CodcompassCodcompass
Back to KB
Difficulty
Intermediate
Read Time
7 min

TypeScript

By Codcompass TeamΒ·Β·7 min read

TealTiger v1.2: Deterministic Governance Engine for AI Agents

Current Situation Analysis

AI agents are rapidly evolving from passive question-answering systems to active executorsβ€”calling APIs, querying databases, running code, and managing persistent memory. This shift fundamentally changes the security surface: the risk is no longer "what the model says," but "what the agent does."

Traditional guardrail solutions are architecturally misaligned with this new reality. They focus on content filtering, prompt injection detection, and output moderation. While necessary, these approaches are insufficient for agent workflows because they treat symptoms rather than governance root causes. They lack mechanisms for:

  • Tool Authorization: Controlling which APIs/tools an agent can invoke after being prompted.
  • Memory Governance: Restricting read/write scopes across session, user, and global memory layers.
  • Cost & Reliability Limits: Preventing runaway loops or cascading failures.
  • Audit Evidence: Providing reproducible, deterministic proof of why an action was permitted or blocked.

Content safety is not governance. Without a deterministic decision path, organizations face non-reproducible enforcement, un-auditable agent behavior, and an inability to scale agent operations safely in production.

WOW Moment: Key Findings

TealTiger v1.2 replaces probabilistic LLM-based scoring with a deterministic, pattern-matching governance engine. By removing the LLM from the decision path and enforcing parallel module evaluation, the system achieves sub-15ms latency while guaranteeing identical outputs for identical inputs and policies.

Approachp99 LatencyDecision DeterminismAudit GranularityRuntime Overhead
Traditional LLM Guardrails~450–800msProbabilistic (Non-reproducible)Binary/Text-based logsHigh (LLM inference per request)
TealTiger v1.2 Engine< 15ms100% Deterministic (Same input + policy = same decision)12-action severity scale + 32 reason codesNear-zero (Pattern matching & boolean logic)

Key Findings:

  • Parallel module evaluation via Promise.allSettled eliminates sequential bottlenecks.
  • Explicit deny overrides allow (AWS IAM-inspired merge strategy) prevents policy bypass.
  • 1,657 passing tests with 100% backward compatibility to v1.1.x.
  • TEEC (Typed Evidence & Evidence Contracts) enables full post-hoc reconstruction of every governance decision.

Core Solution

TealTiger v1.2 is a deterministic governance engine that evaluates every agent action against policy at runtime. The architecture is built on four pillars: parallel module evaluation, a graduated action severity scale, fail-closed defaults, and explicit evidence contracts.

Parallel Module Evaluation

Governance is decomposed into independent modules, each owning a single dimension. All modules run concurrently, and the merge strategy enforces the most restrictive action.

Request arrives
    ↓
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ TealSecrets β”‚ TealRegistry β”‚ TealReliabilityβ”‚ TealMemory β”‚
β”‚ (secrets)   β”‚ (allowlist)  β”‚ (circuit brk)  β”‚ (scope)    β”‚
β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜
       β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜               β”‚
                     ↓                               β”‚
              Merge: most restrictive wins β†β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                     ↓
              TEEC validation
                     ↓
              Decision returned

Enter fullscreen mode Exit fullscreen mode

The merge strategy is simple: most restrictive action wins. If TealSecrets returns DENY and TealRegistry returns ALLOW, the final decision is DENY. There is no way to "un-deny" a request.

This is the same principle as AWS IAM's "explicit deny overrides allow" β€” adapted for AI agent governance with 12 graduated actions instead of binary allow/deny.

Action Severity Scale

Severity

Actions

100

DENY, DENY_WRITE, DENY_READ

80

REQUIRE_APPROVAL

70

REDACT, REDACT_AND_WRITE

60

DEGRADE, STORE_SUMMARY_ONLY

50

TRANSFORM

0

ALLOW, ALLOW_WRITE

Fail-Closed by Default

If any module throws an exception during evaluation, the engine returns DENY. A broken guardrail should not become an open door.

const engine = new TealEngineV12({
  policy: myPolicy,
  modules: [new TealSecrets(), new TealRegistry(), new TealMemory()],
  failurePolicy: { default: 'FAIL_CLOSED' }
});

Enter fullscreen mode Exit fullscreen mode

The 7 Governance Modules

TealSecrets β€” Secret Detection Scans content for 500+ secret patterns across 9 categories (API keys, tokens, credentials, certificates, cloud secrets, database stri

ngs, messaging webhooks, payment keys, infrastructure secrets). Each finding includes a confidence score and content fingerprint β€” never the actual secret.

const decision = await engine.evaluateV12(
  { content: 'Deploy with key AKIAIOSFODNN7EXAMPLE...' },
  { correlation_id: 'req-001' }
);
// decision.action === 'DENY'
// decision.findings === [{ type: 'aws_access_key', confidence: 0.95, ... }]

Enter fullscreen mode Exit fullscreen mode

TealRegistry β€” Model & Tool Allowlisting Enforces which models and tools an agent can use. If it's not on the list, the agent can't call it. Supports version pinning and provenance verification.

const engine = new TealEngineV12({
  policy: {
    registry: {
      models: ['gpt-4o', 'claude-3-sonnet'],
      tools: ['web_search', 'file_read'],
      strict: true
    }
  },
  modules: [new TealRegistry()]
});

Enter fullscreen mode Exit fullscreen mode

TealReliability β€” Circuit Breakers & Fallbacks Retry budgets, circuit breakers (3-state: closed/open/half-open), fallback chains, and degradation policies. Prevents cascading failures and runaway costs.

TealMemory β€” Memory Governance Controls what agents can write to and read from memory. 5 scopes (session, agent, user, shared, global) and 4 classification levels (public, internal, confidential, restricted). Introduces 5 new decision actions specific to memory governance.

