Module 2: Control & Enforcement
Policy decides. Humans approve. Runtime proves
Every AI action governed by policy, approved by a human, and proven by a tamper-evident runtime feed. Kill Switch for emergency halt. Protocol-level gateways for MCP, A2A, ACP, and Memory.
Author once. Enforce everywhere.
Write policies in YAML or JSON, simulate against historical traffic, and promote through the Approval Queue before runtime enforcement. Every policy change is immutably recorded.
Four pillars. One enforcement model.
Approval Queue
Human-in-the-loop for sensitive policy changes and high-risk AI actions. No change ships without an authorised human sign-off. RBAC-controlled, SLA-tracked.
Runtime Feed
Tamper-evident, hash-chained feed of every runtime decision. Authority Decisions and Runtime Violations captured immutably as they happen.
Kill Switch
Emergency halt for any AI system in your estate. One action, immediate enforcement at the protocol layer, full audit trail attached to the event.
Identity & Trust
DID-JWS and SPIFFE anchors for non-human identity. Delegation Grants enforce least-privilege: every agent acts only within its authorised scope.
Internal Copilot
Advisory, not autonomous.
The Internal Copilot provides policy guidance and enforcement recommendations without taking action. It advises on risk classification, suggests policy templates, and helps operators navigate the Control surface. Every suggestion logged.
- Policy template recommendations based on framework requirements
- Risk classification guidance for new AI systems
- Advisory mode only: humans always decide
Protocol Gateways
Enforcement at the protocol layer.
Protocol-level enforcement across every agent communication channel. The MCP Control Gateway intercepts, inspects, and enforces policy on MCP traffic. Paired with A2A, ACP, and Memory gateways for complete protocol coverage.
Model Context Protocol enforcement.
Inspect, allow, or block MCP requests before they reach the model. Full audit trail per request.
Agent-to-agent and agent-to-compute.
Policy enforcement on agent communication and compute delegation. Delegation Grants scope every interaction.
Context window governance.
Control what enters and persists in agent memory. Prevent context poisoning and data exfiltration via memory channels.
Four protocol gateways. Every agent communication channel governed.
Approval Queue
Humans stay in the loop. Always.
The Approval Queue routes every sensitive policy change and high-risk AI action to a designated human approver. No change ships without a sign-off. Every approval is timestamped and appended to the immutable audit log.
- Configurable approval thresholds per policy type
- RBAC-controlled: only authorised roles can approve
- Per-severity SLAs: Critical 4h, High 24h, Medium 7d
Every runtime decision. Tamper-evident.
The Runtime Feed captures every Authority Decision and Runtime Violation as it happens: hash-chained, immutable, and immediately surfaced to your operations team.
Kill Switch
When you need to stop. Now.
The Kill Switch halts any AI system immediately. One action, enforced at the protocol layer, with a full audit trail attached to the event. For the regulatory incident, the critical finding, or the scenario you hope never happens.
- Immediate enforcement at MCP/A2A/ACP/Memory gateways
- Full audit trail: who triggered it, when, and why
- RBAC-controlled: only authorised roles can trigger
Policies originate from frameworks.
The policies you enforce here are authored in Govern, where 12 frameworks and 120 controls define what "compliant" means for your estate.