Overview
Authorisation¶
Pre-execution AI governance layer that intercepts every AI action before it reaches any real system. Enforces policies, manages agent trust, and records immutable audit trails.
Info
ℹ️ How it works: Your AI agents call /v1/enforce/intercept before executing any action. The control plane evaluates policies, checks agent trust, and returns allow , block , or escalate . Every decision is recorded in the Authorisation Layer Vault hash chain.
Architecture¶
Agent wants to execute_trade
↓
POST /v1/enforce/intercept (+ optional signed_assertion for identity)
↓
┌──────────────────────────────────────┐
│ Identity Verification (< 1ms) │ ← Ed25519 sig + Redis nonce dedup
└──────────────────────────────────────┘
↓
┌──────────────────────────────────────┐
│ Policy Engine │ ← All active policies evaluated
│ • action_type — name matching │
│ • threshold — trust level │
│ • content — regex patterns │
│ • temporal — hours / days │
│ • chain — delegation depth │
│ • identity — DID / scope rules │
│ • metadata — field comparisons │ ← notional_usd > 100k, ticker == X, …
│ • composite — AND / OR combiner │
└──────────────────────────────────────┘
↓
┌──────────────────────────────────────┐
│ Decision │
│ allow → fast path (~5ms) │
│ block → fast path (~5ms) │
│ escalate → human review queue │
└──────────────────────────────────────┘
↓
Vault entry + decision returned to SDK / caller
Decision Paths¶
| Path | Latency | Description |
|---|---|---|
fast |
~5ms | Policy directly blocks or allows, no LLM call |
standard |
3-5s | Full LLM verification runs against the action content |
escalation |
, | Action held for human review in the escalation queue |