Local governance for AI-assisted development

Universal Governance Compiler

Write repository governance once. Compile it into local rule and configuration surfaces for OpenAI Codex, Google Antigravity, Anthropic Claude Code, and Cursor by Anysphere.

ugc@linux-mint:~/repo
$ ugc init
created .universal-governance/

$ ugc build --dry-run
planned: Codex, Antigravity, Claude Code, Cursor

$ ugc build
wrote generated governance targets

$ ugc audit
source validity: ok
drift: none detected

AI coding tools do not read the same rule files. UGC keeps the operating rules in one repository-local corpus, then emits deterministic target files for each supported agent. The point is not magic. The point is repeatable, inspectable governance.

What It Does

One source, four target surfaces.

OpenAI Codex

AGENTS.md, project config/rules, and a repo-local governance skill.

Google Antigravity

.agents/AGENTS.md and native skill-style SOP files.

Anthropic Claude Code

CLAUDE.md plus conservative local settings.

Cursor by Anysphere

A generated .cursorrules surface for repository guidance.

Compiler Shape

Governance becomes a build artifact.

UGC treats .universal-governance/ as source truth and generated agent files as outputs that can be rebuilt, reviewed, and audited for drift.

Source .universal-governance/
compile
Targets Codex / Antigravity / Claude Code / Cursor
audit
Check drift / missing files / coverage

Standard SOP Corpus

The corpus is the product's operating layer.

UGC does not generate empty config shells. It installs a practical starting corpus for approval gates, protected surfaces, stop conditions, release discipline, worktree hygiene, explainability, and session closure.

Approval Discipline

Hash-bound approval packets tie a short approval sentence to a specific plan, scope, and return gate.

Engineering Simplicity

The corpus favors explicit, reviewable changes over clever machinery that hides behavior.

Auditability

Worklogs, checklists, and drift checks preserve the trail of what changed and what was validated.

Release Guardrails

Commit, push, release, and deploy surfaces are treated as separate actions with clear stop conditions.

Persistent Memory

Worklogs keep context after the chat window disappears.

AI agent sessions are temporary. Repository worklogs preserve objectives, approvals, touched files, validation results, stop reasons, and residual risks so the next session does not have to guess.

01 Intent

What was requested and what was explicitly out of scope.

02 Evidence

Commands, tests, hashes, commits, and release URLs.

03 Residual Risk

What is known, deferred, or deliberately not claimed.

Install

Download a binary or build from source.

Prebuilt release

UGC v1.0.5 makes Codex a first-class three-layer governance target while retaining English-first public wording, Cursor deny hooks, and minimal public CI checks.

Open Releases

macOS artifacts are cross-compiled; see release notes for platform caveats.

git clone https://github.com/radustefanescu97-star/UGC-Universal-Governance-Compiler.git
cd UGC-Universal-Governance-Compiler
go build -o ugc .
./ugc --help

Limitations

UGC is honest about its control surface.

UGC verifies generated governance artifacts. It does not promise that every third-party agent behaves identically at runtime.

V1 does not install git hooks, configure branch protections, deploy a service, or add a hosted control plane.

Approval packet hashing is local discipline. It is not identity signing or a substitute for organizational policy.

Governance should be portable, reviewable, and close to the repository.

Apache-2.0. Maintained by Radu Stefanescu / @radu_st1