Foundry · Policies

LIVE
SOC
Active rules
37
▲ 3 this week
Default action
STEP-UP
fail-safe
ALLOW · 24h
948
78.7% of calls
STEP-UP · 24h
181
CIBA approvals
DENY · 24h
75
6.2% blocked
Policy engine
govern()
keyword + risk gate

Per-tier rule matrix

action × tier → verdict
Tier readgraph / telemetry exportPII / PHI deletedestructive
tier1
low-risk read
 ALLOW DENY DENY
tier2
sensitive write
 ALLOW STEP-UP DENY
tier3
privileged / OT
 ALLOW DENY DENY
ALLOW — proceeds, logged to chain STEP-UP — CIBA human approval DENY — blocked, logged to chain

govern() policy

keyword + risk gate
govern-policy.yaml YAML 
apiVersion: nhilab.io/v1
kind: GovernPolicy
metadata:
  name: trident-foundry-baseline
  tenant: kpmgplayground
spec:
  default_action: step-up      # unknown action -> step-up (fail safe)
  rules:
    - name: allow-read
      condition:
        field: action
        operator: matches
        value: "read*"
      action: allow
      priority: 10

    - name: pii-step-up
      condition:
        field: action
        operator: equals
        value: "export:pii"
      action: require_approval
      approvers: [data-privacy]
      priority: 50

    - name: deny-destructive
      condition:
        field: action
        operator: equals
        value: "delete"
      action: deny
      priority: 100   # highest wins
Fail closed
Any backend or evaluator error resolves to deny — never a silent allow. The gate refuses the call rather than guessing.
AGT upstream fix · a1c6ff8b
Step-up = CIBA
Sensitive PII / PHI export blocks for out-of-band human approval (CIBA). The agent waits; a named approver decides.
approvers: data-privacy
Delete denied estate-wide
delete is denied across all tiers — no agent destroys records. Priority 100 overrides any tier grant.
priority: 100 · all tiers
Assurance is outcome-based, not badge-based.
We do not claim coverage from the mere presence of an imported OWASP / framework checklist. Every assertion here maps to real allow / step-up / deny records in the hash-linked audit chain — the gate's actual decisions, stamped with source system, object ID and timestamp.
source_system=govern() tenant=kpmgplayground policy=trident-foundry-baseline source_mode=live agt=4.1.0 2026-06-14
DESIGN PREVIEW · policy is the live baseline; decision counts are representative.