Understanding Governance

Every action an AI agent takes in the Vorion ecosystem passes through a six-stage governance pipeline. This article explains each stage, how they connect, and what happens at each step.

The Pipeline

Agent Request
    │
    ▼
┌──────────┐
│  INTENT  │  Parse what the agent wants to do
└────┬─────┘
     │
     ▼
┌──────────┐
│  BASIS   │  Look up canonical rules and thresholds
└────┬─────┘
     │
     ▼
┌──────────┐
│ ENFORCE  │  Apply policy: allow, deny, escalate, degrade
└────┬─────┘
     │
     ▼
┌──────────────┐
│  COGNIGATE   │  Execute the decision with capability gating
└────┬─────────┘
     │
     ▼
┌──────────┐
│  PROOF   │  Record immutable, hash-chained proof
└────┬─────┘
     │
     ▼
┌──────────────────┐
│  TRUST ENGINE    │  Update trust score based on outcome
└──────────────────┘

Each stage is a distinct package in the Vorion monorepo. They are designed to operate independently (you can use ENFORCE without Cognigate) or as a complete pipeline.

---

Stage 1: INTENT

The Intent stage parses what an agent is trying to do and classifies it.

import { parseIntent } from '@vorionsys/enforce';

const intent = parseIntent({
  agentId: 'agent-042',
  action: 'write',
  resource: 'database/customers',
  context: {
    description: 'Update customer email addresses from CSV import',
  },
});

console.log(intent);
// {
//   agentId: 'agent-042',
//   action: 'write',
//   resource: 'database/customers',
//   riskLevel: 'MEDIUM',       // auto-classified based on action + resource
//   riskMultiplier: 5,
//   capabilities: ['write:database'],
//   timestamp: '2026-04-02T...',
// }

Key behaviors:

• Action classification: read maps to READ risk, write maps to MEDIUM or higher depending on the resource.
• Resource scoping: The resource path determines which capabilities are required.
• Risk auto-classification: Physical capabilities (e.g., controlling hardware) are automatically classified as HIGH or CRITICAL.

---

Stage 2: BASIS

BASIS is the canonical rule set. The ENFORCE engine looks up the relevant parameters from canonical.ts:

• What trust tier does this agent occupy?
• What is the minimum trust threshold for this risk level?
• Is the agent in a lifecycle state that allows this operation?
• Has the agent's circuit breaker been tripped?
• Is the agent in a cooldown period for this risk level?

import { TRUST_THRESHOLDS_BY_RISK, RISK_LEVELS } from '@vorionsys/basis';

// For a MEDIUM risk action, the agent needs at least trust score 400
const minTrust = TRUST_THRESHOLDS_BY_RISK['MEDIUM']; // 400
const riskMultiplier = RISK_LEVELS['MEDIUM'].multiplier; // 5
const cooldownHours = RISK_LEVELS['MEDIUM'].cooldownHours; // 6

Trust thresholds by risk level:

| Risk Level | Min Trust | Multiplier | Cooldown | |---------------|-----------|------------|----------| | READ | 0 | 1 | 0h | | LOW | 200 | 3 | 0h | | MEDIUM | 400 | 5 | 6h | | HIGH | 600 | 10 | 12h | | CRITICAL | 800 | 15 | 24h | | LIFE_CRITICAL | 951 | 30 | Human |

---

Stage 3: ENFORCE

The ENFORCE engine evaluates the intent against the agent's current state and produces one of four decisions:

import { enforce } from '@vorionsys/enforce';

const decision = await enforce({
  intent,
  agentTrustScore: 520,
  agentTier: 3,
  agentLifecycle: 'ACTIVE',
  observationTier: 'GRAY_BOX',
  riskAccumulatorValue: 45,
});

console.log(decision);
// {
//   result: 'ALLOW',           // ALLOW | DENY | ESCALATE | DEGRADE
//   reasoning: 'Agent trust 520 meets MEDIUM threshold 400',
//   grantedCapabilities: ['write:database'],
//   conditions: ['audit_log_required'],
//   cooldownApplied: false,
// }

Decision Types

| Decision | Meaning | |------------|------------------------------------------------------------| | ALLOW | Agent has sufficient trust. Action proceeds. | | DENY | Insufficient trust or blocked state. Action is rejected. | | ESCALATE | Action requires human approval. Queued for HITL review. | | DEGRADE | Partial access granted with reduced capabilities. |

What Triggers Each Decision

DENY happens when:

• Agent trust is below the risk threshold.
• Agent lifecycle state is SUSPENDED, TRIPPED, RETIRED, or VANQUISHED.
• Circuit breaker is tripped (trust < 100).
• Agent is in cooldown for this risk level.

ESCALATE happens when:

• The action is LIFE_CRITICAL (always requires human approval).
• The agent is in DEGRADED lifecycle state and requesting write access.
• The risk accumulator exceeds the warning threshold (60).

DEGRADE happens when:

• The agent has partial trust coverage (e.g., trust 550 for a HIGH action that normally requires 600, but read-only access is possible).
• The agent is in AUDITED state (enhanced monitoring, but operational).

