executor.invoke() calls work unchanged — but every tool call and every retrieved document now flows through policy evaluation, and every decision lands in a signed audit trail.
The SDK ships for TypeScript (
@visiq/harness) and Python (visiq).
From a language without an SDK, call the REST API directly — see the
action governance API reference.What activates
Action Governance
Controls what agents can do. Every tool call is evaluated against your rules before it executes — permit it, deny it, mask sensitive arguments and proceed, or route it to a human for approval over Slack, Microsoft Teams, or email.
Retrieval Governance
Controls what agents can see. Every retrieved document is evaluated before it reaches the agent’s context window — allowed, denied, redacted field-by-field, or escalated to a human.
Audit Trail
Proves what agents did. Every decision emits a signed record envelope — Ed25519 receipts, Merkle-batched into a hash-chained, checkpoint-signed transparency log with RFC 3161 timestamps.
visiq() call. There is no additional code, configuration, or per-tool wrapping — and you’re covered before you write your first rule: every tenant starts with a curated catalog of 29 default rules built on a business-function × trust-tier need-to-know matrix.
Monitor first, enforce when confident. A new agent is auto-provisioned in
monitor mode on its first contact: every decision is evaluated and
audited, but nothing is blocked yet. Each agent’s mode inherits an org-wide
default (
monitor out of the box) or is overridden per agent — even per
operation — on the dashboard’s Harness → Agents page, and the SDK picks up
the change within seconds. Zero-disruption rollout is the default, not an
afterthought.How it works
1
visiq() detects your framework
The harness inspects the target object. It recognizes LangChain
AgentExecutor and LangGraph CompiledGraph, plus agent instances from the Vercel AI SDK, Mastra, the OpenAI Agents SDK, LlamaIndex.TS, VoltAgent, and a Semantic Kernel Kernel — or a standalone tool object. CLI agents are covered by dedicated harnesses for OpenClaw and Claude Code.2
Action governance wraps the tool itself
Framework callbacks can’t block — in LangChain, a throwing callback is logged and the tool runs anyway. So VisIQ wraps each tool’s dispatch method (
invoke/call/_call, or execute) in place, where a deny actually stops execution — the streaming path is governed identically. Each proposed call is evaluated in-process against a locally cached rule bundle: once the first bundle loads, the decision path makes no network round-trip — waiting on a human approval is the only exception.3
Retrieval governance instruments retrievers in place
The harness finds your retrievers and document-returning tools and instruments them. Every returned document passes through policy evaluation — content and metadata — before the agent sees it.
4
Audit trail captures every decision
Each decision emits a record envelope. Receipts are Ed25519-signed asynchronously, Merkle-batched into a hash-chained checkpoint log, and timestamped by an RFC 3161 authority. Verify any envelope via
GET /record/envelopes/{id}/verify.Install
.env
vq_prod_... for production, vq_test_... for everything else). The harness reads VISIQ_API_KEY, VISIQ_ENDPOINT, and (optionally) VISIQ_AGENT_ID from environment variables automatically; options passed to visiq() take precedence. If you don’t set an agent id, the SDK derives one from your package name (then hostname), and the backend auto-provisions it in monitor mode on first contact.
Next steps
Quickstart
Full working example with tools and a retriever — 5 minutes.
SDK Reference
Complete
visiq() API — options, framework detection, error behavior.