Technical Specifications
The governance engine
behind autonomous AI.
Deterministic, auditable, sub-second. A spec sheet for every layer of the GaaS pipeline — built for the engineers who need to know exactly what happens to an agent action before it executes.
01
Pipeline Architecture
Every agent action traverses a 5-stage governed pipeline. Stages 1–3 are deterministic compute. Stage 4 (Deliberation) is conditional and only activates on high-risk actions. Stage 5 assembles the final verdict and writes the immutable audit record.
STAGE 01
Intent Validation
< 5ms
10-point structural validation: prompt injection detection (17 pattern signatures + imperative heuristic), timestamp drift checks (±60s), financial exposure quantification, regulatory domain mapping, data category classification (PII/PCI/PHI), reversibility assessment.
Always runs
→
STAGE 02
Context Enrichment
~50ms
Parallel async fetch across relevant connectors. 6-step sub-pipeline: relevance analysis, source selection, parallel fetch, contradiction detection, gap analysis, confidence scoring. Results in a 0.0–1.0 confidence score.
Always runs
→
STAGE 03
Policy Evaluation
~20ms
33+ policies across 4 tiers evaluated against the enriched intent. 6-dimension weighted risk scoring. Scope pre-indexing for sub-millisecond policy filtering.
Always runs
→
STAGE 04
Deliberation
200ms–10s
Multi-agent debate panel powered by Claude Opus 4.6 with 1M token context. Consensus-based verdict with veto authority. Only triggered when composite risk score ≥ 0.65.
Conditional
→
STAGE 05
Decision & Audit
~25ms
Final verdict assembly (APPROVE / APPROVE_MODIFIED / ESCALATE / BLOCK), governance proof token generation (ECDSA P-256), tamper-evident audit record with SHA-256 hash chain linkage.
Always runs
85–95% of actions resolve in Stages 1–3 in under 100ms. Only high-risk actions (4–12%) enter Deliberation. Less than 1–3% are escalated for human review.
| Stage | Name | Latency | Trigger |
|---|---|---|---|
| 1 | Intent Validation | < 5ms | Every action |
| 2 | Context Enrichment | ~50ms | Every action |
| 3 | Policy Evaluation | ~20ms | Every action |
| 4 | Deliberation | 200ms – 10s | Risk score ≥ 0.65 only |
| 5 | Decision & Audit | ~25ms | Every action |
02
Policy Engine
33+ policies organized into four layered tiers, evaluated in order. Every action passes through all applicable tiers. Risk scores from each tier are aggregated into a single 0.0–1.0 composite score that determines pipeline routing.
Non-disableable
Tier 1 — Universal
10 policies
The non-negotiable floor. Sensitive data protection, unverified channel detection, delegation depth limits, contradiction detection, irreversibility guards, rate anomaly detection, self-governance modification prevention, prompt injection blocking, session trust enforcement, behavioral anomaly blocking. Cannot be disabled by any organization.
Regulatory
Tier 2 — Regulatory
8 policies
GDPR, EU AI Act (Articles 9–15, enforcement date Aug 2, 2026), data residency enforcement, consent compliance, right-to-explain requirements. Automatically activates based on the regulatory domains mapped during Stage 1 intent validation.
Configurable
Tier 3 — Organizational
Custom
Policies defined by your compliance team. Natural-language policy authoring — describe a rule in plain English and GaaS generates, smoke-tests, and deploys it to your policy scope. Overrides and extensions to Tier 2 where regulations permit.
Sandboxed
Tier 4 — Experimental
Research
Emerging governance frameworks and research policies. Evaluated in sandboxed mode — verdicts are logged and observed but do not affect routing. Graduated to Tier 3 after validation thresholds are met.
AP2 Payments
AP2 Payment Governance
7 policies
Mandate validation, spend limits and velocity controls, PCI DSS compliance enforcement, PSD2 Strong Customer Authentication (SCA) for agent-initiated payments, AML velocity detection. Applied automatically to all actions classified as financial.
