Skip to main content

Governance

Governance is how you put guardrails around what agents (and the people operating them) are allowed to do, and how you prove after the fact what happened. These are Team/Enterprise plan features (and available in Enterprise self-hosted and Cloud).

info

Governance features are part of Splyntra Enterprise and the Team/Enterprise cloud plans. They are layered onto the open core through build-time registration and expose endpoints under /v1/{ledger,policies,delegation,authorize}. The Community edition ships without them.

Audit ledger

Every governance-relevant action — a policy change, a delegation grant, an approval, a credential issue — is recorded in an append-only audit ledger. Entries are immutable and ordered, giving you a tamper-evident history for compliance and incident review.

  • Who did what, to which resource, and when.
  • The decision and the policy that produced it.
  • Exportable for audits and SIEM ingestion.

Policies

Splyntra evaluates access decisions against policies expressed in three complementary models:

  • RBAC (role-based) — grant capabilities to roles, assign roles to principals.
  • ABAC (attribute-based) — decisions based on attributes of the subject, resource, and environment (e.g. project, environment, data sensitivity).
  • ReBAC (relationship-based) — decisions based on relationships (e.g. "owner of the project that owns this agent").

Authorization requests hit the /v1/authorize endpoint, which returns an allow/deny decision plus the matched policy — and that decision is written to the ledger.

{
"subject": "agent:support-bot",
"action": "tool.send_email",
"resource": "project:support-agent",
"decision": "deny",
"policy": "no-outbound-email-in-prod"
}

Delegation

Delegation lets a principal grant a scoped subset of its permissions to another — for example, a human operator delegating "read traces for project X" to an on-call agent for a bounded time window. Delegations are scoped, optionally time-boxed, and fully recorded in the ledger.

Spend controls & approvals

Governance ties into cost analytics to enforce spending limits, not just observe them:

  • Caps — block or throttle runs when a project or environment exceeds its budget.
  • Approvals — route a run (or a high-cost action) for human approval before it proceeds.
  • Audit — every approval decision is written to the ledger.
tip

Combine a hard budget cap with an approval workflow so routine work runs freely but unusually expensive actions pause for a human — without stopping the whole project.

Next steps