Lua Governance Cloud

The hosted product that extends governance-sdk with multi-tenant isolation, RBAC, distributed kill switch, ML injection detection, durable audit, and compliance reports.

governance-sdk (MIT, open-source) is deliberately thin: policy evaluation, scoring, injection detection, audit, framework adapters — all in-process. Everything that needs shared state across a fleet lives in Lua Governance Cloud, the hosted product.

Lua Governance Cloud is not a separate npm package. It's the managed service at heygovernance.ai. Connect your SDK to it with serverUrl + apiKey on createGovernance(), or run the self-host bundle on your own infrastructure.

import { createGovernance } from 'governance-sdk';

const gov = createGovernance({
  serverUrl: 'https://api.heygovernance.ai',
  apiKey: process.env.GOVERNANCE_API_KEY!,
  fallbackMode: 'allow', // fail-open if the API is unreachable
});

const status = await gov.connect();
// → { connected: true, mode: 'remote', plan: 'pro', features: [...] }

Everything else is identical to local mode — the same enforce(), register(), audit, recordOutcome() interface. Cloud just adds the shared-state layer underneath.

What the Cloud adds

Multi-tenant + access control

Tenant isolation — namespaced policies, agents, audit, and scoring per organisation. No cross-tenant leakage.
RBAC — resource-level permissions, team roles, seat management.
Credential vault — encrypted storage for API keys, tokens, and secrets that agents need to hold.
Approval queue — human-in-the-loop workflow for require_approval policy outcomes, with Slack/email notifications.

Distributed enforcement

Distributed kill switch — Redis-backed fleet-wide halt in under 1s. The SDK's local kill switch is the last-resort brake; this is the fleet-wide real thing.
Distributed rate limits — durable counters shared across every SDK instance.
Quota enforcement — per-tenant / per-agent action + cost ceilings, enforced server-side.

ML injection detection

Prompt-Guard-2 + DeBERTa ensemble — the SDK's mlInjectionGuard preset reads ctx.mlInjectionScore; Cloud runs the classifier and populates that field. Prompt-Guard-2 for latency, DeBERTa for accuracy, ensemble for recall.
Durable eval storage — submit from inspect-ai / PyRIT / Garak; Cloud persists, charts, and diffs.

Monitoring + analytics

Anomaly detection — ML alerts on behavioural drift, unexpected tool sequences, sudden block-rate spikes.
Fleet health monitor — block rate, approval backlog, agent score distribution, audit integrity.
Score history — track composite scores over time per agent and per fleet.
Agent graph — visualise which agents call which tools and which other agents.
Fleet advisor — suggests policy tightening / loosening based on observed traffic.

Compliance + audit

Durable HMAC audit chain — the SDK's integrityAudit chain lives in-process; Cloud holds the signed chain durably in Postgres with external anchor checkpoints.
Scheduled compliance reports — EU AI Act, NIST AI RMF, ISO/IEC 42001, OWASP Agentic. PDF + JSON export.
Audit export — signed exports for external auditors or SIEM ingestion.
Webhooks — tenant events for your own pipelines (Slack, PagerDuty, SIEM).

Policy operations

Policy templates — curated rule sets for common verticals (support, code, data-access, payments).
Policy deployment pipeline — versioned, reviewed, rollback-capable policy changes across your fleet.
Policy snapshots + diff — inspect any previous policy state; diff two snapshots.
Policy overrides — tenant-specific override of template rules.

When to use the SDK alone vs. Cloud

You need	Use
Block a tool, score an agent, log an event, enforce a rate-limit that your host tracks	SDK alone (MIT, `npm install governance-sdk`)
A fleet of agents across replicas with shared kill state, durable audit, or multi-tenant isolation	SDK + Cloud (set `serverUrl` + `apiKey`)
EU AI Act / NIST / ISO compliance reports scheduled + exportable for your auditors	SDK + Cloud
ML injection detection with real recall on in-the-wild jailbreaks	SDK + Cloud (wire `ctx.mlInjectionScore` from the Cloud classifier)
Approval queue with Slack / email / PagerDuty	SDK + Cloud
Self-hosted on your own infrastructure	SDK + self-hosted Cloud (contact us)

The SDK is MIT and fully useful standalone. The Cloud only becomes necessary once you have more than one SDK instance that needs to agree on state, or once you need compliance artifacts, ML detection, or multi-tenant isolation.

Full dashboard docs

Operator docs for tenants, policy templates, ML training, incident response, and scheduled reporting live in the authenticated dashboard at /dashboard/docs (login required — sign up or book a demo).