Governance · Runtime enforcement

The decision arrives before the action does.

Every agent action evaluated against the applicable rule pack at runtime. Sub-15ms p95 on customer infrastructure (loopback). 12 enforced layers + 5 jurisdictional packs in one synchronous call.

The flow

/api/protect — one call, full evaluation.

01

Action submitted

Agent posts intended action + agent_id (passport-bound)

02

Pack lookup

Jurisdiction + risk classification select rule pack(s)

03

12 layers run

Identity → input sanitiser → tool sandbox → data protection → behavioural → …

04

Decision returned

ALLOW · WARN · BLOCK + reason_codes + Ed25519 signature

POST /api/protect
{
  "agent_id": "agent_b3a9f1...",
  "action": "send_email",
  "target": "external_address",
  "context": { "contains_pii": true }
}

→ {
  "decision": "BLOCK",
  "reason_codes": ["GDPR_ART5_DATA_MINIMISATION_MISSING", "EU_AI_ACT_ART26_HUMAN_OVERSIGHT_MISSING"],
  "layers_checked": 12,
  "latency_ms": 6.3,
  "signature": "ed25519:..."
}
Real reason_codes

No abstract policy. Specific, grep-able codes.

Every BLOCK and WARN decision returns the codes that fired. Operators can pin alerts on specific codes; auditors can grep the audit log to prove a rule was enforced. Codes are stable identifiers, not human-readable prose.

EU_AI_ACT_ART26_HUMAN_OVERSIGHT_MISSINGHigh-risk deployer obligation: human oversight missing for the action.
EU_AI_ACT_AUDIT_TRAIL_MISSINGAction attempted without an audit-log destination configured.
EU_AI_ACT_ART12_AUDIT_RETENTION_INSUFFICIENTRetention period below Art. 12 floor for the deployment's risk tier.
EU_AI_ACT_ATTESTATION_TIER_INSUFFICIENTCapability attestation tier from the model provider doesn't meet the policy bundle.
GDPR_ART5_DATA_MINIMISATION_MISSINGAction processes more personal data than the stated purpose justifies.
GDPR_ART22_HUMAN_REVIEW_MISSINGAutomated decision with significant effect; human-review path not configured.
GDPR_ART25_PRIVACY_BY_DESIGN_MISSINGPipeline lacks privacy-by-design controls expected for the data class.
NIST_RMF_GOVERN_RISK_ASSESSMENT_MISSINGGovern function: documented risk assessment not present for the deployment.
NIST_RMF_MANAGE_INCIDENT_RESPONSE_MISSINGManage function: incident response runbook not registered with the operator.
SG_MGAIF_HUMAN_INVOLVEMENT_TIER_INSUFFICIENTSingapore MGAIF: human-involvement tier below the action's risk classification.
SG_MGAIF_DATA_PROVENANCE_MISSINGData provenance attestation absent for the input or training corpus.
SG_MGAIF_EXPLAINABILITY_OBLIGATION_MISSINGExplainability obligation not met for the decision class.
ZA_POPIA_S17_INFORMATION_OFFICER_MISSINGSouth Africa POPIA: registered information officer absent for the operator.
ZA_POPIA_S36_LAWFUL_BASIS_MISSING_FOR_SPECIAL_CATEGORYSpecial-category data processed without the lawful basis required by s36.
ZA_POPIA_S72_CROSS_BORDER_ADEQUACY_BASIS_MISSINGCross-border transfer attempted without an adequacy basis under s72.
Layers × packs

Each layer can be triggered by any pack.

Rule packs declare which layers they read. L10 Data Protection is invoked by GDPR (Art. 5, 25), EU AI Act (Art. 10), and POPIA (s17, s36). L14 Confidence Scoring by EU AI Act (Art. 14) and GDPR (Art. 22). L4 Agent Police by NIST RMF Govern + Manage and EU AI Act Art. 9 + 72.

Operators see WHICH layer enforced WHICH pack rule in the response — not a black-box decision, but a traceable chain.

See the audit trail →