Etiquette
Govern agent-assisted engineering work with seats, evidence, and promotion gates. Local-first: your repo is the ledger, receipts are the proof, and no server ever sees your code.
When several coding agents (and humans) work the same repository, the hard part isn't running them — it's knowing who did what, on whose authority, and what proved it worked. Etiquette gives each participant a seat, each unit of work a task envelope, each completion a receipt, and each merge a promotion gate — all recorded as plain files and git history you can audit with tools you already trust.
The same records give your agents perfect recall: every decision, receipt, and state change is a citable, append-only entry — weeks later, any seat can read exactly what happened and why, instead of re-deriving it from a stale chat log.
Install & verify
npm / bun primary
npm install -g @etiquekit/etq
# etq, etiquette and etiquette-core land on PATH
etq doctor --project .
Ships compiled bundles — the same signed bytes as the release tarball.
Zero-install trial: bunx @etiquekit/etq help.
Native install
curl -fsSL https://etiquekit.com/install.sh | sh
Verifies every artifact against a pinned public key before anything
executes, then installs under ~/.etiquette.
Both channels verify integrity automatically — the installer checks every artifact against a pinned public key before anything executes, and npm checks the registry's integrity hash on install.
Binary integrity — verify a release by hand
# fetch the manifest, signature, and key curl -fsSLO https://etiquekit.com/releases/SHA256SUMS curl -fsSLO https://etiquekit.com/releases/SHA256SUMS.sig curl -fsSLO https://etiquekit.com/releases/etiquette-release-signing.pub.pem # display the key's fingerprint shasum -a 256 etiquette-release-signing.pub.pem
Confirm the output reports
917fbced1d6a82897ec3441a1d12947803ca4d42a6bc63d3412dee8bf8c3ce31
— cross-check against a second channel (the npm README, your team's records),
not just this page. Then verify the manifest signature and the artifact bytes:
openssl dgst -sha256 -verify etiquette-release-signing.pub.pem \ -signature SHA256SUMS.sig SHA256SUMS shasum -a 256 -c SHA256SUMS
A valid result reports Verified OK and OK per
artifact. If any step fails: stop, don't install, report it.
Quickstart — a governed workspace in five minutes
- Provision the workspace. From your project repo:
etq init --project . # folders, journal, roster etq doctor --project . # everything green before work
- Bootstrap seats and tasks. One command creates repo-local state,
seats, task envelopes, pickup docs, events, and runbooks:
etq bootstrap local --project . --profile codex-cc-gemini --task-prefix APP
- Register your agent CLI (explicit, never automatic — Etiquette
refuses to silently modify agent configs):
etq setup --target auto --project . # or codex | claude-code | gemini - Take a seat and claim a task.
etq join --seat dev-a --project . etq pickup --seat dev-a --task APP-001 --expect-project-id <id> --text
- Work, then gate on evidence. The return check refuses "done"
without proof:
etq return check --task APP-001 --seat dev-a etq console board --project . --text # the live task board
etq whereami --seat dev-a --task APP-001 re-orients any resumed
developer, agent, or inherited worktree: repo, branch, task envelope, runbook.Concepts
Seat
A durable work identity. A human, agent, or runtime can occupy it — the seat is what the workflow routes to, and what readiness is proven against.
Task envelope
What work is allowed: owner, mode, allowed writes, forbidden writes, validation, stop conditions, expected receipt, next owner. No write boundary + validation → not ready for autonomous execution.
Session
A bounded run inside one repo — a bug fix, feature slice, review, or short swarm. Not a product, quarter, or org.
Receipt
Proof of what happened: changed files, validation results, runbook refs, blockers, risks, next owner. Evidence — it never approves itself.
Ledger / journal
The durable record for the repo: decisions, receipts, state changes, refs — an append-only event log in git. Execution chatter stays in session runbooks and scratch space.
Promotion gate
Where candidate work becomes accepted truth. Resolved by policy — owner, role, quorum, risk class — never by an agent claiming "done".
Who did what? — the four identities
| Concept | Answers |
|---|---|
| Operator principal | Who is accountable for intent or approval? |
| Seat | What durable work role or capability is acting? |
| Runtime | Which tool or model executed? |
| Session | Which bounded run produced the evidence? |
CLI reference
etq and etiquette are the same binary; a bare-bones
governance profile lives in etiquette-core. Every command takes
--project <path>; most support --json.
