Runtime Policy Enforcement Architecture
Interactive flow of an AI Agent request through multi-layered access controls
Simulate Safe Action (Preset)
Simulate High-Risk Action
Reset
Action Request
Evaluate
Result
Yes (Preset)
No (High Risk)
Approved
AI Agent
OpenShell Gateway
(PEP)
Policy Engine (PDP)
Network (Egress)
File System (R/W)
Process Execution
Model Inference
In preset?
Execution
(Allow & Log)
TUI Approval
(Human-in-the-loop)
# policy.yaml (Policy-as-Code)
policies:
- id:
network-egress
type:
hot-reloadable
rules:
[
"allow: *.api.com"
]
- id:
process-exec
type:
immutable
Interactive Diagram:
Hover over components to see details, or use the buttons above to step through the enforcement flow.