Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.visiqlabs.com/llms.txt

Use this file to discover all available pages before exploring further.

RECALL governs what your agents can see. Every retrieved document is evaluated against your suppression rules before it reaches the agent’s context window — allow, redact, or deny per document. There is no additional code beyond the visiq() call shown in the Quickstart.

How RECALL instruments retrievers

When visiq() wraps your executor, it walks the tools array and monkey-patches any retriever it finds. The flow:
  1. Agent calls a retriever tool (e.g., search_knowledge with query "Q3 revenue")
  2. The retriever fetches raw results from the vector store
  3. RECALL evaluates each returned document against a locally cached OPA/Rego policy bundle
  4. Allow — document enters the context window unchanged
  5. Redact — sensitive fields are replaced with placeholders before the agent sees the document
  6. Deny — document is silently suppressed; the agent never sees it
No error is thrown for denied documents — suppression is a normal policy outcome. If every document is denied, the retriever returns an empty array.

How retrievers are detected

The harness checks three patterns for each tool:
PatternMatch conditionWhat gets patched
LangChain BaseRetrievertool._getRelevantDocuments exists_getRelevantDocuments() wrapped
Generic retrievertool.retrieve existsretrieve() wrapped
Nested retrievertool.retriever is an objectRecurses into .retriever and re-applies above patterns
Use createRetrieverTool from LangChain to expose the retriever where the harness expects it. DynamicTool with a vector store in a closure will not be detected.

Key concepts

Rules

Define suppression policies with trust tiers and document classification. Write rules in natural language or raw OPA/Rego.

Trust tiers

Assign agents to tiers: tier1 (full access), tier2 (redact confidential), tier3 (public only). The trust tier matrix governs what each agent sees based on document metadata.

Content redaction

Redact SSNs, emails, account numbers from permitted documents. The agent sees the structure but not the sensitive values.

Cryptographic receipts

Every decision is signed with Ed25519 and hashed with SHA-256. Receipts provide tamper-evident proof for compliance audits.

Three modes

ModeBehavior
enforceApply per-document decisions — deny or redact based on policy (default)
auditEvaluate and log all decisions but always allow — safe for rollout
offBypass RECALL entirely — all documents pass through
Start with audit mode. Observe what your agents retrieve and understand your data classification landscape before switching to enforce.

RECALL vs. ALLOW

DimensionALLOWRECALL
GovernsWhat agents can do (tool calls)What agents can see (retrieved context)
InterceptionhandleToolStart callbackRetriever methods (_getRelevantDocuments, retrieve)
DecisionsPermit / deny / approval requiredAllow / redact / deny
AuditDecision log with HITL queueCryptographic receipts
Both activate from a single visiq() call.

Next steps

Rules

Define suppression policies with trust tiers and OPA/Rego.

Receipts

Tamper-evident audit trail with Ed25519 signatures.

Emergency Bypass

Override suppression during incidents.

API Reference

REST API for rules, receipts, and audit log.