The problem

Once you have more than one autonomous coding agent working a repository, "be careful" stops being a strategy. You need written law: what an agent may do on its own, what must wait for a human, and what it may never touch — encoded somewhere the agents themselves cannot quietly rewrite.

What I built

A harness-neutral governance model that treats an agent fleet like a physiology, paired with a controller that runs it:

  • Germline vs soma. The charter, the policy, and the gates are germline — agents can propose changes to them only through a human-reviewed pull request, never by fiat. Everything else (the application, the docs they learn into) is soma, which the fleet may evolve within the rules.
  • Tiered auto-merge by reversibility. The same idea interlock enforces: behaviour-neutral changes can flow; protected paths always stop for a human.
  • Shadow commissioning. Every new repository runs in shadow — the loop observes and proposes but nothing auto-merges — until it has been audited clean.
  • The master-loop controller. A "brain-stem" loop that senses repository, CI, and queue state, corrects the single largest deviation, dispatches a worker, and records what it did — one cycle at a time. It defends setpoints; it never writes application code or edits its own germline.
Two coupled loops around one charter — an outer delivery cycle wrapped by the inner master-loop, which senses, corrects, dispatches and records. Like a structure under active control: the outer loop carries the load, the inner loop holds the setpoint.

Outcome

The model is tool-neutral — the same charter runs under Claude Code, Cursor, or Codex via thin adapters — and it is what interlock's init --with-constitution scaffolds into a fresh repository in a single command.

Tech

Markdown charter + policy as the source of truth, a controller specification, and per-harness adapter bindings, all enforced in CI by the interlock gate.