Aegis — Workflow Guardrail Engine

Workflow Guardrail Engine

Aegis

Govern every step before it runs.

The OPA-backed workflow guardrail engine. At every sensitive moment in a business flow, Aegis answers one precise question: may this action proceed, and under what conditions?

One-line summary

OPA-backed — ForgeRules authors, Aegis compiles, OPA evaluates. Effect model — ALLOW, DENY, ALLOW with obligations. Same model for human and AI actors.

Part of the Pommala governed platform stack — one architecture where every authority answers exactly one class of question.

What it is

The problem it solves

The OPA-backed workflow guardrail engine. At every sensitive moment in a business flow, Aegis answers one precise question: may this action proceed, and under what conditions?

Without a dedicated workflow guardrail layer, policy logic gets embedded in orchestration code — hard to review, hard to change, invisible to auditors. Aegis separates those concerns cleanly with governed assets that have their own lifecycle.

Asset classes

ALLOW

The step may proceed. Sphinx continues execution as compiled.

DENY

The step is blocked. Sphinx routes to the configured denial handler.

ALLOW + Obligations

The step proceeds under declared conditions: human review, escalation, justification capture, supervisor notification, enhanced audit marker.

Capabilities