Preserve scope
Attach tenant, app, agent, and pseudonymous subject context so decisions and reusable routes do not cross the wrong boundary.
// AI agent governance
Punk evaluates model and tool activity with identity-aware rules. Low-risk work can continue; consequential actions can be blocked or held for a person to review.
Punk provides enforcement and evidence primitives. Your organization remains responsible for its policy design, access controls, and compliance decisions.
// controls that travel with the request
Attach tenant, app, agent, and pseudonymous subject context so decisions and reusable routes do not cross the wrong boundary.
Apply MeshGuard-compatible rules to model requests and declared tool actions within the runtime path.
Hold selected actions for human review instead of treating every agent choice as equally safe.
// conservative defaults
Punk uses five side-effect levels, from read-only work through irreversible external consequences. Undeclared tools default conservatively to a user-visible write posture.
| Action posture | Example | Possible handling |
|---|---|---|
| Read-only | Retrieve approved knowledge | Allow and record, subject to policy |
| Reversible write | Update a draft record | Allow, constrain, or review |
| User-visible write | Send a message | Often require explicit policy or approval |
| External commitment | Place an order | Hold or block by default policy |
| Irreversible | Delete production data | Strongest restriction |
// adaptive, not unbounded
A reusable route must remain inside the same tenant and safety dimensions, pass its evidence gate, and be allowed by current policy. Ineligible optimized paths return to the configured live provider.
Begin with visibility, validate identity and tool declarations, then choose which decisions should block, continue, or wait for approval.