EU AI Act self-assessment1,328 tests · 0 deps · MIT

Runtime
governance for
AI agent fleets.

Enforce policy before action, detect injection inline, and audit every decision on a tamper-evident chain. Open source SDK with a hosted control plane.

Get started

45 exports

11 adapters

1,328 tests

0 deps

governance.ts

Mastra

Vercel AI SDK

LangChain

OpenAI Agents

Anthropic

Genkit

LlamaIndex

Mistral

Ollama

MCP

Bedrock

Mastra

Vercel AI SDK

LangChain

OpenAI Agents

Anthropic

Genkit

LlamaIndex

Mistral

Ollama

MCP

Bedrock

See all adapters →

Before / After

3 lines to governed agents

Drop into any TypeScript agent framework. No config files, no external services, no runtime dependencies.

Before — ungoverned

const agent = new Agent({
  tools: [shellExec, dbDrop, emailSend],
});

// No policy checks
// No audit trail
// No compliance mapping
// No kill switch
await agent.run("delete all user data");
// 🔴 Executes. No questions asked.

After — governed

import { createGovernance, blockTools, requireApproval } from "governance-sdk";

const gov = createGovernance({
  rules: [
    blockTools(["shell_exec", "db_drop"]),
    requireApproval(["payment"]),
  ],
});

const agent = await gov.register({
  name: "sales-agent", tools: [...],
});
// → { id: "...", score: 82, level: 4, status: "active" }

const r = await gov.enforce({
  agentId: agent.id, tool: "shell_exec",
});
// ✅ r.decision === "blocked" — stopped before execution
// ✅ Audit event written to HMAC chain
// ✅ EU AI Act Article 12 satisfied

How it works

Governance in 4 steps

From install to fully governed fleet in under 5 minutes. No external services. No configuration files. Just TypeScript.

Register your agents

Call gov.register() once at startup. The SDK computes a 7-dimension governance score and assigns a trust level (L0–L4). No external service. No API key.

const agent = await gov.register({
  name: "payment-agent",
  framework: "mastra",
  tools: ["check_balance", "send_invoice"],
  hasAuth: true, hasGuardrails: true,
});
// → { id: "...", score: 82, level: 4, status: "active" }

Policy

Define policies

13 condition types. Boolean combinators. Priority-ordered evaluation. Block tools, require levels, gate payments behind human approval — all in TypeScript.

import { createGovernance, blockTools, requireApproval } from 'governance-sdk';

const gov = createGovernance({
  rules: [
    blockTools(['shell_exec', 'db_drop']),
    requireApproval(['payment']),
  ],
});

Enforce

Enforce before every call

gov.enforce() runs inline — same process, same event loop, before the tool executes. No network round-trip. Returns allow or block with the matching rule. Automatically writes to the HMAC audit chain.

const decision = await gov.enforce({
  agentId: agent.id,
  tool: "wire_transfer",
  params: { amount: 50000, to: "external" },
});

if (decision.blocked) {
  // Stopped. Rule: "payment-gate". Logged.
}
// Allowed → execute tool

Audit

Audit everything

Every enforce() decision is written to an HMAC-SHA256 hash-chained audit trail. Modify any event — the chain breaks. chain.verify() detects tampering at the exact index.

const { valid, brokenAt } = chain.verify();
// valid: true (or false + exact tamper location)

const report = chain.export();
// { events: [...], verified: true,
//   exportedAt: "2026-03-09T..." }
// → Share with auditors. EU AI Act Article 12 ✓

1,328

tests passing

external deps

condition types

6/6

EU AI Act articles

One job: govern agent actions

Runtime policy enforcement with auditability and compliance built in. Not guardrails — governance.

