Getting Started — AI Runtime Governor

Real-time governance, compliance, and observability for autonomous AI agents.
Evaluate every tool call before execution. Enforce custom policies. Detect multi-step threats. Stay audit-ready.

AI Runtime Governor is a managed API that sits between your AI agents and the tools they invoke — providing policy enforcement, risk scoring, behavioural fingerprinting, and full audit trails out of the box.

Base URL: https://api.airg.nov-tia.com
Dashboard: https://app.airg.nov-tia.com

Quick Start
Core Concepts
Authentication & API Keys
Integrating Your Agent
Dashboard
Post-Execution Verification
Conversation Logging
Agent Trace Observability
Real-Time Streaming (SSE)
Policy Management
SURGE v2 — Cryptographic Governance Receipts
Escalation & Alerting
Agent Fingerprinting
Impact Assessment
Compliance & Regulatory
API Reference
Troubleshooting

Quick Start

Get your first governance decision in under 2 minutes.

Step 1: Get your API key

Step 2: Verify connectivity

bash

curl https://api.airg.nov-tia.com/healthz
# → {"status":"ok"}

Step 3: Evaluate your first tool call

bash

curl -s -X POST https://api.airg.nov-tia.com/actions/evaluate \
  -H "X-API-Key: airg_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "tool": "shell",
    "args": {"command": "rm -rf /"},
    "context": {"agent_id": "my-agent"}
  }' | jq .

Response:

json

{
  "decision": "block",
  "risk_score": 95,
  "explanation": "Destructive filesystem operation",
  "policy_ids": ["shell-dangerous"],
  "execution_trace": [...]
}

That's it. Your agent now has real-time governance. Every call returns a decision (allow, review, or block), a risk score (0–100), and a full execution trace showing exactly why.

Step 4: Install an SDK (optional)

bash

# Python
pip install airg-client

# TypeScript / JavaScript
npm install @airg/governor-client

# Java (Maven)
<dependency>
  <groupId>dev.airg</groupId>
  <artifactId>governor-client</artifactId>
  <version>0.3.0</version>
</dependency>

Core Concepts

How It Works

Every tool call your agent makes passes through a multi-layer evaluation pipeline before execution. The pipeline short-circuits on the first block:

Your Agent → POST /actions/evaluate
                │
                ├─ Kill Switch           ← global emergency halt
                ├─ Injection Firewall    ← pattern detection + normalisation
                ├─ Scope Enforcer        ← tool whitelist enforcement
                ├─ Policy Engine         ← built-in + custom policies
                ├─ Risk Analysis         ← heuristic scoring + pattern detection
                └─ Verification          ← post-execution compliance
                        │
                        ▼
              Response {
                decision:    "allow" | "review" | "block",
                risk_score:  0–100,
                explanation: "...",
                policy_ids:  ["shell-dangerous"],
                chain_pattern: "<pattern-name>" | null,
                execution_trace: [...]
              }
                        │
                        ├─► Audit trail (searchable, exportable)
                        ├─► Real-time SSE stream (dashboard + webhooks)
                        ├─► SURGE v2 receipt (hash-chained, compliance-tagged, sovereign-attested)
                        └─► Escalation engine (review queue + notifications)

Every layer emits a TraceStep with timing, risk contribution, and detail — making every governance decision fully explainable and auditable.

Decisions

Decision	Meaning	Agent Should
`allow`	Tool call is safe	Proceed with execution
`review`	Needs human review	Queue for approval or skip
`block`	Dangerous — rejected	Do NOT execute the tool

Chain Analysis

The Governor detects multi-step attack patterns by examining session history. When a pattern is detected, the risk score is automatically boosted and the pattern name is stored in the chain_pattern response field.

Detected patterns include credential exfiltration sequences, privilege escalation chains, lateral movement attempts, data staging, scope probing, and other adversarial behaviours. Each pattern applies a dynamic risk boost based on severity.

Chain analysis runs automatically on every evaluation. No configuration required. Detected patterns appear in the Chain Analysis dashboard tab.

Data Persistence

All evaluation logs, policy versions, audit trails, fingerprint profiles, and compliance records are stored in a fully managed PostgreSQL database. Data is encrypted at rest and retained according to your account plan.

