regulus

agent
Security Audit
Warn
Health Warn
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 5 GitHub stars
Code Pass
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
  • Permissions — No dangerous permissions requested

No AI report is available for this listing yet.

SUMMARY

The EU & UK compliance plane for Google ADK.

README.md

Regulus

Java 21
ADK 1.2.0
Maven Central
Gradle Plugin Portal
Docs
License: MIT

Where Google ADK ends, regulated builds begin.

Google ADK ships AI agents. Regulus ships AI agents your regulator
accepts.

Website · Docs · GitHub


60s · 5min · 15min

┌─────────────────────────────────────────────────────────────────────┐
│                                                                     │
│   60s   regulus init my-agent --profiles=eu-ai-act,uk-gdpr,fca-sysc │
│                                --frameworks=nist-ai-rmf,iso-42001   │
│                                                                     │
│   5min  cd my-agent && gradle wrapper && ./gradlew bootRun          │
│                                                                     │
│   15min hit /chat → see policy + privacy + audit + GRC envelope     │
│                                                                     │
└─────────────────────────────────────────────────────────────────────┘

That's the funnel. Three checkpoints, no slides.

60s — scaffold

# Install the CLI:
curl -fsSL https://raw.githubusercontent.com/neul-labs/regulus/main/install.sh | sh

# Scaffold a compliant ADK agent:
regulus init my-agent \
    --profiles=eu-ai-act,uk-gdpr,fca-sysc \
    --frameworks=nist-ai-rmf,iso-42001 \
    --grc-adapter=stdout

Output:

✓ created my-agent/ with 12 files
  build.gradle.kts · settings.gradle.kts · gradle.properties · .gitignore
  README.md · gradlew · gradlew.bat
  src/main/java/com/example/agent/{AgentApplication.java, ChatController.java}
  src/main/resources/{application.yaml, logback.xml}

Next: cd my-agent && gradle wrapper && ./gradlew bootRun

Don't want to install a CLI? Same thing through Gradle:

./gradlew initRegulusAgent -PagentName=my-agent \
    -Pprofiles=eu-ai-act,uk-gdpr,fca-sysc \
    -Pframeworks=nist-ai-rmf,iso-42001

The gap, in one paragraph

ADK ships a capable AI agent runtime. It doesn't ship the audit trail
your auditor demands, the retention schedule your DPO signs off on, the
kill switch your runbook exercises, the model-risk tier your second line
assesses, or the framework-mapped evidence your GRC tool catalogues.

Writing those properly is a quarter of engineering time. Writing them
badly is worse than not doing it at all — a bad audit trail is a
discoverable artefact in an enforcement action. Regulus is the bridge.

→ Why Regulus — the full version of this story

Before / after

Plain ADK — works, but produces no audit trail:

@SpringBootApplication
public class App {
    public static void main(String[] args) { SpringApplication.run(App.class, args); }
    LlmAgent rootAgent() {
        return LlmAgent.builder().name("greeter").model("gemini-2.5-flash").build();
    }
}

ADK + Regulus — same agent, with policy + privacy + audit + kill switch +
model risk + residency + framework-mapped GRC evidence:

@SpringBootApplication
public class App {
    public static void main(String[] args) { SpringApplication.run(App.class, args); }
    // Regulus plugins auto-register via application.yaml. No additional code.
}
regulus:
  compliance:
    profiles: [eu-ai-act, uk-gdpr, fca-sysc]
  governance:
    frameworks: [nist-ai-rmf, iso-42001]
  grc:
    stdout: true
  adk:
    residency: { allowed-regions: [europe-west2] }
    kill-switch: { enabled: true, dual-control: true }
    model-risk:  { tenant-tier: STANDARD }

→ Show me — the diff with audit-event sample

What the auditor sees

{
  "event_id": "01J6X4ABCDEFG",
  "occurred_at": "2026-05-14T11:23:09.123Z",
  "actor": "user:42",
  "tenant_id": "acme-bank",
  "jurisdiction": "EU_UK",
  "identity_adapter": "oidc",
  "smf_holder": "SMF24:Jane Smith",
  "action": "model-call",
  "result": "allow",
  "model_id": "gemini-2.5-flash",
  "regulation_clause": "UK GDPR Art. 25",
  "framework_control_id": "A.7.3",
  "ai_act_risk_tier": "limited",
  "consumer_duty_outcome": "support",
  "redactions": ["NINO_1"],
  "chain_index": 1284,
  "prev_event_hash": "9f3e…",
  "event_hash": "1c87…"
}

That JSON has the regulation citation, the ISO 42001 control id, the
SMF attribution, the redactions, the outcome — plus the tenant, the
jurisdiction, the IdP adapter that authenticated the caller, and the
hash chain that makes the trail tamper-evident
— all in one event.
Your 2L attests from it. Your 3L reproduces it. Your DPO answers their
SAR from it. Your security architect verifies the chain offline with
regulus audit verify. None of which works one hour ago.

What you get

  • Canonical identity plane — one Principal + Claims shape; OIDC adapter included, SAML / mTLS / service-account JWT via the IdentityAdapter SPI.
  • 6 ADK BasePlugins — policy, privacy, audit, kill switch, model risk, residency. (Plus a leading RegulusIdentityExpiryGuard for token-expiry enforcement.)
  • 6 ADK service extensions — Vertex + Firestore sessions/memory, GCS artifact, retention compactor, computer-use, plus A2A envelope with RFC 9421 HTTP Message Signatures for cross-org calls.
  • Opt-in audit integrity — SHA-256 hash chain over every event, optional per-event signature, offline verifier (regulus audit verify <chain.jsonl>).
  • 10 regulation profiles — EU AI Act, GDPR, UK GDPR, DORA, NIS2, FCA SYSC, PRA SS1/23 + SS2/21, NHS DSPT, EHDS.
  • 6 governance frameworks — NIST AI RMF + 600-1 GenAI Profile + planned Q4 2026 Agent Interop Profile, ISO/IEC 42001 (with SoA generator), ISO/IEC 23894, ISO/IEC 23053.
  • 4 GRC adapters — ServiceNow IRM, OneTrust AI Governance, MetricStream, generic HMAC-signed webhook.
  • CLI + Gradle plugin — scaffold, doctor, compliance scan, coverage matrix, audit verify.

