What Gets Enforced
What Gets Enforced¶
Every request through the gateway is evaluated by the Xybern enforcement engine before being forwarded to the provider. The same policies, trust scoring, and escalation flow used by the SDK apply here, zero configuration changes needed.
| Signal | Description |
|---|---|
| Active policies | Every active policy in the workspace is evaluated against the request content and agent identity. |
| Trust scoring | Metadata, LLM signal, and behavioural history combine into a real-time trust score per request. |
| Behavioural anomaly | Rate spikes, novel action types, unusual hours, and magnitude outliers are flagged automatically. |
| Human-in-the-loop | High-risk requests are held and return an escalate decision until a human approves or rejects in Authorisation Layer. |
| Vault logging | Every decision is written to the tamper-evident vault with full request metadata. |
Decision responses¶
When a request is blocked or escalated, the gateway returns a response in the provider's native format so the agent can handle it without any special-case logic:
// Blocked — returned as a normal chat completion with refusal content
{
"id": "chatcmpl-xybern-block-...",
"choices": [{
"message": {
"role": "assistant",
"content": "[BLOCKED by Xybern policy] Action blocked: ...",
"xybern_decision_id": "dec_..."
}
}]
}
// Escalated — held for human review
{
"choices": [{
"message": {
"content": "[ESCALATED] Action held for human approval. Escalation ID: esc_...",
"xybern_decision_id": "dec_...",
"xybern_escalation_id": "esc_..."
}
}]
}