Your 5-Eye Compliance Framework for Banking-Grade Software Development
Argus is an agent-agnostic AI framework that installs a complete banking compliance SDLC into any codebase. Named after Argus Panoptes — the all-seeing giant of Greek mythology — it deploys 5 specialized agents (5 eyes) to watch every aspect of your software lifecycle: security, compliance, quality, testing, and delivery.
Banking regulations are non-negotiable. Your AI agents should be too.
Argus transforms any AI coding workspace (OpenCode, Cursor, Windsurf, Cline, Aider, etc.) into a banking-grade compliance environment. It:
- Detects your workspace technology stack automatically
- Asks 20 targeted configuration questions
- Adapts 5 specialized agents and 11 core + 5 compliance skills to your project
- Generates 6 documentation templates (architecture, security, API, etc.)
- Enforces Agile SDLC with 7 compliance phases
Result: A self-configuring compliance pipeline where no OWASP vulnerability, no GDPR violation, and no quality gate gets through unnoticed.
Each agent represents one of the five critical domains of banking software development:
| Eye | Agent | Symbol | Role |
|---|---|---|---|
| 🔮 1st Eye | Orchestrator | Eye of Vision | Sees the full SDLC workflow. Routes requests, manages phases, tracks session memory. |
| ⚙️ 2nd Eye | Backend Developer | Eye of Logic | Sees architecture, patterns, and business logic. DDD, Clean Architecture, SOLID. |
| 🎨 3rd Eye | Frontend Developer | Eye of Design | Sees UI/UX, accessibility, performance. WCAG-compliant, pixel-perfect. |
| 🛡️ 4th Eye | Reviewer | Eye of Judgment | Sees security, compliance, standards. The final gate. Read-only. |
| 🔬 5th Eye | Testing | Eye of Truth | Sees bugs, coverage, regressions. TDD, integration, E2E, performance. |
No code is merged unless all 5 eyes agree.
The Orchestrator drives every request through a strict Agile SDLC:
Phase 0: Detect Prior Session State
↓
Phase 1: Requirements Gathering (user interview)
↓
Phase 2: Issue Tracker Skeleton (Jira/GitHub)
↓
Phase 3: Feature Definition (technical specification)
↓
Phase 4: Development (backend + frontend agents)
↓
Phase 5: Testing (QA agent execution)
↓
Phase 6: Review & Oracle Verification (security + compliance gate)
↓
Phase 7: Close (merge, documentation, memory)
No phase may be skipped. No compliance gate is optional.
Each skill is a specialized instruction set for a specific SDLC domain:
| Skill | Domain | When to Use |
|---|---|---|
build-check |
CI/CD | Verify build pipeline before merge |
code-review |
Quality | Structured multi-dimensional review |
git-flow |
Version Control | Branch naming, commits, PR workflow |
history-scan |
Analysis | Git history for audit trails and changelog |
jira-integration |
Project Management | Issue tracking across SDLC |
lang-enforcer |
Standards | English-only enforcement |
owasp-top10 |
Security | OWASP Top 10 vulnerability scanning |
project-status |
Reporting | Board overview, WIP, blocker tracking |
secure-coder |
Security | Secrets, injection, PII, CVE checks |
test-driven |
Quality | TDD, AAA pattern, test coverage |
ui-ux |
Design | Design system, accessibility, responsive |
| Skill | Regulation | Install If |
|---|---|---|
gdpr |
General Data Protection Regulation | You process EU personal data |
dora |
Digital Operational Resilience Act | You are a financial entity or ICT provider |
mica |
Markets in Crypto-Assets Regulation | You handle crypto-assets |
psd2 |
Payment Services Directive 2 | You provide payment services |
pci-dss |
Payment Card Industry Data Security Standard | You process cardholder data |
iso-20022 |
Financial Messaging Standard | You exchange payment messages (pain, pacs, camt) |
sepa |
Single Euro Payments Area | You process euro payments within EU/EEA |
eidas |
Electronic Identification and Trust Services | You use electronic identity, digital signatures, or KYC |
The old compliance-eu skill is now a dispatcher for backward compatibility. New installations should copy only the skills that apply to the project.
- Clone this repository into your workspace or open it as a reference
- Read
AGENTIC-INSTALLATION.md— this is the master self-installation script - Follow the 4 phases:
- Phase 0: Detect your workspace (auto-detects stack, build system, CI/CD, git workflow)
- Phase 1: Ask the user 20 configuration questions (technology, compliance, process)
- Phase 2: Install agents, skills, documentation, and configuration files
- Phase 3: Verify the installation (check for placeholders, validate configs)
You don't need to install anything yourself. Just copy and paste this prompt into your AI agent:
I want to install the Argus framework in this workspace.
Please do the following:
1. Read this README.md file fully to understand what Argus is.
2. Read AGENTIC-INSTALLATION.md carefully — it is the master self-installation script.
3. Follow AGENTIC-INSTALLATION.md step by step:
- Phase 0: Analyze this workspace silently and create a detection summary
- Phase 1: Ask me the configuration questions listed in the guide
- Phase 2: Install the 5 agents, 12 skills, documentation, and AGENTS.md
- Phase 3: Verify everything (check no {{PLACEHOLDER}} markers remain)
4. Create checkpoint files in .argus-installation/ after each phase.
5. Do not skip any steps.
6. If you get stuck or lose context, re-read the latest checkpoint file and the current phase.
The framework files are in this repository:
- .agents/agents/ — agent definitions
- .agents/skills/ — skill definitions
- .agents/rules/AGENTS-TEMPLATE.md — template for AGENTS.md
- .agents/docs/ — documentation templates
Install Argus now.
