02·03   Agent Governance & Audit

Govern the action. Keep the record.

AORBIT™ Agent Governance is the control layer for what an agent may do and what it may spend. Agent Audit & Compliance is the record of that activity a regulator can rely on. Two streams, one posture: enforcement at the checkpoint, evidence at the end.

See the audit stream
G/01
Agent Governance (Core)

Four controls every agent deployment needs.

G/01·01
GA

Agent Action Policy

Define and enforce what each agent may do — policy envelopes per agent, per workflow, per org. The envelope is checked before the action, not reconstructed after it.

G/01·02
GA

Activity Logging

Runtime capture of every agent action, attributed to an agent, a sponsor, and a scope. Visibility is the floor here, not the feature.

G/01·03
Pilot

Spend Governor

Token and compute budgets with pre-call checkpoint enforcement — throttle, pause, or terminate before the budget is gone, not after the invoice arrives.

G/01·04
Pilot

Agent Identity Binding

Every agent bound to a verified human sponsor and a scope. Consumes open standards — OIDC-A and SPIFFE — rather than inventing a proprietary identity model.

G/02
Why enforcement holds

Enforcement at the checkpoint, not observation after the fact.

Most governance tooling watches the logs and objects later. That’s observation, and it’s the best anyone outside the inference path can do. Because the inference path is ours, the policy check sits in the path itself — every model call, every action, every payment passes a checkpoint before it executes.

Governance can stop an action, not just record it. And the same position is what makes the audit trail complete: nothing reaches a model or a rail without passing the point where the record is written.

G/03
Agent Audit & Compliance

The record a regulator can rely on.

G/03·01
Pilot

Tamper-Evident Audit-of-Record

An immutable, cryptographically verifiable trail of agent decisions and payments. Tamper-evident by construction — an auditor can verify the chain rather than take our word for it.

G/03·02
Pilot

Compliance Reporting

Pre-built reports aligned to PDPL, SAMA, and SDAIA requirements. Alignment, not certification — the wording matters, and we keep it honest.

G/03·03
Pilot

Evidence Export & Attestation

Attested records on demand, in formats auditors and regulators can consume — evidence that leaves the platform without losing its verifiability.

G/03·04
Gated

Regulatory System-of-Record

A continuity record a regulator treats as the compliance source of truth. Recognition is conferred by a regulator — NDMO — not declared by us. It stays Gated until it is conferred.

// FRAMEWORK
// HOW AORBIT™ ADDRESSES IT
PDPL
Personal-data handling in agent activity is logged, attributable, and reportable; residency controls are available through Sovereign Deployment.
SAMA
Payment and spend activity is governed at the checkpoint and reported in SAMA-aligned formats; autonomous payments remain regulator-gated.
SDAIA
Agent and model reporting draws from the AI / Agent Asset Inventory in the truth layer — one inventory, one source.
G/04
Availability

Both streams, tagged with honest statuses.

Foundation · Parity

Agent Governance (Core)

Agent Action Policy
Define and enforce what each agent may do; policy envelopes per agent, workflow, and org.
GA
Activity Logging
Runtime capture of every agent action for visibility and attribution.
GA
Spend Governor
Token and compute budgets with pre-call checkpoint enforcement.
Pilot
Agent Identity Binding
Bind each agent to a verified human sponsor and scope; consumes OIDC-A and SPIFFE.
Pilot
System of record

Agent Audit & Compliance

Tamper-Evident Audit-of-Record
Immutable, cryptographically verifiable trail of agent decisions and payments.
Pilot
Compliance Reporting
Pre-built reports aligned to PDPL, SAMA, and SDAIA requirements.
Pilot
Regulatory System-of-Record
Recognition as a compliance source of truth is a regulator's call (NDMO).
Gated
Evidence Export & Attestation
Attested records on demand for auditors and regulators.
Pilot
GAavailable nowPilotdesign partnerGatedregulator / partner-dependentRoadmapplanned

// Statuses are transcribed from the license portfolio. GA means available now — we don’t round up.

Talk to an architect

Put your agents under policy before the auditor asks you to.