Glossary

Governance gate

A single decision point that allows, holds, or blocks a proposed agent action.

category ▸ Governance

audit/verify
#101hash ✓#102hash ✓#103hash ✓#104hash ✓#105hash ✓
head 0x9f3a…c1ok: true
verifyChain ▸ chained SHA-256 · signed receipts
What it means

Governance gate, in plain language.

A governance gate is a checkpoint in the path of an agent action that returns one of three verdicts: allow, require approval (hold), or deny. Gates compose — an action may pass identity but fail budget, or pass policy but be held for human oversight — and the most restrictive verdict wins.

Gates are what make governance enforceable rather than advisory. A written policy that lives in a document constrains nothing; a gate that refuses to execute the action constrains everything. The value of a gate is that its verdict is deterministic, testable, and recorded — you can reproduce why a decision was made.

In Cortex

How Cortex implements it.

This term isn't abstract here — it maps to a real capability in the runtime. Here is exactly how Cortex enforces or relates to it.

Governance

Cortex composes several gates over every run. Policy-as-Code resolves allow / deny / require_approval with most-restrictive-wins precedence; Oversight Modes can only tighten the decision; cost governance blocks an over-budget run; and the MCP Gateway screens every tool call.

Each gate emits a concrete verdict — for example 403 on a restricted read, 402 over a hard cap, or 409 when an action is held for approval — and that verdict, with its matched rule and reason, is written to the Trust Ledger.

See Governance gate enforced, not just defined.

Book a walkthrough and watch the controls in this glossary return real verdicts, seal real evidence, and trace every fact back to its source.