Govern Claude Managed Agents Before You Deploy Them | Cromus
Anthropic shipped Claude Managed Agents — a managed harness for running Claude as an autonomous agent in cloud containers, with bash access, file operations, web search, web fetch, and MCP servers. The runtime requires the managed-agents-2026-04-01 beta header on API requests.
Cromus is the pre-execution governance layer for this new runtime. Cromus compiles SOPs into SKILL.md capability specs, validates them against ETHOS.md behavioral policies, simulates cost across Anthropic's verified pricing, and produces a Claude Managed Agent configuration object that maps directly to Anthropic's Agent endpoint shape.
The four pre-execution steps are: Compile (SOP into SKILL.md), Validate (SKILL.md against ETHOS.md), Simulate (cost and Croms score), and Deploy (compile to JSON config for Anthropic's Agent endpoint). Each step produces an audit-ready artifact that travels with the agent.
Cromus's three open specs do specific jobs in this flow. SKILL.md is the capability definition — what the agent is supposed to do. ETHOS.md is the behavioral policy — what the agent must and must not do. MEMORY.md is the portability contract — what the agent remembers between sessions and what travels when the agent is replaced or moved. All three are open, free, and validator-checkable. They are designed to ingest into any agent runtime — Claude Managed Agents, Replit Agents, AgentSkills.io, OpenClaw, custom infrastructure.
Runtime governance secures agents that are already deployed. Pre-execution governance happens before any of that — before the SOP becomes a skill, before the skill becomes an agent definition, before the agent definition becomes a deployed container. Most preventable workflow waste and most preventable governance failure gets locked in at the pre-execution stage. Cromus is where you decide what those rules are.