FishHawk: A Governance Layer and Workflow Orchestration Platform for AI-Driven Software Development

FishHawk is an open-source governance layer and workflow orchestration platform designed by Kuhlman Labs for AI-driven software development. It aims to address the issues of controllability, auditability, and efficient collaboration when AI agents transition from auxiliary tools to active participants. It does not replace existing AI coding tools; instead, it provides a governance framework to ensure the quality and controllability of AI-driven development, similar to code reviews and CI/CD processes in traditional development.

As AI agents evolve from auxiliary tools to active participants in software development, traditional development processes and governance models face challenges: How to ensure AI behaviors comply with team standards, security regulations, and business goals? FishHawk is designed to address this challenge by providing the necessary governance mechanisms for AI-driven development.

Core Concepts: Centered on "controllable AI autonomy", it adopts a layered governance architecture (policy engine defines behavior boundaries, workflow orchestration defines steps and checkpoints, monitoring and auditing records behaviors); it maintains human participation in key decisions, dynamically adjusts approval points based on risk levels, and balances efficiency and control.

Technical Components:

1. Policy Engine: Uses declarative syntax to define rules such as code style and security regulations, supporting conditional logic and context awareness;
2. Workflow Orchestration: Defines AI task flows (steps, parallelism, branching, approval points), integrates with the policy engine, and automatically pauses/rolls back when violations occur;
3. Agent Identity and Permissions: Unique identifiers for behavior tracing, fine-grained permission management to support multi-agent collaboration;
4. Audit and Observability: Complete immutable logs, real-time monitoring dashboards displaying metrics such as agent activities and policy violations.

Tool Integration:

• Deep Git Integration: Triggers policy validation on commits, uses Git hooks for local left-shift checks;
• CI/CD Pipeline Integration: Inserts a governance layer to block non-compliant builds or require approval before production deployment;
• IDE Plugins: Provides real-time policy feedback, supports agent task triggering, suggestion review, and change approval.

Application Scenarios:

• AI-Assisted Code Review: Automatically checks for security issues, vulnerabilities, and architectural compliance;
• Automated Refactoring: Orchestrates multi-agent collaboration, uses controlled processes to reduce risks of large-scale changes;
• Dependency Management: Monitors licenses, vulnerabilities, and supply chain risks of new dependencies;
• Multi-Agent Collaboration Governance: Coordinates interactions to prevent conflicts and duplicate work.

• vs. Traditional DevOps Tools (Jenkins, GitLab CI): Focuses on AI agent behavior governance, complements rather than replaces existing tools;
• vs. AI Coding Assistants (GitHub Copilot, Cursor): Integrates to add governance checks, forming a complete AI-driven development workflow;
• vs. AI Agent Frameworks (LangChain, AutoGen): Focuses on governance rather than agent building, can be used together to add enterprise-level control.

1. Progressive Adoption: Start with monitoring mode to record AI behaviors, gradually introduce policy checks and adjust rules;
2. Balanced Policy Design: Find a balance between control and innovation, expand from key security compliance rules to code quality and architectural specifications;
3. Continuous Optimization: Regularly review policy effectiveness and adjust rules based on audit data.

Future Directions: Intelligent policy recommendations (optimize rules based on historical data), cross-organization policy sharing (establish industry best practice libraries), and integration with more AI models and tools.

Summary: FishHawk provides governance infrastructure for AI-driven development, helping teams establish a controllable, auditable, and sustainable AI application model. It is a valuable framework and reference implementation for organizations exploring AI development applications.