Overview
Authorisation¶
Pre-execution AI governance layer that intercepts every AI action before it reaches any real system. Enforces policies, manages agent trust, and records immutable audit trails.
Info
ℹ️ How it works: Your AI agents call /v1/enforce/intercept before executing any action. The control plane evaluates policies, checks agent trust, and returns allow , block , or escalate . Every decision is recorded in the Authorisation Layer Vault hash chain.
Architecture¶
Agent wants to execute_trade
↓
POST /v1/enforce/intercept (+ optional signed_assertion for identity)
↓
┌──────────────────────────────────────┐
│ Identity Verification (< 1ms) │ ← Ed25519 sig + Redis nonce dedup
└──────────────────────────────────────┘
↓
┌──────────────────────────────────────┐
│ Policy Engine │ ← All active policies evaluated
│ • action_type - name matching │
│ • threshold - trust level │
│ • content - regex patterns │
│ • temporal - hours / days │
│ • chain - delegation depth │
│ • identity - DID / scope rules │
│ • metadata - field comparisons │ ← notional_usd > 100k, ticker == X, …
│ • semantic - LLM-judged intent │ ← catches paraphrase / obfuscation
│ • composite - AND / OR combiner │
└──────────────────────────────────────┘
↓
┌──────────────────────────────────────┐
│ Decision │
│ allow → fast path (~5ms) │
│ block → fast path (~5ms) │
│ escalate → human review queue │
└──────────────────────────────────────┘
↓
Vault entry + decision returned to SDK / caller
Decision Paths¶
| Path | Latency | Description |
|---|---|---|
fast |
~5ms | Policy directly blocks or allows, no LLM call |
standard |
3-5s | Full LLM verification runs against the action content |
escalation |
, | Action held for human review in the escalation queue |
Policies are not static rule-matching¶
Xybern policies adapt at runtime — adaptive agent trust, full LLM verification on the standard path, behavioural baselining, and shadow-mode measurement — and the semantic policy type judges an action's intent against a plain-English rule, catching paraphrase and obfuscation that regex cannot. You can author policies in plain English and backtest them against real history before they go live. See Semantic Policies & Natural-Language Authoring.