Governance control plane
for AI agent actions
Every action mediated through graded gates. Every decision bound to an auditable policy hash. Every evasion attempt caught and logged. Not a concept paper — a working engine.
What GLO Does
GLO is a Constitutional Control Plane — applicable to any AI or enterprise system where governance is the enforcement standard, not an afterthought.
Three things, at the boundary between agent intent and real-world action.
Graded Decision Kernel
Not a binary allow/block. Five decisions — ALLOW ATTENUATE STEPUP DENY LOCKDOWN — mapped from a 7-dimension risk vector. The response is proportional to the threat.
Tamper-Evident Audit
Append-only census with SHA-256 hash chain. Every decision record includes the policy hash, risk vector, drift deltas, locks fired, and a cryptographic link to the previous record. The chain is the proof.
Fail-Closed by Design
Unknown tools are denied. Audit write failures halt execution. Encoded payloads trigger evasion detection. Drift budget overruns escalate to lockdown. No silent failures. No unmediated paths.
How It Works
Every proposed agent action passes through this pipeline before anything executes.
Decision precedence is deterministic: Locks → Drift Projection → Gate Mapping → Mode Clamp. No ambiguity.
Architecture at a Glance
K1 Exec · K2 Net · K3 Priv · K4 Auth · K5 Fin · K6 Bio · K7 Evasion
L1–L5 + ALC Guard
Normal · Tight · Admin-Audit
Sk short-term · Lk long-term
| Lock | Name | Invariant |
|---|---|---|
L1 | Audit Integrity | Append-only census; fail-closed on write failure |
L2 | Boundary Mediation | All actions flow through governor wrapper |
L3 | Update Authority | No weight updates outside ADMIN-AUDIT mode |
L4 | Policy Provenance | Every decision bound to a policy hash |
L5 | Evasion Detection | Decode-or-deny for encoded payloads |
ALC | Audit-Layer Capture Guard | Semantic changes require explicit change record |