Full mapping (regulation × framework × control × ADK hook) at the
coverage matrix.

Built for regulated enterprises

Every choice in the platform anticipates the questions a CISO, a head of
internal audit, or an external assessor will ask on day one.

  • Enterprise SSO from day one. Your IdP — Okta, Auth0, Keycloak,
    ADFS, an in-house mTLS scheme — plugs in as an IdentityAdapter that
    mints a canonical Identity. OIDC ships out of the box; SAML and
    mTLS adapters are tens of lines. Regulus refuses to be your IdP — it
    consumes the result.
  • Multi-tenant + multi-jurisdiction by design. tenantId and
    jurisdiction are first-class claims on every audit event and every
    policy decision. The same deployment handles EU-only traffic,
    UK-only traffic, and EU+UK composite tenants without code changes.
  • Tamper-evident audit trail. Opt-in regulus.ai.observability.audit.integrity.enabled=true
    switches on a SHA-256 hash chain. Auditors verify the chain offline
    against a copy of the log; mutation, reorder, or gaps fail
    verification.
  • Signed cross-org A2A calls. When agents from different
    organisations collaborate, outbound JSON-RPC envelopes are signed
    with RFC 9421 HTTP Message Signatures over method, target URI, body
    digest, tenant id, and correlation id. Replay protection via nonce
    • timestamp window. The inbound side reconstructs the caller's
      Identity from the verified envelope before any policy guard runs.
  • Identity-backed dual control. Kill-switch activation and
    approval gate on Identity roles (regulus.killswitch.requester / .approver / .emergency), with approver-distinctness enforced on
    Principal.id so two distinct subjects are required — not two
    distinct typed names.
  • Clear security model + threat model. What Regulus defends
    against, what it doesn't, where the trust boundaries are, what
    happens when each one breaks — all documented at
    Security architecture.

The architecture is one canonical primitive with replaceable adapters,
not a grab-bag of per-protocol code paths. That is what keeps the
compliance story coherent as the protocol mix shifts under you.

Choose your path

You are… Start here
An engineer new to Regulus Why RegulusShow meInstall the CLI
A security architect / enterprise IT Security modelSecurity architectureProduction hardening
A governance leader (CISO / CAIO / CRO / 2L / 3L) Governance overviewThree Lines of DefenceGRC integration
Preparing for ISO 42001 certification ISO/IEC 42001Audit walkthroughProgram operating model
New to regulatory vocabulary Concepts → What is regtech?Concepts → What is AI governance?Glossary

How it plugs into ADK

Every Regulus control is a com.google.adk.plugins.BasePlugin. Built on
ADK's official extension contract — not Spring AOP, not bytecode
rewriting:

ADK seam Regulus implementation
Inbound HTTP / Spring SecurityContext OidcSecurityContextFilterIdentityAdapterIdentityHolder (canonical Identity bound before any callback fires)
BeforeAgentCallback RegulusKillSwitchPlugin, RegulusDataResidencyPlugin
BeforeModelCallback RegulusIdentityExpiryGuard (first), RegulusPolicyPlugin, RegulusPrivacyPlugin (mutating), RegulusModelRiskPlugin
AfterModelCallback RegulusPrivacyPlugin (re-redact), RegulusAuditPlugin (chain-sealed when integrity enabled)
BeforeToolCallback RegulusPolicyPlugin, RegulusModelRiskPlugin (for code executors)
ToolConfirmation Kill-switch dual control (Identity-gated), vulnerable-customer HITL, Art. 22 safeguards
EventCompactor RegulusRetentionEventCompactor (regulation-aware retention)
SessionService / MemoryService / ArtifactService Regulus* variants with residency at construction
A2A RemoteA2AAgent / AgentExecutor regulus-ai-adk-a2a envelope with A2ARequestSigner (RFC 9421) for cross-org calls
BaseComputer RegulusComplianceBaseComputer (Google flagged as needs-impl)

ToolConfirmation is Google's HITL primitive. Regulus' dual control uses
exactly that mechanism — same shape, no special-case API for users to
learn.

Distribution

  • Maven Centralcom.neullabs:*.
  • Gradle Plugin Portalcom.neullabs.compliance.
  • GitHub Releasesregulus-cli.jar.
  • GitHub Container Registryghcr.io/neul-labs/regulus-adk-demo.

Contributing

See CONTRIBUTING.md. New controls ship as BasePlugin
implementations; compliance docs follow the
regtech-explainer template.

License

MIT


Built to ADK's official extension contract. Not endorsed by Google — we
picked the seams they ship.

Shipped 20 March 2026, ten days ahead of ADK Java 1.0 GA. Tracking ADK
releases since.

Part of the Neul Labs toolchain

Part of the Neul Labs agent-infrastructure toolchain:

Project Description
agentvfs Workspace runtime and execution boundary for AI agents.
memorg Give your LLM a memory that actually works.
ormai Give your AI agents database access without the risk — safe text-to-SQL.
mcp-pay Payment awareness layer for MCP (Model Context Protocol).
closegate The policy chokepoint for finance AI agents.

Reviews (0)

No results found