Pegesis Compliance

Policy-first compliance: local-by-default, agent-enforced.

Define policies once. Cognitive Agents and the Decision Agent detect intent, attach the right guardrails, and guarantee outcomes — without shipping your data off-box.

See the model View examples

Policy & Policy Management

Describe what is allowed, limited, and audited

Policies in Pegesis control data locality, tool privileges, scope limits, and approval rules. They’re versioned, signed, and attach to agents, playbooks, or requests at runtime.

allow/deny + limits locality: on-device / site / region k-of-n approvals data class: PII/PHI/IP 
{
                  "id": "policy://cleaning/base@v3",
                  "locality": { "require": "device|site", "egress": "deny" },
                  "classifiers": ["no-PII", "no-face-video"],
                  "allow": ["read:occupancy", "create:work_order"],
                  "deny":  ["delete:work_order", "export:raw_video"],
                  "limits": { "zoneRadiusM": 50, "priorityMax": 3 },
                  "approvals": [{"action":"dispatch_worker","by":["supervisor"]}],
                  "trace": { "signed": true, "redact": ["note"] }
                }

Intent Detection

Map requests to guardrails automatically

An Intent Router classifies tasks (e.g., “export report”, “dispatch worker”, “ summarize incident ”). The resulting intent activates the proper policy set before any tool call executes.

Inputsprompt, playbook step, attached metadata (site, zone, data classes) Outputsintent label(s) + confidence, selected policy chain, missing-approval list Guaranteeno tool is invoked without a bound policy & signed trace 
# intents.yaml
                - match: "dispatch *worker*"
                  policy: "policy://cleaning/base@v3"
                  approvals: ["supervisor"]
                - match: "export *report*"
                  policy: ["policy://report/base@v1", "policy://data/redact@v2"]
                  locality: "site"
                - match: ["share video", "send raw feed"]
                  deny: true
                  message: "Video egress disabled by policy"

Decision Agent

A dedicated agent that enforces policy at runtime

Every plan step runs through the Decision Agent. It verifies locality, scopes data, requests approvals, and either executes, simulates (dry-run), or denies with a reason. All outcomes are signed.

  • Policy evaluation is before tool invocation
  • Dry-run for previewing side-effects
  • Deterministic replays for audit
def decide(step, ctx):
                  intent = detect_intent(step, ctx)
                  chain  = resolve_policies(intent, actor=ctx.agent, tenant=ctx.tenant)
                  check_locality(chain.locality, ctx.data_plane)      # must be device/site as required
                  require_approvals(chain.approvals, ctx)             # pause until satisfied
                  guard = compose_limits(chain.limits, ctx.risk)      # tighter bound wins
                  if violates(chain.deny, step) or out_of_bounds(guard, step): 
                      return Deny(reason="policy")
                  return Execute(within=guard, trace=sign(ctx, step, chain))

Local Processing

Keep data on device or on site — by default

Pegesis runtimes can execute entirely on edge boxes or on-prem clusters. Policies express where data is allowed to live and how it may be transformed before any egress.

no egress by default regional fallbacks on-device redaction de-identification transforms 
{
                  "locality": {
                    "require": "device|site",
                    "egress": "deny",
                    "transforms": [
                      {"when": "needs:report", "apply": ["redact:PII", "aggregate:5min"]}
                    ]
                  }
                }

Inheritance

Compose policies; the strictest rule wins

Attach base policies to organizations or projects, then extend or narrow them per site, agent, or intent. Pegesis merges chains deterministically.

Merge ruledeny overrides allow; minimum scope applies; highest approval requirement stands Determinismcanonical order: org → tenant → project → site → agent → intent Explainabilityeach effective field links to its source policy in the trace 
# site overrides tighten locality; agent adds limits
                effective_policy = merge([
                  "policy://org/base@v1",
                  "policy://project/compliance@v2",
                  "policy://site/west-campus@v4",
                  "policy://agent/cleaning-supervisor@v3"
                ])
                # merge() returns a signed, minimal policy used by the Decision Agent

Examples

Common compliant outcomes

Each example shows intent → policies → decision → result. All execute locally unless policy allows egress.

Dispatch worker in 50m zone

Intent “dispatch worker” binds the cleaning policy and requests supervisor approval.

intent: dispatch_worker
                  policies: [cleaning/base@v3]
                  decision: Execute(within.zoneRadiusM=50, approval=ok)

Summarize incident with redaction

Local summarization with on-device PII redaction; only the abstract leaves the device.

intent: summarize_incident
                  policies: [report/base@v1, data/redact@v2]
                  decision: Execute(locality=device, egress="summary_only")

Block raw video export

Intent router flags “share video”; deny takes precedence over any allows.

intent: share_video
                  policies: [video/egress-deny@v1]
                  decision: Deny(reason="egress disabled")

Trace & Audit

Signed decision trails you can trust

Every step records the intent, effective policy chain, approvals, limits, and tool calls. Replays prove the same decision would occur again.

  • Per-field provenance to source policy
  • Deterministic simulation / replay
  • Exportable receipts for regulators
{
                  "run": "rx_7f31...",
                  "intent": "dispatch_worker",
                  "effectivePolicy": ["org/base@v1","site/west@v4","agent/cleaning@v3"],
                  "approvals": [{"by":"supervisor","ts":"2025-03-11T10:02:18Z","sig":"ed25519.."}],
                  "decision": "Execute",
                  "toolCalls": ["work_orders.create#wo_912"],
                  "signature": "ed25519..."
                }

Developer SDK

Bind policies from code

Attach policies to agents and let the Decision Agent enforce them automatically.

Python

from pegesis import Agent, Decision

                  agent = Agent(
                    name="compliance-auditor",
                    policies=["policy://org/base@v1","policy://data/redact@v2"]
                  )

                  @agent.on("dispatch.requested")
                  def handle(ctx):
                      decision = Decision.for_step("dispatch_worker", ctx)
                      if decision.allowed:
                          return ctx.tools.work_orders.create(...)
                      return decision.deny_reason

TypeScript

import { Agent, decide } from "@pegesis/sdk";

                  const auditor = new Agent({
                    name: "compliance-auditor",
                    policies: ["policy://org/base@v1","policy://data/redact@v2"]
                  });

                  auditor.on("report.generate", async (ctx) => {
                    const d = await decide("generate_report", ctx);
                    if (!d.allowed) return d.reason;
                    return ctx.tools.reports.create({ locality: d.locality });
                  });

Prove compliance by construction

Run a guided demo with local-only processing and signed traces.

Watch demo