governance
Policy Engine
The pure-function authorization layer that decides every spend before the wallet signs anything. No LLM in this path.
The Policy Engine is the deterministic gate between an agent's proposal and any actual spend. It evaluates per-call, per-mission, and per-day budget caps; vendor allow/block lists; data sensitivity ladders; and human-approval rules. The engine is a pure function — same input always returns the same decision — which is why we can hash-chain its decisions into the audit ledger.
The architectural rule: the Policy Engine has no LLM dependency. The pattern audit (tools/audit.ts) refuses any code change that imports an LLM client into the policy or wallet modules.
Related
- Mission— A goal + budget + policy bundle that an agent (or a user) submits to Mission Control. The unit of work that gets quoted, paid for, verified, and audited.
- Wallet Kill Switch— An operator-tripable circuit that halts every paid call across the org until cleared. Two layers: env-locked and runtime-API.
Where this term shows up
Blog