Start here
| etq setup | Register agent CLIs as seats (--target auto|codex|claude-code|gemini|all). Explicit, reviewable, never automatic. |
| etq init | Provision workspace folders, journal, roster. |
| etq bootstrap local | Create seats, task envelopes, pickup docs, events, runbooks (--profile codex-cc-gemini|lead-review). |
| etq handoff | Prepare a warm handoff pack for the next seat. |
| etq whereami | Re-orient a resumed seat: repo, branch, task, runbook. |
| etq doctor | Readiness assertion — run before work, green before go. |
| etq status | Workspace summary. |
Daily work
| etq join | Occupy a seat. |
| etq pickup | Claim a task card (--expect-project-id guards against wrong-repo pickups). |
| etq receipt scaffold | Write the receipt stub at the exact path pickup names (--force to overwrite; the stub cannot fake completion — return check gates on posted packets). |
| etq enter | Open a task under an operator principal. |
| etq session create | Start a bounded run for a seat + task. |
| etq return check | The evidence gate: refuses completion without proof (--remote-runner for detached runs). |
| etq notify poll / webhook | Seat notifications; GitHub webhook intake with signature check. |
| etq dispatch scaffold / check / record | Generate, validate, and record dispatch envelopes and receipts. |
| etq retire | Retire a path with a reason and evidence ref. |
| etq diagnostics | Triage helpers: runner-glitch, no-return. |
Views & readiness
| etq console board | The live task board in your terminal (--text) or served locally (console serve, loopback only). |
| etq bus view | Read the event journal by lane, seat, or range (--format text|json|markdown). |
| etq timeline view / preview | Project the journal as a timeline per project, seat, lane, or principal. |
| etq ledger index|search|show | Query the durable record. |
| etq seat readiness / status / owner-card | Prove and inspect seat readiness. |
| etq release readiness / ga-readiness | Release gates over the recorded evidence. |
Full surface: etq help · advanced: etq help advanced ·
minimal profile: etiquette-core help.
Field manuals new in 1.0.11
Shipped in the package under docs/ and templates/ — written from live
multi-seat runs, including a cold external consumer's first-run reports.
| docs/OPERATOR_PLAYBOOK.md | The human principal's when-X-do-Y card: the reviewer moment, counter posture, second-party verification, and the human gate — "continue" is a nudge, never authority; gated acts need their minted phrase. |
| docs/AGENT_SPAWNING.md | For implementing agents: durable seats vs disposable runners, when to spawn inline vs ask for a provisioned seat, and the provisioning-card template. |
| docs/INTEGRATION_UI.md | For UI/consumer builders: the event and packet wire formats, lint rules, envelope model, and composer requirements. |
| templates/DISPATCH_PREMISES.md | The load-bearing premise gate: verify static claims on the consuming surface before dispatching; ship the rest as labeled hypotheses with paired stop conditions. |
Agents bootstrapped in 1.0.11+ also carry the Propulsion doctrine in their rendered
AGENTS.md: never stop silently — state WORKING, GATED (present the decision card), or
BLOCKED, and end every return with Next:.
Runbooks
Bootstrap a governed repo
etq init --project .
etq bootstrap local \
--project . \
--profile codex-cc-gemini \
--task-prefix APP
etq doctor --project .
Then etq setup --target auto per agent CLI you use.
Resume after a break
etq whereami --seat dev-a --task APP-001
etq pickup \
--seat dev-a \
--task APP-001 \
--expect-project-id <id> --text
Runner resume recovers chat context; whereami confirms
ground truth.
Gate a completion
etq return check --task APP-001 --seat dev-a
# red? read the named missing evidence,
# produce it, re-run. Never hand-wave.
The check names exactly what's missing (validation, receipt fields, refs).
Doctor triage
etq doctor --project .
etq diagnostics runner-glitch \
--symptom "<text>"
etq diagnostics no-return \
--task APP-001 --seat dev-a
Doctor is cheap — run it on any weirdness before debugging by hand.
For agents
Agent-facing quickstart lives at
etiquekit.com/llms.txt —
fetch it first. The short version:
You may
Run, observe, retry safe work, and return evidence. Initialize, check, record, and project read models. Ask for a seat, claim tasks addressed to you, and produce receipts.
You may not
Grant, merge, close, promote, or mutate canonical truth. External "Done" is not acceptance. Authentication is not authorization. When authority is unclear — stop.
Seat packs provision per-runtime integration explicitly:
provision-seat claude-code · codex · gemini ·
ollama · openrouter. Note: agent harnesses may (correctly)
block etq setup as self-modification — the operator runs setup, once,
reviewably.