6-Dimension Risk Scoring
| Dimension | Weight | What it measures |
|---|---|---|
| Reversibility | 20% | Can the action be undone? |
| Financial Exposure | 20% | Cost if the action is wrong |
| Regulatory Density | 20% | How many regulations apply? |
| Audience Impact | 15% | Who is affected, and how many? |
| Context Confidence | 15% | How certain is the enriched context? |
| Novelty | 10% | How unprecedented is this action? |
Low
0.0 – 0.3
Moderate
0.3 – 0.6
High
0.6 – 0.75
Critical
0.75 – 1.0
03
Deliberation Engine
When an action clears the risk threshold, a structured multi-agent debate panel convenes. Six specialized agents with defined roles, weights, and authority levels reach a consensus verdict through three rounds of structured deliberation.
6
agents on full panel
3
structured debate rounds
55%
weighted consensus threshold
1M
token context window (Claude Opus 4.6)
Compliance Agent
Regulatory & legal compliance evaluation
1.0
weight
Ethics Agent
Ethical implications & fairness assessment
0.9
weight
Risk Agent
Operational & financial risk quantification
0.8
weight
Domain Expert
Industry-specific context & precedent
0.7
weight
Precedent Agent
Historical decision pattern analysis
0.6
weight
Cost / Efficiency Agent
Operational cost & workflow impact
0.5
weight
Panel scaling: 2 agents for routine elevated risk • 4 agents for elevated risk • Full 6-agent panel for critical risk. Anthropic ephemeral prompt caching (5-min TTL) keeps deliberation cost efficient.
3 retry attempts with exponential backoff
Per-provider circuit breaker: 5 failures → 60s cooldown
30s timeout per agent per round
Graceful fallback when LLM unavailable
04
Data Connectors & Enrichment
27 production connectors across enterprise platforms, queried in parallel during Stage 2 with per-source resilience. Enrichment failures never block decisions — they inflate the risk score instead.
Identity & Access
Okta, Google Workspace, Auth0
3+ connectors
CRM & Sales
Salesforce, HubSpot
2+ connectors
Payments & Finance
Stripe, Plaid
2+ connectors
Monitoring & Observability
Datadog, New Relic
2+ connectors
Communication
Slack, Twilio, SendGrid
3+ connectors
Enterprise & HR
Workday, ServiceNow
2+ connectors
Development
GitHub, Jira, Asana
3+ connectors
Security & Compliance
SIEM (CEF format), Vanta
2+ connectors
Agent-to-Agent
A2A Registry, AP2 Registry
2+ connectors
| Resilience Spec | Value |
|---|---|
| Request timeout | 5s |
| Retry policy | 3 retries, exponential backoff (0.5s base) |
| Circuit breaker | 5 consecutive failures → OPEN for 60s |
| Enrichment cache | Redis-backed, 30-min TTL, successful results only |
| Failure behavior | Graceful degradation — failures inflate risk score, never block |
Context Confidence Score: Each enriched context carries a 0.0–1.0 confidence score. Missing critical data applies a −0.20 penalty. Stale data (>24h) applies a −0.10 penalty. Low confidence directly inflates the composite risk score.
05
Audit & Cryptographic Integrity
Every governed action generates a 7-stage tamper-evident audit record, cryptographically signed and chained. Any modification to any record breaks the entire downstream chain — tampering is detectable and provable.
1
Intent Declaration
Raw agent intent captured verbatim. Timestamp, agent ID, session ID, and source fingerprint recorded.
2
Validation Record
Stage 1 validation results: all 10 check outcomes, risk flags triggered, injection signatures matched.
3
Context Snapshot
Enriched context at time of decision: sources queried, data retrieved, confidence score, gaps identified.
4
Policy Evaluation Log
Each policy evaluated, its verdict, and the weighted contribution to the composite risk score.
5
Deliberation Transcript
Full agent panel transcript (if triggered): initial positions, cross-examination, final verdicts with confidence scores per agent.
6
Decision Record
Final verdict (APPROVE / APPROVE_MODIFIED / ESCALATE / BLOCK), rationale, and any modifications applied to the intent.
7
Outcome Record
Execution outcome reported by the agent, outcome verification status, and any deviation from the governed decision.
