: offering AgentWard as a hosted or embedded paid service that competes with OpenSafe Inc.'s commercial offering.

• Change Date: 2028-04-24
• Change License: Apache License 2.0 (every BUSL-licensed version automatically reverts on the Change Date)
• Existing commits remain Apache 2.0. Anyone who cloned before this release retains permanent Apache 2.0 rights to that code.
• Commercial license inquiries: [email protected]

Full rationale and FAQ: LICENSE-CHANGE.md.

Other changes

• Policy serializer now persists warn_unregistered, baseline_check, registry_check, deobfuscation, audit configuration, and baseline thresholds when non-default — so agentward comply --fix round-trips work.
• README expanded: comply step lists all six frameworks, CLI command table reorganized into four groups (lifecycle / inspection / supply chain / registry & baseline) with eight previously undocumented commands now documented, redundant capability-scoping section removed, Current Status section refreshed.
• Tests: 3,466 passing across 69 test files (added 99 new tests for DORA/MiFID II/scan-hints/fix-DSL).

Compliance framework lineup after this release

| Framework | Controls | Coverage |
|---|---:|---|
| HIPAA Security Rule | 8 | §164.312 + §164.308 |
| GDPR | 8 | Art. 5–32 personal-data |
| SOX §404 | 8 | Internal controls / financial reporting |
| PCI-DSS v4.0 | 8 | Req. 1–10 cardholder data |
| DORA (new) | 9 | Art. 5/9/10/17/28 |
| MiFID II / RTS 6 (new) | 10 | Art. 17 / RTS 6 algorithmic trading |

Install

pip install agentward

PyPI release should appear shortly via the automated publish workflow on tag push.

Honest scope notes

• Linux fully supported for the stdio MCP proxy and static scanning. HTTP gateway setup automation is still macOS-only (LaunchAgent plist patching).
• Approval workflow on Linux: without a Telegram bot configured, APPROVE decisions fail-deny. A native Linux web-based approval channel is on the roadmap, not in this release.
• CI does not yet gate on tests. The 3,466 tests exist; the publish workflow runs only on tag push and only builds + uploads.
• Compliance frameworks are a policy-layer evaluation primitive. They do not replace your firm's full regulatory program — they map a specific subset of obligations to controls AgentWard can verify against your tool-call policy.