BundleExporter β€” Evidence Export Every decision produces a structured evidence envelope. Export as SARIF v2.1.0 (for security tooling), JUnit XML (for CI/CD), or JSON (for custom pipelines).

GovernanceDashboard & TEECValidationRunner Governance visualization and evidence contract validation.

TEEC β€” Typed Evidence & Evidence Contracts

Every governance decision in v1.2 is validated against the TEEC registry:

  • 32 reason codes across 8 categories (policy, content, tool, reliability, cost, mode, secrets, memory)
  • 18 event types for audit trail
  • 12 decision actions with severity-based merge

TEEC makes the evidence contract explicit. Every decision includes a correlation_id, timestamp, reason_codes, event_type, teec_version, and component_versions. This is what makes governance decisions reconstructable after the fact.

Docker Governance Sidecar

Not every agent is written in TypeScript or Python. The governance sidecar wraps TealEngine v1.2 as a language-agnostic HTTP API:

docker pull tealtigeradmin/tealtiger-typescript:1.2-governance
docker run -p 8080:8080 tealtigeradmin/tealtiger-typescript:1.2-governance

Enter fullscreen mode Exit fullscreen mode

Six endpoints:

MethodPathPurpose
POST/evaluatePolicy evaluation β†’ Decision
POST/validateTEEC validation
POST/scanSecret detection
GET/healthHealth check
GET/readyReadiness probe
GET/modulesActive module status

Any language can call POST /evaluate and get a governance Decision back:

curl -X POST http://localhost:8080/evaluate \
  -H "Content-Type: application/json" \
  -d '{"content": "Hello", "tool": "web_search", "agent_id": "bot-1"}'

Enter fullscreen mode Exit fullscreen mode

{
  "correlation_id": "req-abc-123",
  "decision": {
    "action": "ALLOW",
    "reason_codes": ["POLICY_COMPLIANT"],
    "risk_score": 0,
    "mode": "ENFORCE"
  }
}

Enter fullscreen mode Exit fullscreen mode

Three-Mode Rollout

Governance adoption doesn't have to be all-or-nothing:

  1. REPORT_ONLY β€” Log everything, enforce nothing. See what would happen.
  2. MONITOR β€” Evaluate fully, but override all decisions to ALLOW. Log what would have been blocked.
  3. ENFORCE β€” Full enforcement. The decision is final.

Start with REPORT_ONLY in production. Graduate to MONITOR. Switch to ENFORCE when you trust the policy.

Getting Started

# TypeScript
npm install tealtiger

# Python
pip install tealtiger

# Docker (language-agnostic)
docker pull tealtigeradmin/tealtiger-typescript:1.2-governance

Enter fullscreen mode Exit fullscreen mode

import { TealEngineV12, TealSecrets, TealRegistry, PolicyMode } from 'tealtiger';

const engine = new TealEngineV12({
  policy: {
    secrets: { enabled: true },
    registry: { models: ['gpt-4o'], tools: ['web_search'] }
  },
  modules: [new TealSecrets(), new TealRegistry()],
  mode: PolicyMode.ENFORCE
});

const decision = await engine.evaluateV12(
  { content: 'Process this request', model: 'gpt-4o', tool: 'web_search' },
  { correlation_id: 'req-001', agent_id: 'support-bot' }
);

Enter fullscreen mode Exit fullscreen mode

Pitfall Guide

  1. Relying on Probabilistic Scoring for Governance: Using LLM-based scoring for agent actions introduces non-determinism. Governance decisions must be reproducible; always prefer pattern matching, boolean logic, and explicit policy rules over model inference.
  2. Ignoring the Fail-Closed Default: Configuring a fail-open policy during module exceptions creates security gaps. Always enforce FAIL_CLOSED so that broken guardrails default to DENY, preventing uncontrolled agent execution.
  3. Misunderstanding the Merge Strategy: The engine uses "most restrictive wins." Attempting to override a DENY with an ALLOW from another module will fail. Design policies assuming explicit deny always propagates to the final decision.
  4. Skipping the Three-Mode Rollout: Deploying directly into ENFORCE mode without validation causes production incidents. Always progress through REPORT_ONLY β†’ MONITOR β†’ ENFORCE to verify policy accuracy against live traffic.
  5. Neglecting TEEC Evidence Contracts: Failing to include correlation_id, reason_codes, and structured exports makes post-incident forensics impossible. Always enable TEEC validation and export decisions in SARIF/JUnit/JSON for audit compliance.
  6. Monolithic Policy Evaluation: Packing all governance logic into a single synchronous evaluator creates latency bottlenecks. Decompose policies into independent parallel modules (secrets, registry, memory, reliability) and leverage Promise.allSettled for sub-15ms p99 performance.
  7. Hardcoding Thresholds Instead of Using the Policy Library: Embedding static rules in application code reduces maintainability and compliance alignment. Use the provided Policy Library templates (OWASP ASI, HIPAA, SOC 2, EU AI Act) and adjust thresholds per environment rather than rewriting logic.

Deliverables

  • πŸ“˜ Governance Architecture Blueprint: Complete reference architecture for TealTiger v1.2, including parallel module evaluation flow, TEEC evidence contract schema, Docker sidecar deployment topology, and severity merge logic diagrams.
  • βœ… Pre-Deployment Governance Checklist: Step-by-step validation guide covering policy configuration, module initialization, fail-closed verification, three-mode rollout sequencing, evidence export setup, and backward compatibility testing.
  • βš™οΈ Configuration Templates: Production-ready copy-paste policy packs (OWASP ASI, HIPAA, SOC 2, EU AI Act), Docker sidecar environment variables, TEEC validation runner configs, and CI/CD integration snippets for SARIF/JUnit evidence pipelines.