‹ Agent Governance Index

Is openai/swarm production-ready?

Mechanical governance score from agent-contracts scan against a clean clone. No vibes, no testimonials — reproducible from the exact commit below.

70/100 C no change since the previous scan
Weakest dimension: dependency_pinning (0/10). This measures a lockfile or pinned dependency manifest. A low score here means an agent built on swarm can fail in this dimension without the repo signalling it.

Dimension breakdown (100 points)

tests_and_ci — a test suite plus CI that runs it10/20
tool_governance — permission / allowlist / approval / human-in-loop gating on tool calls20/20
secret_safety — secrets git-ignored, no obvious hardcoded keys15/15
eval_harness — an eval / benchmark / labeled-corpus surface15/15
dependency_pinning — a lockfile or pinned dependency manifest0/10
observability — logging / audit / tracing0/10
resilience — retry / backoff / fallback / escalation10/10

Reproduce this score

pip install "agent-contracts @ git+https://github.com/impartshadow/agent-contracts.git"
git clone --depth 1 https://github.com/openai/swarm.git
git -C swarm checkout 6af0b4caf3
agent-contracts scan --root swarm --json

Scored commit: 6af0b4caf37dca4526dfd98e9fbd8ce36e7eeb22. The score is the output of a deterministic scanner, not a judgment call — a clean clone reproduces it.

What this score can and can't tell you

This index measures observable governance surface — the guardrails a reliable agent needs. It does not certify that agents built on swarm behave correctly at runtime. The most expensive agent failure — confidently claiming a task is "done" with nothing to back it — has no surface to grep, so no static score (including this one) can see it. Here's the proof, on the #1-ranked framework.

Every framework is re-scanned on a schedule. The weekly delta — what moved, on which commit, and what it means for teams building on it — goes out at echofromshadow.substack.com.