SIDJUA

Structured Intelligence for Distributed Joint Unified Automation

SIDJUA is an open-source AI governance platform that enforces rules before agents act — not after. Where other agent frameworks bolt governance on as an afterthought, SIDJUA makes it the foundation: every agent action passes a 5-step enforcement pipeline before it executes. AGPL-3.0 licensed. Self-hosted. Air-gap capable.

Why SIDJUA?

95% of enterprise AI POCs fail (McKinsey 2025). The pattern is consistent: agents act without guardrails, costs spiral, outputs violate policy, and no one can audit what happened. Frameworks like CrewAI, LangChain, and AutoGen provide orchestration but zero enforcement — they tell agents what to do, not what they're allowed to do.

SIDJUA inverts this. The governance layer sits in front of execution. Forbidden actions are blocked before the LLM call is made. Budgets are enforced per-task and per-agent. Classification rules prevent data from crossing boundaries. All from a single divisions.yaml that defines your entire agent organization.

The result: a complete governance runtime with 2,708+ tests and an operational end-to-end LLM execution path — built in 19 implementation phases.

Key Features

• Pre-Action Governance — 5-step enforcement pipeline (Forbidden → Approval → Budget → Classification → Policy) checks every agent action before execution
• Configuration-Driven — Single divisions.yaml bootstraps the entire agent organization across 10 provisioning steps
• Multi-Provider — Anthropic, OpenAI, Google, Cloudflare Workers AI, Groq, local LLMs, any OpenAI-compatible endpoint
• Zero-Config Guide — sidjua chat guide launches an interactive AI assistant with no API key — powered by Cloudflare Workers AI via the free SIDJUA proxy
• Budget Enforcement — Per-task and per-agent cost limits enforced in real-time; BUDGET_EXHAUSTED cancels running tasks automatically
• Air-Gap Ready — Deploy fully disconnected from the internet with local LLMs
• Lightweight — 10-20x lighter per agent than container-based alternatives, 15x faster cold start
• Audit Trail — Every agent action logged with full governance context
• Self-Hosted — Your data stays on your infrastructure; no telemetry
• 2,708+ Tests — Strict TypeScript, zero failures

Quick Start (Zero-Config)

No API key needed. Run the interactive SIDJUA Guide — powered by Cloudflare Workers AI via the free proxy:

npm install -g sidjua
sidjua init
sidjua chat guide

The Guide answers questions about SIDJUA, helps you set up agents, and explains governance concepts. To unlock your own LLM provider:

# In the chat session:
/key groq YOUR_FREE_API_KEY   # free at console.groq.com

Quick Start (Docker)

git clone https://github.com/GoetzKohlberg/sidjua.git
cd sidjua
docker compose up -d

# Check services are healthy
docker compose ps

# Generate and save your API key
docker compose exec sidjua sidjua api-key generate
# → export SIDJUA_API_KEY=<key>

# Bootstrap governance from config
docker compose exec sidjua sidjua apply

# Check system status
docker compose exec sidjua sidjua status

See docs/QUICK-START.md for the full walkthrough including provider setup and first agent task.

Manual Installation

# Prerequisites: Node.js >= 22, Qdrant running on localhost:6333
git clone https://github.com/GoetzKohlberg/sidjua.git
cd sidjua
npm ci
npm run build
node dist/index.js --help

Status

v0.9.1 is an early beta release. Core functionality works end-to-end. Found a bug? Open an issue — we move fast.

Semantic search and RAG-based agent knowledge (embedding pipeline) is planned for v1.0.

Your First Agent in 5 Minutes

# 1. Add a provider API key
sidjua key add my-anthropic --provider anthropic --source env:ANTHROPIC_API_KEY

# 2. Create an agent
sidjua agent create my-agent --provider anthropic --model claude-haiku-4-5-20251001 \
  --division engineering --budget-per-task 0.50 --tier 3

# 3. Start the orchestrator
sidjua start

# 4. Submit a task (governance enforced before execution)
sidjua run "Summarize the current sprint status" --division engineering --wait

The governance pipeline runs automatically on step 4. Any policy violation or budget overrun stops the task before the LLM call.

Architecture

SIDJUA separates what agents are allowed to do from what they can do. Governance is structural, not advisory.

┌─────────────────────────────────────────┐
│         GOVERNANCE LAYER                │
│  Policies → Boundaries → Classification │
│         (Customer-defined rules)        │
├─────────────────────────────────────────┤
│           SIDJUA AGENT OS               │
│  CLI / REST API / Management Console    │
├─────────────────────────────────────────┤
│     ┌──────────┐  ┌──────────┐         │
│     │Division A│  │Division B│  ...     │
│     │ Agent 1  │  │ Agent 3  │         │
│     │ Agent 2  │  │ Agent 4  │         │
│     └──────────┘  └──────────┘         │
├─────────────────────────────────────────┤
│              PROVIDER CATALOG                    │
│  Anthropic │ OpenAI │ Google │ Groq │ Local │ CF │
└─────────────────────────────────────────┘

CLI Reference

sidjua setup              # Interactive setup wizard
sidjua apply              # Bootstrap from divisions.yaml
sidjua status             # Workspace and system status
sidjua start              # Start orchestrator + agents
sidjua run "task..."      # Submit a task with governance enforcement
sidjua tasks              # List active tasks
sidjua agent list         # List all agents
sidjua costs              # Cost breakdown by division/agent/period
sidjua logs               # Audit trail viewer
sidjua provider list      # Show available providers
sidjua backup create      # Create full system backup
sidjua server start       # Start REST API server

See docs/CLI-REFERENCE.md for the complete command reference.

Testing

npm test                  # Run all 2,708+ tests
npm run test:coverage     # With coverage report
npx tsc --noEmit          # TypeScript check

Intellectual Property Notice

SIDJUA's codebase is protected by multiple overlapping security layers including cryptographic code fingerprinting, Docker image watermarking, Bitcoin blockchain timestamps (OpenTimestamps), and automated DMCA monitoring. These protections are embedded at the source code, binary, and infrastructure levels and survive reformatting, transpilation, and AI-assisted rewriting. Unauthorized copying or redistribution will be detected and pursued. Two USPTO provisional patents are on file (February 2026). See LICENSE for terms.

License

SIDJUA is licensed under AGPL-3.0-only.

For commercial licensing (enterprise features, MOODEX, compliance packs), visit sidjua.com.

Enterprise

SIDJUA Enterprise adds: MOODEX affective monitoring, tamper-proof audit, SSO/LDAP/SAML, encrypted agent communication, compliance certification packs, SLA engine, and more.

→ sidjua.com

Community

• Discord: discord.gg/C79wEYgaKc — ask questions, share agents, get help

Contributing

See CONTRIBUTING.md for guidelines. Bug fixes, documentation improvements, provider adapters, and governance policy templates are welcome.

Security

Found a vulnerability? See SECURITY.md. Do NOT open a public issue.

2 USPTO provisional patents filed (February 2026).