What LACP is (by harness definition)

LACP is an agent harness with control-plane governance:

• Harness layer: tasks, verification contracts, evidence manifests, replayable run loops
• Control-plane layer: risk tiers, budget gates, context/session contracts, approvals, provenance

This keeps the core value clear: not just generating output, but producing auditable, policy-compliant outcomes.

Quick Start

Install

# Homebrew (recommended)
brew tap 0xNyk/lacp && brew install lacp

# or cURL bootstrap
curl -fsSL https://raw.githubusercontent.com/0xNyk/lacp/main/install.sh | bash

Bootstrap & Verify

lacp bootstrap-system --profile starter --with-verify
lacp doctor --json | jq '.ok,.summary'

After bootstrap: .env is created, dependencies installed, directories scaffolded, Obsidian vault wired, and verification artifacts produced.

For the full setup and daily operator flow, start with the Runbook and Local Dev Loop.

First Gated Command

# Route a task through LACP policy gates
lacp run --task "hello world" --repo-trust trusted -- echo "LACP is working"

# Make claude/codex/hermes default to LACP routing (reversible)
lacp adopt-local --json | jq

Why teams adopt LACP

• Predictable execution: every run passes through deterministic policy and budget gates.
• Auditability by default: artifacts, provenance, and verification logs are first-class outputs.
• Local-first security posture: remote execution is opt-in and secrets stay environment-scoped.
• Multi-agent without chaos: worktree/session isolation keeps parallel runs reproducible.

Use-case recipes

1) Harden local agent usage in under 5 minutes

lacp bootstrap-system --profile starter --with-verify
lacp adopt-local --json | jq
lacp posture --strict

2) Run one risky command with explicit policy controls

lacp run \
  --task "dependency update with tests" \
  --repo-trust trusted \
  --context-profile default \
  -- pnpm up && pnpm test

3) Generate PR-ready evidence before opening a PR

lacp e2e smoke --workdir . --init-template --command "npx playwright test --grep @smoke"
lacp api-e2e smoke --workdir . --init-template --command "npx schemathesis run --checks all"
lacp pr-preflight --changed-files ./changed-files.txt --checks-json ./checks.json

4) Run parallel agents safely on isolated worktrees

lacp worktree create --repo-root . --name feature-a --base HEAD
lacp up --session feature-a --instances 3 --command "claude"
lacp swarm launch --manifest ./swarm.json

Documentation

| Guide | What You'll Learn | |-------|-------------------| | Runbook | Daily operator workflow, command map, troubleshooting entry points | | Local Dev Loop | Fast build/test/verify loop for contributors | | Framework Scope | What LACP is, what it is not, and design boundaries | | Implementation Path | Step-by-step rollout plan for full harness adoption | | Memory Quality Workflow | How memory ingestion, expansion, and validation are run safely | | Incident Response | Triage and recovery flow when policy gates fail | | Release Checklist | Pre-release, release, and post-release controls | | Troubleshooting | Common errors, doctor diagnostics, fix hints |

Project health files

• CONTRIBUTING.md — contribution and PR expectations
• SECURITY.md — vulnerability disclosure process
• CHANGELOG.md — release history
• LICENSE — MIT

Architecture

lacp/
├── bin/                    # CLI commands (lacp <command>)
│   ├── lacp                # Top-level dispatcher
│   ├── lacp-bootstrap-system
│   ├── lacp-doctor         # Diagnostics (--json, --fix-hints)
│   ├── lacp-route          # Policy-driven tier/provider routing
│   ├── lacp-sandbox-run    # Gated execution with artifact logging
│   ├── lacp-brain-*        # Memory stack (ingest, expand, doctor, stack)
│   ├── lacp-obsidian       # Vault config management
│   ├── lacp-up             # Multi-instance agent sessions
│   ├── lacp-swarm          # Batch orchestration
│   └── lacp-claude-hooks   # Hook profile management
├── config/
│   ├── sandbox-policy.json     # Routing + cost ceilings
│   ├── risk-policy-contract.json
│   ├── obsidian/               # Vault manifest + optimization profiles
│   └── harness/                # Task schemas, sandbox profiles, verification policies
├── hooks/                  # Python hook pipeline for Claude Code
├── scripts/
│   ├── ci/                 # Test suites
│   └── runners/            # Daytona/E2B execution adapters
└── docs/                   # Guides and reference docs

Control Flow

Agent invocation
  → lacp route (risk tier + provider selection)
    → context contract validation
      → budget gate check
        → session fingerprint verification
          → sandbox-run (dispatch + artifact logging)

Features

Policy-Gated Execution

Every command routes through risk tiers (safe → review → critical), budget ceilings per tier, and context contracts that validate host, working directory, git branch, and remote targets before execution.

5-Layer Memory Stack

| Layer | Purpose | |-------|---------| | Session memory | Per-project scaffolding under ~/.claude/projects/ | | Knowledge graph | Obsidian vault with MCP wiring (smart-connections, QMD, ori-mnemos) | | Ingestion pipeline | brain-ingest converts text/audio/video/URLs into structured notes | | Code intelligence | GitNexus AST-level knowledge graph via MCP (optional) | | Agent identity | Persistent IDs per (hostname, project) + SHA-256 hash-chained provenance |

lacp brain-stack init --json | jq          # Bootstrap all layers
lacp brain-ingest --url "https://..." --apply --json | jq
lacp brain-expand --apply --json | jq      # Full expansion loop

Hook Pipeline for Claude Code

Modular Python hooks enforcing quality at every session stage:

| Hook | Event | Purpose | |------|-------|---------| | session_start.py | SessionStart | Git context injection, test command caching | | pretool_guard.py | PreToolUse | Block dangerous operations (publish, chmod 777, fork bombs, secrets) | | write_validate.py | PostToolUse | YAML frontmatter schema validation | | stop_quality_gate.py | Stop | 3-tier eval: heuristics, test verification, local LLM rationalization detection |

Profiles: `minima