Building and managing AI agents in SAFi

Hi everyone, For the last year and a half I've been building **SAFi** (the Self-Alignment Framework Interface), a runtime governance engine for AI agents. SAFi is self-hosted and fully open source under the **AGPL-3.0** license. I've been posting about SAFi in this subreddit from a philosophical and theoretical angle for a while, but today I want to talk about it from a practical perspective. Full disclosure: I've worked in IT for more than 20 years, and I designed SAFi the way an IT professional approaches building architecture in a corporate environment. SAFi assumes a corporate setup with an **organizational charter** — a mission statement, core values, and at least one policy. You only need one policy to deploy agents successfully. SAFi also implements a **zero-trust** approach: every agent starts with no tools or advanced capabilities enabled by default. Tools are authorized at the **policy** level, and when you build an agent in the creation wizard, the only tools you can choose from are the ones the governing policy has already authorized. Nothing is available until governance says it is. On top of that, SAFi uses a **role-based permission** structure — members, auditors, editors, and admins: * **Members** can only use agents that have already been built. * **Auditors** get read-only access to agents, policies, and logs — they can see what's happening but can't change anything. * **Editors** can edit policies, and create and edit agents. * **Admins** can do all of the above, plus set the organizational charter, verify domains, and add users to the system. Go to the demo site to see everything that's available. Now that the governance architecture is working and generating logs, I want to start building agents that actually do more than generate text. To make that concrete, I built two agents: one to serve as my work assistant, and one for a personal interest. # Memory: the foundation of a reliable agent To build reliable agents, I believe **memory** is the most important thing — and as you all know, there are many types of memory. Here's how SAFi handles it: 1. **Ethical memory.** This is SAFi's secret sauce. When you create an agent, you define its purpose and a set of values that align with that purpose. In SAFi, *alignment* is defined as the coherence of the agent's output with its stated values, and the system scores that coherence on every turn and remembers it over time. 2. **Conversational memory.** SAFi keeps the last few turns of a conversation verbatim in the context window and maintains a running summary of everything older, so long conversations stay coherent without blowing up the context. 3. **Profile data.** If you populate fields in your profile, the model uses them to personalize its answers and actions. 4. **Project and task memory.** When this feature is enabled, the agent accumulates and remembers the things that matter to ongoing work — projects, tasks, vendors, people, milestones, deadlines, decisions, and completion dates — across every conversation you have with it. # Use case #1 — work assistant I created an agent to act as my personal assistant at work. I use AI to draft, refine, and summarize emails, and to brainstorm about ideas and projects. My key responsibilities include vendor management, team management, and infrastructure planning, so the agent has to hold a lot of context. I also wanted the agent to send me a daily status update with action items, Monday through Friday. I started doing this last week in SAFi and I'm tracking how it performs. SAFi is **model-agnostic**, and the model you pick as the generating brain has a big influence on how intelligent the agent feels, because it has to synthesize everything. For this agent I'm using **DeepSeek V4**, and honestly, it's pretty good. It's not good enough that I'd let it send updates to my boss or email vendors automatically — yet, but it's good enough that it remembers every project and task, which makes it far easier to keep things on track. I can say *"draft an email to vendor X for the pending action items,"* and it produces something I can copy, paste, and send with barely any edits. I can say *"generate a status update for my boss,"* and it pulls together everything accurately. It's only been a week, but I get the feeling that if I keep fine-tuning it and building trust, I'll eventually let it do some things autonomously. That trust has to be earned slowly, based on the pilot I'm running. # Use case #2 — Bible scholar The other agent is a Bible scholar. I'm Catholic, and during the week I like reading the daily Lectionary gospel; on Sundays I like to get all three readings. Until now I'd been doing this manually. Now I've set the agent up to email me the daily gospel reading with scholarly commentary every morning, and on Sundays it sends the full set of three readings with a synthesis of how they connect. I use DeepSeek for this one too, and it's amazing. I love how the model tailors it for me, and getting it in my inbox automatically means I don't have to log in to SAFi and generate it by hand — it's just there when I wake up, and I read it while I brew my coffee. # Talking to your agents SAFi is an API-based platform. You can talk to your agents through the native JavaScript front end I built, or through **Telegram** and **Microsoft Teams**, which I've already wired up. Because it's all driven by a clean API, you can connect it to any platform that supports API-based bots — WhatsApp, Slack, or whatever else you use. SAFi is the only platform I know of that lets you create agents that are aware of your organization's brand and culture, *and* that track their own alignment with the purpose they were created for.