Getting started

Get your first agent governed in 5 minutes

IRIS governs what runs — not what deploys. Start with a five-minute compliance scan, then discover agents, define policy, and guard every call. Everything runs locally.

Step 0 — First five minutes

Scan what you're building

Offline, zero network — see which regulations apply to your codebase before you register a single agent.

pip install iris-security-cli
iris compliance scan

IRIS detects AI providers, frameworks, models, and sensitive data patterns, then maps applicable frameworks with triggered_by reasoning and top recommended actions. See Compliance Intelligence for the full loop. Add --push after iris cloud connect for continuous monitoring in IRIS Cloud.

Step 1

Install

Requires Python 3.10+.

pip install iris-security-sdk iris-security-cli
iris quickstart
Step 2 — Discover

Find what's running ungoverned

iris scan --discover --dir .
Step 3 — Inventory

Register your agent

iris register \
  --name my-agent \
  --owner you@company.com \
  --team my-team \
  --compliance colorado-ai-act \
  --high-risk
Step 4

Run a compliance check

iris compliance check --framework colorado-ai-act
Step 5 — Define

Write policy in plain English

Edit governance/agents/my-agent/policy-intent.md

This agent reads customer support tickets and suggests responses.
It must never access payment data.
It must never write to any external system without user consent.
All data must stay in US regions only.
Step 6

Compile to Cedar

export ANTHROPIC_API_KEY=your-key
iris policy compile --agent my-agent --dry-run
iris policy diff --agent my-agent
iris policy commit --agent my-agent

Use iris policy status --agent my-agent any time to see whether policy is bound and current.

Step 7 — Guard

Enforce in your agent code

from iris_anthropic import IrisAnthropic
client = IrisAnthropic(passport=passport)

See Runtime Enforcement for full examples.

Step 8

Verify compliance

iris compliance check --framework colorado-ai-act
iris list
iris status
iris evidence query --decision deny
iris witness --agent my-agent

iris list inventories your fleet. iris status shows compliance scores and next actions. iris evidence query filters vault events to what needs attention. iris witness streams live policy decisions as your agent runs.

Step 9

Record CI evidence (optional)

Add this to your GitHub Actions, GitLab, or Jenkins pipeline so every run writes a signed evidence event — even when the gate fails.

iris evidence record-cicd \
  --system github_actions \
  --run-id "$GITHUB_RUN_ID" \
  --outcome success

Templates for GitHub Actions, GitLab, Jenkins, Terraform, and ArgoCD: Evidence Vault → CI/CD.

Go deeper

Need help?

Become a design partner — try IRIS and help shape what ships.