Agent Compiler

A copied prompt remains tied to one provider and has no review boundary. A compiled agent gains a canonical model, an orchestration graph, a fidelity report, catalog dedupe, security scanning, cross-provider rendering, and an auditable governance state.

Run the dry mode from a repository root. It scans .claude/agents/*.md and .github/agents/*.agent.md, assembles related agents into bundles, redacts detected secrets, and prints the batch and fidelity plan. It does not require authentication and sends nothing.

Connect the machine, ensure the repository resolves to the intended workspace, then import. Clean agents enter Pending; agents with unresolved security threats enter Quarantined.

Open Agent Compiler in the dashboard. Review provenance, provider origin, orchestration role, dedupe matches, fidelity notes, canonical instructions, and any security findings before making a decision.

Blessing persists the governed bundle and sends the neutral representation through the same production renderer used by first-party agents. Provider-native Claude Code and GitHub Copilot files are emitted from that one source.

Rendered Claude Code configuration includes the local nepopsx guard PreToolUse hook. The guard evaluates tool calls against built-in safety rules and .nepopsx/policy.json without a network request on the hot path. Explicit matches are denied; guard failures soft-fail so the session is never crashed by the policy engine itself.