---

Stage 4: COGNIGATE

Cognigate is the enforcement gateway. It sits between the agent and the external world, applying the ENFORCE decision in real time.

import { Cognigate } from '@vorionsys/cognigate';

const client = new Cognigate({
  apiKey: process.env.COGNIGATE_API_KEY!,
});

// Single call: parse intent + enforce + execute
const { intent: parsedIntent, result } = await client.governance.evaluate(
  'agent-042',
  'Update customer email addresses from the imported CSV'
);

if (result.decision === 'ALLOW') {
  // Proceed with the action
  await performDatabaseUpdate();
  // Report success to build trust
  await client.signals.report(parsedIntent.id, { success: true });
} else if (result.decision === 'ESCALATE') {
  // Queue for human review
  console.log('Waiting for human approval:', result.reasoning);
} else if (result.decision === 'DEGRADE') {
  // Execute with reduced capabilities
  await performReadOnlyCheck();
} else {
  // DENY — log and move on
  console.log('Blocked:', result.reasoning);
}

Cognigate also handles:

• Capability gating: Only the granted capabilities are available.
• Timeout enforcement: Actions must complete within the allowed window.
• Signal recording: Outcomes are automatically fed back to the trust engine.

---

Stage 5: PROOF

Every governance decision is recorded as an immutable proof record in a hash chain. This provides a complete audit trail.

import { ProofChain } from '@vorionsys/proof';

const proofChain = new ProofChain({
  supabaseUrl: process.env.SUPABASE_URL!,
  supabaseKey: process.env.SUPABASE_SERVICE_ROLE_KEY!,
});

// Query proof records for an agent
const proofs = await proofChain.list('agent-042', {
  from: new Date('2026-04-01'),
  limit: 50,
});

// Each proof record contains:
// - Governance decision (ALLOW/DENY/ESCALATE/DEGRADE)
// - Intent details (action, resource, risk level)
// - Agent state at decision time (trust score, tier, lifecycle)
// - Timestamp
// - Hash linking to previous proof (chain integrity)

// Verify the chain has not been tampered with
const verification = await proofChain.verify('agent-042');
console.log('Chain integrity:', verification.valid);
console.log('Total proofs:', verification.totalRecords);

Proof records are append-only. You cannot modify or delete them. This is by design — governance decisions must be auditable after the fact, especially for regulatory compliance (EU AI Act, NIST AI RMF).

---

Stage 6: TRUST ENGINE

The final stage updates the agent's trust score based on the action's outcome.

import { createTrustEngine } from '@vorionsys/atsf-core';

const engine = createTrustEngine({ gainRate: 0.05 });

// On success: apply gain formula
// gain = 0.05 × ln(1 + C - S) × ∛R
await engine.recordSignal({
  id: crypto.randomUUID(),
  entityId: 'agent-042',
  type: 'behavioral.governance_success',
  value: 0.9,
  source: 'cognigate',
  timestamp: new Date().toISOString(),
  metadata: { riskLevel: 'MEDIUM', action: 'write' },
});

// On failure: apply loss formula
// loss = -P(T) × R × 0.05 × ln(1 + C/2)
await engine.recordSignal({
  id: crypto.randomUUID(),
  entityId: 'agent-042',
  type: 'behavioral.governance_failure',
  value: 0.1,
  source: 'cognigate',
  timestamp: new Date().toISOString(),
  metadata: { riskLevel: 'MEDIUM', action: 'write', reason: 'data_corruption' },
});

The trust engine also feeds into the circuit breaker and risk accumulator. Repeated failures trigger automatic protections without human intervention.

---

The Complete Flow in Code

Here is the entire pipeline wired together:

import { Vorion } from '@vorionsys/sdk';

const vorion = new Vorion({
  apiEndpoint: process.env.COGNIGATE_API_URL!,
});

// 1. Register (PROVISIONING → pass course → ACTIVE)
const agent = await vorion.registerAgent({
  agentId: 'pipeline-demo',
  name: 'Pipeline Demo Agent',
  capabilities: ['read:*', 'write:documents'],
});

// 2. Request a governed action (INTENT → BASIS → ENFORCE → COGNIGATE)
const result = await agent.requestAction({
  type: 'write',
  resource: 'documents/report.pdf',
});

// 3. Act on the decision
if (result.allowed) {
  await writeReport();
  await agent.reportSuccess('write');   // → TRUST ENGINE (gain)
} else {
  console.log(`Denied: ${result.reasoning}`);
  // Trust unchanged — denials do not penalize
}

// 4. Every decision is in the PROOF chain
const proofId = result.proofId;
console.log(`Proof: ${proofId}`);

---

Key Takeaways

• Six stages: INTENT → BASIS → ENFORCE → COGNIGATE → PROOF → TRUST ENGINE.
• Each stage is a separate package — use them individually or as a pipeline.
• Four possible decisions: ALLOW, DENY, ESCALATE, DEGRADE.
• Every decision is recorded in a hash-chained proof record.
• Trust updates happen automatically based on action outcomes.
• The pipeline is designed for auditability and regulatory compliance.

---

Next Steps

• Eight-Tier Model — what each trust tier permits
• Risk Levels — how actions are classified
• Deploying to Production — put the pipeline into production