Authored as rules
Each rule is a condition (e.g. amountUsd >= 5000) plus an effect — allow, deny, or require_approval — and a priority. No redeploy: rules are tenant-scoped data the runtime reads on every run.
Author allow, deny, and require_approval rules in one place, simulate any decision before it goes live, and gate every change against a suite of golden policy tests — so a rule edit can never quietly change what your agents are allowed to do.
deny > require_approval > allow · simulate before ship · golden tests gate every change
Cortex governance is a set of prioritized rules — each with a condition and an effect of allow, deny, or require_approval. The runtime evaluates them in priority order on every run, and the most-restrictive effect always wins: deny beats require_approval beats allow. Because rules are data, your risk and compliance teams author and change them directly — and every change is testable before it touches a single agent.
Each rule is a condition (e.g. amountUsd >= 5000) plus an effect — allow, deny, or require_approval — and a priority. No redeploy: rules are tenant-scoped data the runtime reads on every run.
Rules apply in priority order, disabled rules are skipped, and the strictest matching effect prevails: deny > require_approval > allow. Governance defaults to caution, never to permission.
Run any context through the live rules — or an unsaved candidate set — and get the decision plus a per-rule trace, so you see exactly which rule fired and why before you save it.
Golden policy tests pin the decisions that must hold. Run them against a candidate rule set and a single failure tells you not to ship — a regression gate for governance itself.
When governance lives in scattered if-statements and prompt text, a well-meaning rule edit can quietly widen what every agent is permitted to do — and you only find out in the audit. Policy-as-Code makes the rules explicit data, lets you preview a decision before it ships, and refuses to let a change land if it breaks a single golden case. The same engine powers both the live decision and the simulation, so what you test is exactly what runs.
One pure engine — evaluateRules(rules, context) — decides every run and every simulation. That shared path is what makes a simulation trustworthy: the preview and the production decision are the same code.
Write a condition and an effect — allow, deny, or require_approval — with a priority. Lower priority evaluates first; disabled rules are skipped. Rules are tenant-scoped data, not a deploy.
POST a context to /simulate against the live rules or an unsaved candidate set. You get the effect, the matched rule, the reason, and the full per-rule trace — preview the change before it's real.
Pin known cases as golden tests (context → expected effect). Run them against the candidate rule set; a single failure means a regression — don't ship it.
Once the candidate set passes, it becomes the live policy — evaluated on every run inside the same fail-closed runtime, alongside identity, budget, and the trust ledger.
Pin a require_approval rule at amountUsd >= 5000, then simulate. A $7,400 payout returns require_approval with the matched rule and reason in the trace; a $100 payout returns allow because nothing matched. No guessing — the simulation runs the exact engine that gates production.
Send a candidate rule set to /tests/run and Cortex evaluates every golden case against it without saving a thing. A naive deny-all candidate would fail the cases that expect allow — so the gate tells you not to ship it. Pin the decisions that matter once, and no future edit can silently change them; the run endpoint is the manual gate you run on every change.
Policy-as-Code is one gate in the same fail-closed runtime as identity, actions, oversight, and the ledger. Follow the spokes.
When a rule returns require_approval, the action lands in the approval inbox — pending_approval until an admin approves, never auto-executed.
The five autonomy modes set how much an agent may execute on its own — and the risk gate is a floor policy can tighten but never loosen.
Every policy decision is recorded in a hash-chained, tamper-evident audit trail with signed, offline-verifiable receipts.
Agents are governed identities with allow-listed models and actions — policy decides per-run, identity decides per-agent.
Object, property, and action permissions give policy conditions real business meaning to evaluate against, not just raw fields.
Live rule and test counts surface as KPIs and CSV rows — watch and export the state of your policy estate in one place.
Deny-by-default evaluation, most-restrictive-wins precedence, admin-gated rule mutations, and a per-rule trace on every decision — mapped to the frameworks your auditors already use.
Put your agent governance into testable, simulatable policy — so a rule change can never quietly change what your agents are allowed to do.