Set Up I/O and Compliance Metadata¶

Before certifying or compiling your agent, it's important to define basic operating policies. Dokugent supports two optional but recommended metadata files:

I/O Rules (.dokugent/data/io/)¶

Use io/ to define:

• protocols: what formats the agent is allowed to generate (e.g. ["markdown", "text/plain"])
• outputs: expected filenames or file types
• allowExternalFiles: whether the agent can include attachments
• requireApproval: if human approval is required before output
• denylist: disallowed formats (e.g. ["html", "javascript"])

Think of this as your agent’s output policy — what it’s allowed to create and how tightly controlled those outputs should be.

Compliance Metadata (.dokugent/data/compliance/)¶

Use compliance/ to define:

• contact: name and email of the responsible human
• dataRetention: how long logs or content are kept
• dataSensitivity: any sensitive fields handled (e.g. ["location"])
• legalBasis: e.g., "consent" or "contract"
• authorizedUsers: roles allowed to run or read outputs
• auditLogRef: a file that stores linked trace or cert audit history
• modelContextRef: references to an MCP or LLM config context

Together, these define your agent’s governance contract.

Are These Required?¶

No — they are not required to run preview, certify, or compile, but...

✅ They are strongly recommended for:

• Safety validation
• Audit logs
• Registry-based agent certification
• Organizational agent policies

Think of it like...¶

These two folders serve as your agent's Terms of Use and Operating Agreement. They don’t block agent creation, but they enforce responsible defaults when safety, compliance, or trust matters.