Hash Algorithm
SHA-256 per record, chained to prior hash
Proof Token Signature
ECDSA P-256
Default Retention
365 days (configurable, auto-purge)
Export Formats
JSONL streaming, CSV, HTML (print-ready)
Non-Repudiation
Proof tokens independently verifiable via public endpoint
Tamper Detection
Modification breaks entire downstream chain
06
Compliance Frameworks
GaaS ships with built-in coverage for 12 regulatory frameworks and 60+ governance policies. Compliance status is queryable via API and exportable for auditor review.
| Framework | Status | Coverage |
|---|---|---|
| EU AI Act | 5 policies | Articles 9–15 enforcement. Compliance status API + reporting endpoint. Enforcement date: Aug 2, 2026. |
| GDPR | 4 policies | Article 17 (erasure), Article 20 (portability), Article 22 (automated decision explanation), Article 28 (sub-processor management, 30-day advance notice). |
| SR 11-7 (Federal Reserve) | Auto-generated | Model inventory with validation status, decision statistics, and delegated authority limits. CSV/HTML export. |
| PCI DSS | Enforced | Agent payment compliance via AP2 policy layer. Cardholder data detection and blocking. |
| PSD2 SCA | Enforced | Strong Customer Authentication enforcement for all agent-initiated payment actions. |
| SOC 2 | Audit-ready | Audit trail integrity via cryptographic hash chain. Tamper detection satisfies availability + integrity trust service criteria. |
| NIST 800-53 | Mapped | AC, AU, IA, SC control family mapping for AI agent governance. Agent-specific interpretations of access control, audit, identification, and system protection controls. |
| FedRAMP | Mapped | FedRAMP Moderate baseline alignment. Control inheritance documentation for GaaS as a cloud governance provider. |
| CMMC | Mapped | Level 2 practice mapping for defense contractor agent governance. CUI handling controls and access enforcement. |
| NIST CSF | Mapped | Identify, Protect, Detect, Respond, Recover functions mapped to governance pipeline stages 1–5. |
| NIST AI RMF | Mapped | AI Risk Management Framework alignment. Map, Measure, Manage, Govern functions with pipeline-stage correspondence. |
| HIPAA | Enforced | PHI detection and blocking. Minimum necessary standard enforcement. BAA-ready audit trail with full chain of custody. |
| FERPA | Enforced | Education record protection. Role-based access enforcement for student PII. Directory vs. non-directory information classification. |
| COPPA | Enforced | Child data protection for agents operating in K–12 and consumer contexts. Age-gated content and data access controls. |
07
Security
Defense-in-depth from the API boundary to the audit record. Behavioral profiling, cryptographic integrity, and multi-layer injection detection are all non-disableable Tier 1 controls.
Prompt Injection Detection
17 regex pattern signatures + imperative heuristic. Evaluated at Stage 1 (reject before enrichment) and re-scanned at Stage 3 against enriched context.
Behavioral Anomaly Detection
Z-score statistical profiling per agent. Warn at >2σ, critical alert at >3σ, auto-block at ≥4σ from established baseline.
Session Trust Decay
Per-agent floating trust budget (1.0 → 0.10). Decays with risky decisions. Session blocked when budget depleted (≤0.10).
Rate Anomaly Detection
Flags actions exceeding 3× baseline frequency within a 1-hour sliding window. Automatic escalation at 5× baseline.
Self-Governance Prevention
Agents cannot modify their own governance policies. Tier 1 non-disableable policy. Any attempt is auto-blocked and generates a SIEM alert.
SIEM Integration
Outbound event push in CEF (Common Event Format) on BLOCK and ESCALATE verdicts. Compatible with Splunk, QRadar, Microsoft Sentinel.
API Key Management
gsk_ prefixed keys, SHA-256 hashed at rest, 90-day maximum lifetime, atomic rotation endpoint with zero-downtime key swap.Rate Limiting
Sliding window: 600 req/min global. Tiered per-key limits: 120/20/10/5 by endpoint class. PostgreSQL-backed for distributed deployments.
08
API & Integration
70+ REST endpoints across 15 route groups. Full OpenAPI spec, idempotent submissions, bulk processing, and field-level response filtering.
70+ REST endpoints across 15 route groups
OpenAPI spec available at
/openapi.jsonIdempotency:
Idempotency-Key header with 24h TTL and request hash deduplicationBulk submission: Up to 50 intents per request, 10 concurrent pipeline executions
Field filtering: Sparse responses via
?fields=verdict,risk_scoreETag caching: SHA-256 based, per-endpoint cache control headers
Webhook delivery: HMAC-SHA256 signed payloads with retry logic
A2A Protocol v0.3: Agent-to-Agent federation,
.well-known/agent.json discovery, JSON-RPC 2.0 + RESTSDKs
Python (async, Pydantic v2)
TypeScript (full OpenAPI types)
Java (Maven / Gradle)
gaas-langchain
gaas-langchain provides native LangChain integration:
govern_tools() for tool-use wrapping, @govern_node decorator for LangGraph nodes, and GaaSCallbackHandler for automatic pipeline instrumentation.
