visiq() call shown in the Quickstart.
How action governance intercepts tool calls
visiq() wraps your tools’ dispatch methods — the functions your framework invokes to actually run a tool — so every call is evaluated before the tool function body runs. The same one-line install works across every supported framework (LangChain, LangGraph, Vercel AI SDK, Mastra, VoltAgent, OpenAI Agents SDK, LlamaIndex.TS, and bare tool objects); see the Quickstart for per-framework setup. The flow:
- Agent decides to call a tool (e.g.,
issue_refundwith{ amount: 500 }) - The harness evaluates the tool name + arguments against a locally cached rule bundle
- One of four outcomes applies:
A denial is returned to the model as the tool’s output — nothing is thrown — so the agent can read it and change course:
Key concepts
Rules
Define what each agent can and cannot do. Write rules in natural language (the platform compiles them into policies) or author policy source directly. Conditions match on tool name, arguments, agent trust tier and business function, and normalized event fields. Every organization starts with a curated catalog of 29 default rules.
Human-in-the-Loop
Route sensitive tool calls to humans for real-time approval over Slack (interactive buttons), Microsoft Teams (Adaptive Cards), or email (one-click links) — plus the dashboard queue. Configurable timeouts and per-agent owner routing.
Audit trail
Every decision is logged with the agent ID, the action (tool) and its arguments, the rule matched, and the outcome — queryable via the read-only API (
GET /v1/allow/audit-log). Each decision also emits a cryptographically signed record envelope; see Audit Trail for the receipt and verification model.Fail-closed
An agent confirmed in enforce that loses its cached bundle stays fail-closed — denying tool calls rather than running them unevaluated (G001). A never-confirmed agent cold-starts in
monitor instead, observing without blocking. Once a bundle is cached, evaluation continues locally through backend outages.Three modes
Mode is server-authoritative — resolved on the backend and shipped inside the rule bundle, so a change propagates to running SDKs on the next background refresh, within a few seconds. There is no SDK-side mode option.
An agent’s mode either inherits an org-wide default (
allow_settings.default_agent_mode, itself defaulting to monitor) or is overridden per agent from the Agents page (under Harness). It can also be pinned per operation — for example enforce actions while keeping retrievals in monitor — with any operation left unset inheriting the agent’s resolved mode.
Next steps
Rules
Define what your agents can and cannot do.
Human-in-the-Loop
Route sensitive actions to humans for approval.
API Reference
REST API for rules, decisions, agents, and audit log.
SDK Reference
Complete
visiq() API — options, framework detection, error behavior.