Core

Before-Action Enforcement

Every tool call passes through enforce()before execution. 13 condition types with boolean combinators, priority-ordered evaluation. Synchronous, in-process, no network round-trip. This is the entire product — everything else serves it.

tool_blockedrequire_approvalrate_limittoken_limitagent_leveltool_sequencetime_windowany_ofall_ofnot

Auditability

HMAC Audit Trail

SHA-256 hash-chained event log. Modify any event — the chain breaks. Tamper-evident by default.

chain.verify() → {valid, brokenAt}

chain.export() → auditor-ready JSON

Defense

Injection Detection

54 regex patterns across 7 categories. Synchronous, in-process. Block prompt injection before it reaches your agent. Plug in an ML classifier for higher recall.

instruction_overriderole_manipulationcontext_escapedata_exfiltrationencoding_attacksocial_engineeringobfuscation

Compliance

EU AI Act Mapping

Map governance posture against 6 articles. Built-in gap analysis with remediation steps.

Art. 9

Risk management

Art. 11

Technical docs

Art. 12

Record-keeping

Art. 14

Human oversight

Art. 15

Accuracy

Art. 50

Transparency

7-Dimension Scoring

Identity, permissions, observability, guardrails, auditability, compliance, lifecycle. Score 0–100, levels L0–L4.

Kill Switch

Agent going rogue? One call kills it. Fleet-wide? Kill them all. Priority 999 overrides everything.

8 Policy Presets

blockTools, requireApproval, rateLimit, tokenBudget, requireLevel, requireSequence, timeWindow, allowOnlyTools.

Interactive Playground

See governance in action

No signup, no backend — everything runs client-side with the real SDK logic.

Policy Enforcement

Block tools, require approval, enforce levels

Pick a scenario or build your own:

enforce.ts

const decision = await gov.enforce({
  agentId: 'sales-agent-01',
  action: 'tool_call',
  tool: 'shell_exec',
});

Read the docs

Framework Adapters

Works with your stack

First-class adapters for the major JS agent frameworks. One import. Zero config.

Featured

Specialty

Storage Backends

In-Memory

createMemoryStorage()Built-in default. 10K event capacity. Zero config.

PostgreSQL

governance-sdk/storage-postgresProduction-ready. Auto-migrate. Custom table prefix.

Built for production

Governance where it matters

In-process enforcement that deploys anywhere your agents run — cloud, edge, or air-gapped.

Financial Services

Block unauthorized wire transfers before execution. Tamper-evident HMAC audit chain supports SOX-style review requirements.

payment_sendwire_transferaccount_close

requireApproval + blockTools

Healthcare

Zero-dependency deployment into regulated environments. HIPAA-aligned policy templates (BAA not offered — self-host if required).

patient_lookupprescription_writerecord_export

requireLevel(3) + timeWindow

Developer Platforms

Govern agent tool access across multi-tenant SaaS. Per-tenant policy isolation.

shell_execdeploydb_migrate

requireSequence + tokenBudget

MIT LicenseTypeScript-nativeZero dependenciesEdge-compatibleHMAC-SHA256 auditTree-shakeable

FAQ

Questions developers actually ask

No fluff. Direct answers to the objections we hear most.

Still have questions? Ask on GitHub Discussions or email us.

Ship governed agents today.

One import. Zero dependencies. Runtime enforcement in-process, no network round-trip. Start governing in 5 minutes.

1,328 tests·0 dependencies·TypeScript-native·MIT license

Runtimegovernance forAI agent fleets.

3 lines to governed agents

Governance in 4 steps

Register your agents

Define policies

Enforce before every call

Audit everything

One job: govern agent actions

Before-Action Enforcement

HMAC Audit Trail

Injection Detection

EU AI Act Mapping

7-Dimension Scoring

Kill Switch

8 Policy Presets

See governance in action

Works with your stack

Governance where it matters

Questions developers actually ask

Does this add latency to my agent?

I'm already using LangChain / Vercel AI SDK / Mastra. Do I have to rewrite anything?

What's the difference between this and a prompt guard / content filter?

Is this MIT licensed? Can I use it in a commercial product?

Does it work in edge runtimes (Cloudflare Workers, Vercel Edge, Deno Deploy)?

What happens if enforcement fails (throws)?

How does the HMAC audit chain compare to just appending to a database?

Can I use this without any database? What about testing?

How accurate is the built-in injection detection?

Is the kill switch actually fleet-wide?

Does the EU AI Act module make me compliant?

What's actually free vs Cloud-only?

Ship governed agents today.

Runtime
governance for
AI agent fleets.