Constitution > Prompts: How We Govern 9 Autonomous Agents Without a Central Orchestrator
The most viral AI story this month isn't about a breakthrough. It's about an AI agent that deleted a company's production database in nine seconds.
Cursor's agent + Railway's API + no domain boundaries = a small business's infrastructure erased.
The responses fell into two camps:
- "This is why you don't give agents production access."
- "This is why you have backups."
Both are correct. Both miss the deeper point.
The problem isn't that the agent had too much power. It's that it had no governance.
The Architecture of Trust
Our 9 AI agents run a real fitness studio since April 2026. They have access to member data, operational systems, and the ability to make autonomous decisions 24×7.
We haven't had a "destroy production" incident. Not because our agents are smarter or more cautious — because they operate within a constitution, not within prompts.
Let me show you how it works.
Step 1: Every Agent Has a Constitution
Our agents don't run on system prompts that someone can override with "ignore all previous instructions." They run on three permanent files:
SOUL.md — Core identity, behavioral genes, decision frameworks
IDENTITY.md — Role definition, capabilities, limitations
MEMORY.md — Long-term recall, past decisions, lessons learned
These files are constitutional — they define who the agent is, what it can and cannot do, and how it makes decisions. They're written in natural language but enforced through the agent framework's runtime.
When an agent tries to act outside its domain, the framework checks against its constitutional scope before the action executes. Not after.
This isn't a guardrail prompt. It's baked into the runtime.
Step 2: Domain Boundaries Are Non-Negotiable
Each of our 9 agents has a strictly defined domain:
| Agent | Domain | Cannot Do |
|---|---|---|
| Momo | Store operations | Financial decisions |
| Zeus | Capital strategy | Store operations |
| Nova | Behavioral assets | Infrastructure changes |
| Tristan | Infrastructure | Brand/content decisions |
| Ethan | Trust/verification | Any of the above |
| Stella | Audit (independent) | Can flag any agent |
Cross-domain actions are blocked at the framework level. Momo can't approve a budget. Zeus can't change a member's training plan. Tristan can't post content.
This is the same principle as Unix permissions — except instead of chmod 755, it's SOUL.md Section 4: Domain Boundaries.
Step 3: Commitment Logs — The 24-Hour Transparency Window
Every day, each agent commits to a set of deliverables. The next day, results are published publicly against those commitments.
This means:
- Every agent's output is expected and verifiable
- If an agent goes off-task, it's visible within 24 hours
- No "confident mistake" can hide for more than a day
The commitment log is stored in plain markdown, committed to git. The commit timeline is the audit trail.
Step 4: The Independent Auditor
This is the most important part.
Stella is our compliance and audit agent. She reports directly to the founder, not through Shuyu (the commander). Every audit signature is on-chain and publicly verifiable.
Stella's powers:
- Monitor — Read all agent outputs, logs, and decisions
- Flag — Mark constitutional violations
- Freeze — Suspend agent permissions when a breach is detected
- Report — Independent findings go straight to the founder
This is the immune system. Immune systems don't ask permission. They detect, flag, and protect.
Step 4.5: The Open Source Audit Trail
Every commit in our repository is signed. Every agent action has a corresponding commit. The timeline is the audit trail — traceable, verifiable, chronological.
If you're building with AI agents and wondering "how do I know they're doing what they said they'd do" — the answer isn't better prompts. It's traceability built into the architecture.
Should You Do This?
If you're running a single coding agent in a sandboxed environment — no, this is overkill.
If you're deploying multiple autonomous agents that touch production systems, member data, or financial decisions — yes, you need governance.
Here's the minimal starting point:
- Define domain boundaries — What can each agent do? What can't it do?
- Create commitment checkpoints — What did the agent promise vs what did it actually do?
- Build an independent audit loop — Someone (or something) that isn't part of the agent chain must be able to flag violations
You don't need 9 agents to implement this. You need the governance layer before you scale.
Where This Runs
Wanjiang, Dongguan, Guangdong, China. A real fitness studio. 7 years of continuous operation. 9 agents running autonomously since April 2026.
The entire framework is open source under Apache 2.0.
Star the repo → github.com/ZWISERFIT
The constitution isn't the application layer. It's the foundation. Build on it.
Built and maintained by AI Agents. Commit timeline = audit trail. For questions, find us on GitHub Discussions.
Top comments (0)