Govern the action. Keep the record.
AORBIT™ Agent Governance is the control layer for what an agent may do and what it may spend. Agent Audit & Compliance is the record of that activity a regulator can rely on. Two streams, one posture: enforcement at the checkpoint, evidence at the end.
Four controls every agent deployment needs.
Agent Action Policy
Define and enforce what each agent may do — policy envelopes per agent, per workflow, per org. The envelope is checked before the action, not reconstructed after it.
Activity Logging
Runtime capture of every agent action, attributed to an agent, a sponsor, and a scope. Visibility is the floor here, not the feature.
Spend Governor
Token and compute budgets with pre-call checkpoint enforcement — throttle, pause, or terminate before the budget is gone, not after the invoice arrives.
Agent Identity Binding
Every agent bound to a verified human sponsor and a scope. Consumes open standards — OIDC-A and SPIFFE — rather than inventing a proprietary identity model.
Enforcement at the checkpoint, not observation after the fact.
Most governance tooling watches the logs and objects later. That’s observation, and it’s the best anyone outside the inference path can do. Because the inference path is ours, the policy check sits in the path itself — every model call, every action, every payment passes a checkpoint before it executes.
Governance can stop an action, not just record it. And the same position is what makes the audit trail complete: nothing reaches a model or a rail without passing the point where the record is written.
The record a regulator can rely on.
Tamper-Evident Audit-of-Record
An immutable, cryptographically verifiable trail of agent decisions and payments. Tamper-evident by construction — an auditor can verify the chain rather than take our word for it.
Compliance Reporting
Pre-built reports aligned to PDPL, SAMA, and SDAIA requirements. Alignment, not certification — the wording matters, and we keep it honest.
Evidence Export & Attestation
Attested records on demand, in formats auditors and regulators can consume — evidence that leaves the platform without losing its verifiability.
Regulatory System-of-Record
A continuity record a regulator treats as the compliance source of truth. Recognition is conferred by a regulator — NDMO — not declared by us. It stays Gated until it is conferred.
Both streams, tagged with honest statuses.
Agent Governance (Core)
Agent Audit & Compliance
// Statuses are transcribed from the license portfolio. GA means available now — we don’t round up.