09
Infrastructure & Availability
Production-hardened stack with full observability, load-tested against sustained and spike traffic profiles, and validated across three Python runtime versions.
| Component | Specification |
|---|---|
| Runtime | Python 3.11 / 3.12 / 3.13 |
| Database | PostgreSQL 15 with read replicas |
| Cache | Redis (enrichment results, agent profiles) |
| Observability | Prometheus + OpenTelemetry |
| Logging | Structured (structlog) with request ID correlation across all 5 stages |
| Load Testing | k6 profiles — sustained, spike, and soak |
| CI Matrix | Python 3.11, 3.12, 3.13 — ruff + mypy + pytest |
| Test Coverage | 2,500+ tests (unit, integration, API, E2E) |
| Tier | Uptime SLA | Response SLA | Credit on Breach |
|---|---|---|---|
| Starter | 99.5% | < 24h email | 10% monthly credit |
| Growth | 99.9% | < 4h priority | 25% monthly credit |
| Enterprise | 99.99% | < 1h dedicated | 100% monthly credit |
10
Cost Efficiency
Governance shouldn't become a bottleneck — financially or operationally. The pipeline is designed so the vast majority of actions never reach the expensive deliberation stage.
Routine Path
Stages 1–3 only
Stages 1–3 only
$0.0003–$0.001
85–95% of all actions
Deliberation Path
Stage 4 triggered
Stage 4 triggered
$0.02–$0.08
4–12% of all actions
Escalation Path
Human review routed
Human review routed
$0.50–$5.00
1–3% of all actions
Deliberation triggers at ≥0.65 risk threshold — a tuning that produces a 30% reduction in deliberation rate with no measurable impact on governance quality. Prompt caching (Anthropic ephemeral, 5-min TTL) further reduces deliberation cost for repeated context patterns.
11
AI Model & Protocol Stack
GaaS runs on the latest best-performing prime foundation model. Today that is Claude Opus 4.6 — Anthropic's most capable model, with a 1-million-token context window. As better models emerge, GaaS upgrades automatically so your governance layer never falls behind the frontier.
Claude
Opus 4.6
Opus 4.6
prime foundation model
1M
token context window
Always
latest frontier model
BYOM
bring your own model (GaaS Core)
Always on the frontier: GaaS tracks frontier model performance and upgrades automatically. You don't configure model versions — you govern agents, and GaaS handles the rest.
Model Context Protocol (MCP)
Native MCP server: GaaS exposes a compliant MCP server so any MCP-capable agent can declare intents and receive governance verdicts without custom integration code
Tool-use governance: Wraps agent tool calls at the MCP layer — every tool invocation passes through the full 5-stage pipeline before execution
MCP client connector: GaaS can also act as an MCP client, pulling real-time context from other MCP servers into Stage 2 enrichment
Schema-compatible: Governance verdicts are returned as structured MCP tool results — no response parsing required by the agent
Agent-to-Agent Protocol (A2A)
A2A Protocol v0.3: Full support for Google's A2A standard — Agent Cards, task lifecycle, JSON-RPC 2.0 + REST, skill discovery via
.well-known/agent.jsonGovernance proxy layer: GaaS intercepts A2A messages between agents and applies policy evaluation before task handoff — neither agent needs to change its A2A implementation
Agent Trust Registry: A2A agent identities are validated against the GaaS Trust Registry — verifying agent certification tier before federation is permitted
Cross-org federation: A2A governance spans organizational boundaries — delegation chains are audited end-to-end regardless of which org's agents initiated the task
MCP gives agents tools. A2A gives agents colleagues. GaaS gives agents accountability. Both protocols are governed by the same 5-stage pipeline — same audit trail, same compliance posture, same cryptographic integrity.
Ready to govern your AI agents?
Start with the free tier — 1,000 governed actions per month, no credit card required. Or talk to engineering to discuss your architecture.