Skip to content

Overview

Authorisation

Pre-execution AI governance layer that intercepts every AI action before it reaches any real system. Enforces policies, manages agent trust, and records immutable audit trails.

Info

ℹ️ How it works: Your AI agents call /v1/enforce/intercept before executing any action. The control plane evaluates policies, checks agent trust, and returns allow , block , or escalate . Every decision is recorded in the Authorisation Layer Vault hash chain.

Architecture

Agent wants to execute_trade
POST /v1/enforce/intercept  (+ optional signed_assertion for identity)
┌──────────────────────────────────────┐
│  Identity Verification  (< 1ms)       │  ← Ed25519 sig + Redis nonce dedup
└──────────────────────────────────────┘
┌──────────────────────────────────────┐
│  Policy Engine                        │  ← All active policies evaluated
│  • action_type  - name matching       │
│  • threshold    - trust level         │
│  • content      - regex patterns      │
│  • temporal     - hours / days        │
│  • chain        - delegation depth    │
│  • identity     - DID / scope rules   │
│  • metadata     - field comparisons   │  ← notional_usd > 100k, ticker == X, …
│  • semantic     - LLM-judged intent   │  ← catches paraphrase / obfuscation
│  • composite    - AND / OR combiner   │
└──────────────────────────────────────┘
┌──────────────────────────────────────┐
│  Decision                             │
│  allow    → fast path (~5ms)          │
│  block    → fast path (~5ms)          │
│  escalate → human review queue        │
└──────────────────────────────────────┘
Vault entry + decision returned to SDK / caller

Decision Paths

Path Latency Description
fast ~5ms Policy directly blocks or allows, no LLM call
standard 3-5s Full LLM verification runs against the action content
escalation , Action held for human review in the escalation queue

Policies are not static rule-matching

Xybern policies adapt at runtime — adaptive agent trust, full LLM verification on the standard path, behavioural baselining, and shadow-mode measurement — and the semantic policy type judges an action's intent against a plain-English rule, catching paraphrase and obfuscation that regex cannot. You can author policies in plain English and backtest them against real history before they go live. See Semantic Policies & Natural-Language Authoring.