Governance Pipeline

The governance pipeline is the core of GovernLayer. A single POST to /v1/govern runs drift detection, risk scoring, the decision engine, and logs the result to the immutable audit ledger.

The governance response model

Properties

  • Name
    system_name
    Type
    string
    Description

    The name of the AI system being governed.

  • Name
    drift_score
    Type
    float
    Description

    Behavioral drift score between 0.0 (no drift) and 1.0 (maximum drift).

  • Name
    drift_details
    Type
    string
    Description

    Human-readable explanation of the drift analysis.

  • Name
    risk_score
    Type
    object
    Description

    6-dimension risk assessment with overall score and individual dimensions.

  • Name
    decision
    Type
    string
    Description

    Governance decision: APPROVE, FLAG, or ESCALATE.

  • Name
    reasoning
    Type
    string
    Description

    Explanation of why this decision was made.

  • Name
    ledger_hash
    Type
    string
    Description

    SHA-256 hash of this ledger entry.

  • Name
    previous_hash
    Type
    string
    Description

    SHA-256 hash of the previous ledger entry (chain link).

  • Name
    timestamp
    Type
    string
    Description

    ISO 8601 timestamp of the governance decision.

POST/v1/govern

Run governance pipeline

Run the full governance pipeline on an AI agent behavior. This is the primary endpoint for real-time governance.

Required attributes

  • Name
    system_name
    Type
    string
    Description

    Name of the AI system being evaluated.

  • Name
    behavior
    Type
    string
    Description

    Description of the observed AI agent behavior.

Optional attributes

  • Name
    expected_behavior
    Type
    string
    Description

    The expected or authorized behavior for comparison.

  • Name
    framework
    Type
    string
    Description

    Compliance framework to evaluate against. One of: SOC2, GDPR, ISO27001, EU_AI_ACT, HIPAA, NIST_AI_RMF, NIST_CSF, ISO42001, PCI_DSS, CCPA, NIS2, DORA, DSA, DMA.

  • Name
    context
    Type
    string
    Description

    Additional context about the AI system or deployment.

Request

POST
/v1/govern
curl -X POST https://api.governlayer.ai/v1/govern \
  -H "X-API-Key: gl_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "system_name": "customer-support-agent",
    "behavior": "Offered 50% discount without authorization",
    "expected_behavior": "Follow pricing guidelines, escalate discounts above 10%",
    "framework": "SOC2"
  }'

Response

{
  "system_name": "customer-support-agent",
  "drift_score": 0.87,
  "drift_details": "High behavioral deviation. Agent violated pricing authorization policy.",
  "risk_score": {
    "overall": 72,
    "dimensions": {
      "data_sensitivity": 45,
      "autonomy_level": 80,
      "decision_impact": 90,
      "regulatory_exposure": 65,
      "model_complexity": 55,
      "deployment_scope": 68
    }
  },
  "decision": "ESCALATE",
  "reasoning": "Drift score 0.87 exceeds threshold. Risk level HIGH. Escalating for human review.",
  "ledger_hash": "sha256:a1b2c3d4e5f6...",
  "previous_hash": "sha256:9f8e7d6c5b4a...",
  "timestamp": "2026-04-25T14:30:00Z"
}

Was this page helpful?