Agent bindings
An agent binding is the production-agent analog of an environment: which watches an agent depends on, which drift policy applies, and how runtime blocks propagate.
Status: Console bindings, policies, remediation approval rules, and GET /api/agents/:id/status shipped (CP-2). CI validation for .driftguard/agents.yaml remains queued (CP-2.1).
Concepts
- Binding — links agent id/slug to one or more watches
- Policy preset — notify-only → production-guard
- Runtime webhook — signed
agent.contract.blockedevents to your orchestrator - Affected agents — drift on a watch surfaces
affectedAgentIds[]on alerts - Approval rules — repo/branch gates before incident ack
agents.yaml
Version-control bindings beside agent code at .driftguard/agents.yaml. Full field reference: agents.yaml reference.
version: 1
agents:
- id: billing-refund-v3
environment: production
policy: production-guard
watches:
- stripe-refunds-mcp
runtime_webhook: https://api.example.com/agents/billing/contract
repoRef: acme/platform@main
Drift policies
Each binding references a policy that controls breaking-drift response. See the preset table for notify-only, staging-strict, and production-guard behavior on preflight and runtime.
Org templates
Launch bindings from org watch templates to inherit URL patterns, tags, and default policyPreset across the fleet.
API & MCP
GET /api/agents/:id/status— composite drift + policy action (id or slug)POST /api/preflightwithagentId— block orchestrator runsPOST /api/agents/:id/kill·/unblock·/ack— runtime lifecycle- MCP:
get_agent_status,list_affected_agents,acknowledge_drift
Console
ConsoleFleetBindings — create and edit bindings. Needs Review hub aggregates binding-level incidents (CP-2.8). Policies live under SettingsDrift policies.
Deep dives
- agents.yaml reference (RES-4.2)
- Drift policy presets (RES-4.3)
- Remediation approval rules (RES-4.4)
- Org watch templates (RES-4.5)
Related
- Pre-run check (preflight)
- FuseGuard loop fuse
- Glossary — agent binding, drift_status