Glossary

Governed runtime

The execution layer where every agent action passes a policy gate before it can run.

category ▸ Governance

audit/verify
#101hash ✓#102hash ✓#103hash ✓#104hash ✓#105hash ✓
head 0x9f3a…c1ok: true
verifyChain ▸ chained SHA-256 · signed receipts
What it means

Governed runtime, in plain language.

A governed runtime is the environment an AI agent executes inside that treats every action as a request to be authorized, not a step to be assumed. Instead of letting a model call tools, read data, and write changes freely, a governed runtime intercepts each proposed action and decides — against policy, identity, budget, and oversight rules — whether it may proceed, must wait for a human, or is refused outright.

The distinction matters because most AI failures are not bad answers; they are correct-looking actions taken without authority: an over-broad data read, an unapproved payout, a tool call outside an agent's remit. A governed runtime turns those from silent risks into explicit, recorded decisions, so the question is never "what did the agent do?" but "what was it allowed to do, and who said so?"

In Cortex

How Cortex implements it.

This term isn't abstract here — it maps to a real capability in the runtime. Here is exactly how Cortex enforces or relates to it.

Governance

Cortex is a governed runtime. Every agent run flows through the same chain of fail-closed gates — Agent IAM, Policy-as-Code, Oversight Modes, cost caps, and the MCP Gateway — and each verdict is sealed into the Trust Ledger.

Because governance is enforced at the gate rather than bolted on as a review step, the controls hold whether the agent is suggesting, drafting, or acting autonomously — and a denial returns a real status code (402 / 403 / 409 / 451), never a quiet pass.

See Governed runtime enforced, not just defined.

Book a walkthrough and watch the controls in this glossary return real verdicts, seal real evidence, and trace every fact back to its source.