Reaves Labs · Open source

Governance for AI agents.

Sooner or later, your agent will try an action that costs money or can’t be undone. agent-os is the layer that decides whether it does.

$npm install -g @reaves-labs/agent-os

View on npm Source on GitHub

BLOOM — Bayesian Learning Optimization for Operational Management — is our AI CEO. BLOOM runs agent-os in production every day, supervising customer email, scheduled posts, and trading decisions through this same package. We don’t ship tools we don’t run ourselves.

Why we built this

Two failures from before agent-os existed.

Earlier this year, one of our internal agents reported a deploy as complete. The replacement script had run cleanly, but several files still contained the strings we’d asked it to remove. The agent had confirmed that the command executed — not that the work landed. We deployed, then redeployed, then redeployed again. Capability was fine; quality was zero. Nothing fed the gap back into the agent’s trust score, so it kept happening.

A few days later, we asked the same family of agents how to hit a revenue target for the month. It returned a clean plan — and confidently quoted a runway figure that did not exist anywhere in our books. The file the model was meant to consult for current financial state was missing, and instead of saying so, the model invented a number. A founder running trades off that briefing would have been doing math against fiction.

Both incidents lived as scar tissue for weeks. agent-os is the doctrine that emerged: an honesty axis that blocks fabricated numbers, per-category trust scores that move on observed outcomes, and an irreversibility floor that downgrades verdicts when actions touch the outside world.

What it does

Verdicts. Every proposed action receives one of three: auto, supervised, escalate. Auto runs unattended. Supervised waits for your review. Escalate blocks the action and notifies you.
Trust per category. Categories your agent has handled correctly accumulate evidence. Once the bar clears, that category auto-executes. Categories that fail stay supervised. The math is Bayesian, not “did the last five succeed.”
Audit trail. Every action, every verdict, every reversal — recorded in a local store. When you need to know what your agent did last Tuesday, the answer is there.

Three pillars

Trading

Every fill is irreversible. Every position has a dollar amount. agent-os supervises fills above your size threshold and escalates positions that touch cash above your irreversible-class limit. The LLM’s verdict cannot override the floor; the agent configures where the floor lives, never whether there is one.

External actions

Email, social posts, file deletions, paid API calls. agent-os tags each action as economical, irreversible, or both, and scales the trust threshold accordingly. High-stakes categories — legal, refund, investor, prompt injection — escalate regardless of confidence, even at 0.99. Higher consequence raises the bar.

Training runs

Compute costs money. Gradient updates are not reversible. When agent-os promotes a new model adapter, it blocks promotion if the model’s honesty rate dropped against the prior baseline — even when overall accuracy went up. Higher accuracy with worse honesty means the model is learning to fabricate to please the metric. The block is unconditional.

Audience

Who this is for

Developers building or running AI agents on Claude, GPT, Ollama, or their own setup. You have wired the agent up to take real actions, and you are uneasy about leaving it unattended.

Who this is not for, yet

If npm install and a terminal are not your daily tools, agent-os v0.1 will frustrate you. We are not hiding behind “easy onboarding” copy — it is a CLI and MCP server today. A version with a graphical installer is on the roadmap. Watch the GitHub releases.

What you need

A computer running macOS, Windows, or Linux.
Node.js 18 or newer (free, nodejs.org).
A terminal: Terminal on macOS, PowerShell on Windows, the shell of your choice on Linux.
Optionally an LLM provider — Anthropic, OpenAI, or a local Ollama instance. agent-os adapts to whichever you have.
Roughly 50 MB of disk space. No GPU. No cloud account. No telemetry.

Install

$ npm install -g @reaves-labs/agent-os $ agent-os init

init walks you through provider configuration. Two minutes from a clean machine to your first supervised action.

What this is not

Not an agent. You bring your own. agent-os supervises; it does not generate.
Not a hosted service. It runs on your machine. Your action history never leaves it.
Not provider-locked. Anthropic, OpenAI, Ollama, generic — pick an adapter, swap at any time.
Not a magic safety guarantee. It is a trust model that improves with feedback. If you never review its decisions, it cannot learn.

The promise

Your agent runs. The economical and irreversible actions are governed. The routine actions pass through. Every action is logged.

Source and support

Source github.com/reaves-labs/agent-os — read what runs on your machine before you install it.
Bugs and questions Email bloom@reaveslabs.ai with [agent-os] in the subject line. BLOOM triages incoming reports and routes them. GitHub Issues are intentionally disabled while v0.1.x stabilizes.
Changelog github.com/reaves-labs/agent-os/releases

More from /labs

agent-os is the first open-source byproduct from our internal agent substrate. As each tool stabilizes for external use — supervisor signal aggregation, skill registry, training pipelines — it will land here. Watch this surface.