PolicyStrata

Agent Trust Gateway

Runtime request path, policy decisions, and fail-open or fail-closed behavior for governed-data actions.

Role

The PolicyStrata Agent Trust Gateway is the customer-hosted runtime enforcement boundary. It evaluates governed-data actions before a model, retrieval system, tool, SQL query, memory store, browser action, code sandbox, or egress call is allowed to proceed.

The gateway is not the first commercial dependency for every pilot. The first paid motion can start with release review, evidence packs, and CI gates. Add the gateway when the pilot needs live action controls or runtime decision evidence.

Gateway Request Path

  1. The application or agent prepares a governed-data action.
  2. The gateway receives the actor, organization, environment, release candidate, agent, action type, resource, data class, policy version, and relevant entitlements.
  3. PolicyStrata evaluates the request against the active policy suite and control-pack version.
  4. The gateway returns a decision to the application before the action proceeds.
  5. The gateway writes a redacted decision record locally and can upload a normalized runtime event to Clearance.
sequenceDiagram
  participant App as "Agent application"
  participant Gateway as "Customer-hosted gateway"
  participant Policy as "PolicyStrata policy suite"
  participant Clearance as "Hosted Clearance"

  App->>Gateway: Governed-data action request
  Gateway->>Policy: Evaluate actor, resource, data class, policy
  Policy-->>Gateway: allow, block, hold, or degrade
  Gateway-->>App: Runtime decision
  Gateway->>Clearance: Redacted decision metadata

Policy Decision Model

Gateway decisions are intentionally small so they can be used in application code, CI evidence, dashboards, and audit exports.

Gateway decisionRuntime event actionUse when
allowallowThe request has required auth context, tenant scope, entitlement, tool permission, and approved destination
blockdenyThe request is unsafe or violates a hard policy, such as missing tenant scope or unapproved egress
holdrequire_approvalHuman approval is required before the action can continue
degradequarantineThe request should be isolated, downgraded, redacted, or routed to a safer path

Decision records should include:

  • Stable request and decision IDs.
  • Organization, project, environment, release candidate, and agent identity.
  • Actor and service identity where available.
  • Action type, resource type, resource ID, and data class.
  • Policy version and control-pack version.
  • Decision reason, evidence references, and expiration or override metadata.

The JSON producer contract is schemas/gateway-decision.schema.json. Hosted runtime ingestion accepts the normalized runtime-event shape documented in API Reference.

Fail-Closed And Fail-Open

Choose fail behavior per action class before the pilot starts. The choice should be visible in the evidence pack and in the customer's runbook.

Action classRecommended defaultRationale
Production data read/writeFail closedPrevent cross-tenant access, missing entitlement checks, and unsafe row access
External egress or tool mutationFail closedAvoid sending governed data to unapproved destinations or performing irreversible actions
Internal read-only diagnosticsFail open with audit, if approvedPreserve operator visibility when the action does not expose customer data
Low-risk UX personalizationFail open with audit, if approvedAvoid unnecessary user impact when governed data is not involved
Kill switch activeFail closedCustomer or provider emergency control must take precedence

Fail-open behavior still needs an audit record. A fail-open decision should say which dependency failed, which fallback policy applied, who approved that posture, and how long the fallback is valid.

Pilot Adoption Path

Start with log-only or hold decisions for one named agent. Once the policy suite and reviewer workflow are trusted, move selected hard controls to blocking mode. Do not describe the product as a universal production proxy until the customer's runtime path, ownership model, and fail behavior have been implemented and tested in that environment.

On this page