← All projects
Linux Foundation · LFDTFull-Stack AIAI Infrastructure

GitMesh

Policy-as-Code Engine for Open-Source AI Agent Orchestration

GitMesh - Policy-as-Code Engine for Open-Source AI Agent Orchestration

Problem

Open-source maintainers drown in triage, review, docs, and security work - and AI coding agents (Claude Code, Copilot, Cursor, Gemini CLI) make it harder to govern: every tool acts with its own permissions, no shared policy, no audit trail. Letting autonomous agents touch a repo unsupervised risks runaway automation - an agent merging a bad PR, editing CI, or publishing a security advisory without a human in the loop.

Approach

GitMesh is a multi-agent orchestration runtime and governed MCP server for OSS projects. Pre-defined agent roles (Triage, PR Review, Docs, Security, Community, Onboarding, Release) run on heartbeat schedules with token budgets and permission scopes. A single maintainer-defined Policy-as-Code layer - YAML compiled to OPA/Rego - governs every connected tool through MCP, so no agent merges a PR, edits CI/CD, or files a CVE without human approval. Native GitHub/GitLab webhook sync pushes agent actions to the forge; an ACP (JSON-RPC 2.0) orchestrator coordinates agents without conflicts or double work; every action is logged immutably with actor, policy version, and allow/block outcome. Any project adopts it with one YAML file and one CI step.

At a glance

Org

LF Decentralized Trust lab

Traction

140★ · 48 forks

Commits

562

Latest

v0.4.0-alpha (Phase Two)

License

Apache-2.0 · OpenSSF

Codebase

97% TypeScript monorepo

Tech decisions

  • Policy-as-Code via OPA (YAML → Rego)

    Maintainers express governance in simple YAML; compiling to Rego gives a battle-tested, auditable policy engine instead of ad-hoc permission checks.

  • Governed MCP server over per-tool integrations

    One MCP endpoint governs every AI coding tool (Claude Code, Copilot, Cursor, Codex, Gemini) under the same policy - connect once, governed everywhere.

  • ACP (JSON-RPC 2.0) agent-to-agent orchestration

    Lets multiple agents work simultaneously without double work, conflicts, or runaway cost.

  • LF-aligned pnpm monorepo (Phase Two pivot)

    Restructured cli / server / lib / agents / governance into one workspace to meet Linux Foundation lab standards and lower the barrier for external contributors.

  • Embedded PostgreSQL by default

    Zero-config local dev with no external database, while supporting external Postgres via DATABASE_URL for production.

Stack

TypeScriptNode.jsOPA / RegoMCPACP (JSON-RPC 2.0)PostgreSQLDrizzlepnpmDockerGitHub/GitLab API
Live demoGitHub