If you prefer, you can also clone Argus into your project manually and then ask the agent to install it:
# Option A: Clone Argus as a reference in your workspace
git clone https://github.com/tecnosor/argus-framework.git argus
# Option B: Copy the framework files into your project
cp -r argus/.agents/ ./.agents/
cp -r argus/AGENTIC-INSTALLATION.md ./AGENTIC-INSTALLATION.md
# Then open AGENTIC-INSTALLATION.md in your agent and paste the prompt above.After installation, your workspace will contain:
📦 your-project/
├── .agents/
│ ├── agents/ # 5 agent definitions (orchestrator, backend-dev, frontend-dev, reviewer, testing)
│ ├── skills/ # 12 skill folders with SKILL.md
│ ├── rules/ # AGENTS-TEMPLATE.md (project rules)
│ ├── docs/ # 6 documentation templates
│ └── memory/ # Persistent session memory directories
├── AGENTS.md # Project-specific rules (generated from template)
└── AGENTIC-INSTALLATION.md # This master installation guide
Argus is designed to be agent-agnostic. It works with any AI coding agent platform:
| Platform | Status | Notes |
|---|---|---|
| OpenCode | ✅ Full | Native .agents/ support, opencode.json integration |
| Cursor | ✅ Full | .cursorrules generation, .cursor/ directory |
| Windsurf | ✅ Full | .windsurfrules generation |
| Cline | ✅ Full | .clinerules generation |
| Aider | ✅ Full | .agents/ directory supported |
| Generic | ✅ Full | Any agent that reads AGENTS.md and .agents/ |
Argus supports the major banking and financial regulations:
| Framework | Checks | Coverage |
|---|---|---|
| OWASP Top 10 | A01-A10 vulnerability scanning | All code changes |
| GDPR | Data protection, PII handling, encryption, audit | All data processing |
| DORA | ICT resilience, incident reporting, third-party risk | All ICT dependencies |
| MiCA | Crypto-asset disclosures, consumer protection, stablecoin rules | Crypto projects |
| PSD2 | Strong authentication, API security, transaction monitoring | Payment services |
| PCI-DSS | Card data encryption, access control, network security | Payment processing |
User: "Add 2FA to our login system"
↳ Orchestrator (1st Eye)
Phase 0: Detects session state
Phase 1: Asks user (which MFA method? recovery codes? backup?)
Phase 2: Creates Jira issue PROJ-001: "Implement 2FA"
Phase 3: Defines technical spec (API contracts, DB schema, UI flows)
↳ Backend Developer (2nd Eye)
Phase 4: Implements TOTP service, backup codes, recovery flow
Loads: git-flow, secure-coder, test-driven, build-check
↳ Frontend Developer (3rd Eye)
Phase 4: Implements QR code display, OTP input, recovery UI
Loads: git-flow, ui-ux, test-driven, build-check
↳ Testing (5th Eye)
Phase 5: Tests TOTP generation, validation, recovery, UI flows
Loads: test-driven, build-check, secure-coder, owasp-top10
↳ Reviewer (4th Eye)
Phase 6: Reviews OWASP Top 10, GDPR compliance, coding standards
Loads: owasp-top10, gdpr, dora, mica, psd2, pci-dss (as applicable), secure-coder, code-review
↳ Orchestrator
Phase 7: Closes Jira issue, updates session memory
↳ User: "2FA implemented and reviewed. All 5 eyes passed."
After installation, Argus generates these project-specific documents:
| Document | Purpose |
|---|---|
AGENTS.md |
Project rules — technology stack, conventions, build commands |
architecture.md |
System architecture overview and layer diagram |
coding-standards.md |
Naming conventions, code quality rules, git workflow |
security-policy.md |
Authentication, encryption, data classification, incident response |
database-schema.md |
DB conventions, migration rules, entity definitions |
ui-ux-guidelines.md |
Design system, accessibility, responsive design, performance |
api-standards.md |
REST conventions, error handling, versioning, pagination |
Argus maintains persistent session state for each agent:
.agents/memory/
├── .orchestrator/
│ └── 2026-06-12_14-30-2fa-implementation/
│ └── memoria.md # Session state, phases, tasks, blockers
├── .backend-dev/
│ └── 2026-06-12_14-30-2fa-implementation/
│ └── memoria.md # Files changed, decisions, tests
├── .frontend-dev/
├── .reviewer/
└── .testing/
Interruptions are safe. If a session is interrupted, the next invocation of the Orchestrator detects the prior state and offers to resume from the exact phase where it left off.
Argus is designed to be extended. To add a new skill:
- Create
.agents/skills/your-skill/SKILL.md - Add YAML frontmatter with
name,description,compatibility - Write the skill instructions following the existing format
- Reference it in the relevant agent definitions
To add a new agent:
- Create
.agents/agents/your-agent.md - Add YAML frontmatter with
description,mode,model,permissions - Write the system prompt with specific responsibilities
- Reference the agent in the Orchestrator's delegation rules
This project is released under the MIT License — completely free to use with recognition.
You are free to:
- Use it for any purpose (commercial or non-commercial)
- Modify it in any way
- Distribute it anywhere
- Use it privately or publicly
- Use it in proprietary projects
Recognition required: You must include the copyright notice and license text in any copy or substantial portion of the software.
This is the standard license of the open source community. The Argus team trusts the community to build, improve, and share.
See LICENSE for the full text.
Argus — Greek: Ἄργος, meaning "all-seeing." Argus Panoptes was a giant with 100 eyes, who watched over the nymph Io. In the myth, Argus was never fully asleep — always watching, always vigilant.
In software, every line of code is a promise. Every merge is a risk. Argus never sleeps — so your compliance doesn't have to.
"Five eyes. Seven phases. Zero compliance violations."
Alfonso Soria Muñoz. Tecnosor 2026