5. Key Architecture¶

Dokugent is built as a modular, CLI-based governance layer that wraps around AI agents without needing to modify their internals. Its architecture is designed to provide strong guarantees about agent behavior before execution and traceable verification afterward.

Core Components¶

1. Plan Parser¶

Reads and validates the .doku/plan.md files, which define agent goals, allowed inputs, constraints, and expected outputs.

2. Criteria Validator¶

Cross-references the plan against a set of domain-specific criteria defined in .doku/criteria.md to ensure completeness, integrity, and minimal risk.

3. Trace Engine¶

Reads and renders the execution history of a certified agent, including inputs, outputs, metadata, and token-level transformations. Used for audits, signature verification, and runtime compliance tracing.

4. Certifier¶

Signs the agent plan using a user-generated public/private key pair. The signed .cert.json artifact can be validated at runtime to enforce compliance.

5. Reviewer¶

A local or remote auditor that checks for scope violations, file inconsistencies, and signature mismatches across all Doku files in a project.

Design Priorities¶

• CLI-first: Runs headlessly and integrates into existing dev/test/CI pipelines.
• Markdown/JSON-native: Uses .md and .json as canonical spec formats for both human readability and machine interoperability.
• Agent-agnostic: Compatible with any LLM agent (OpenAI, Claude, local models, etc.)
• Traceable by default: Every decision and signature is inspectable, not hidden in a black box.

By isolating trust boundaries before the agent runs—and cryptographically verifying them during runtime—Dokugent enforces a new level of rigor and reproducibility in agent workflows.