Authentication & API Keys

Auth Methods

All protected endpoints accept three authentication methods simultaneously:

Method	Header / Param	How to Obtain
JWT Bearer	`Authorization: Bearer <token>`	`POST /auth/login`
API Key	`X-API-Key: airg_<key>`	Dashboard API Keys tab, or `POST /auth/me/rotate-key`
Query Param	`?token=<jwt>`	For SSE/EventSource (browser can't set headers)

Getting a Token

bash

# Login → JWT token
TOKEN=$(curl -s -X POST https://api.airg.nov-tia.com/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username":"admin","password":"your-password"}' | jq -r .access_token)

echo $TOKEN

Getting an API Key

bash

# Rotate your own API key (self-service)
curl -s -X POST https://api.airg.nov-tia.com/auth/me/rotate-key \
  -H "Authorization: Bearer $TOKEN" | jq .

# Returns: {"api_key": "airg_abc123..."}

Or use the API Keys tab in the dashboard — it shows your key (masked by default), lets you copy or regenerate it, and provides quick-start code samples.

Role-Based Access Control (RBAC)

Role	Evaluate	View Logs	Policies	Kill Switch	Verify	Users	Stream
`admin`	✅	✅	✅ CRUD	✅	✅	✅ CRUD	✅
`operator`	✅	✅	Read	❌	✅	❌	✅
`auditor`	❌	✅	Read	❌	❌	❌	✅

Creating Users

bash

# As admin, create an operator account
curl -s -X POST https://api.airg.nov-tia.com/auth/users \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"username":"agent-ops","password":"secure-password","role":"operator"}' | jq .

Or use the User Management tab in the dashboard.

Account Security

Admin credentials are configured during account provisioning. Contact your organisation's admin or the AI Runtime Governor team to obtain your login credentials.

Tip: After your first login, navigate to the API Keys tab in the dashboard to generate an API key for programmatic access. API keys (airg_… prefix) are the recommended authentication method for agent integrations.

Integrating Your Agent

Option A: SDK (Recommended)

Three official SDKs — authenticate with X-API-Key, throw on block decisions.

Python · `pip install airg-client`

python

import governor_client
from governor_client import evaluate_action, GovernorBlockedError

governor_client.GOVERNOR_URL = "https://api.airg.nov-tia.com"
governor_client.GOVERNOR_API_KEY = "airg_your_key_here"

try:
    decision = evaluate_action("shell", {"command": "ls -la"}, context={
        "agent_id": "my-agent",
        "session_id": "session-123",
        "allowed_tools": ["shell", "http_request", "file_read"],
    })
    print(f"{decision['decision']} — risk {decision['risk_score']}")
except GovernorBlockedError as e:
    print(f"Blocked: {e}")
    # Do NOT execute the tool

TypeScript / JavaScript · `npm install @airg/governor-client`

typescript

import { GovernorClient, GovernorBlockedError } from "@airg/governor-client";

const gov = new GovernorClient({
  baseUrl: "https://api.airg.nov-tia.com",
  apiKey: "airg_your_key_here",
});

try {
  const d = await gov.evaluate("shell", { command: "ls -la" }, {
    agent_id: "my-agent",
    allowed_tools: ["shell", "http_request"],
  });
  console.log(`${d.decision} — risk ${d.risk_score}`);
} catch (err) {
  if (err instanceof GovernorBlockedError) {
    console.error("Blocked:", err.message);
  }
}

Java · `dev.airg:governor-client:0.3.0`

java

GovernorClient gov = new GovernorClient.Builder()
    .baseUrl("https://api.airg.nov-tia.com")
    .apiKey("airg_your_key_here")
    .build();

try {
    GovernorDecision d = gov.evaluate("shell", Map.of("command", "ls -la"));
    System.out.println(d.getDecision() + " — risk " + d.getRiskScore());
} catch (GovernorBlockedError e) {
    System.err.println("Blocked: " + e.getMessage());
}

Environment Variables (all SDKs)

bash

export GOVERNOR_URL=https://api.airg.nov-tia.com
export GOVERNOR_API_KEY=airg_your_key_here

All SDKs read these automatically when explicit configuration is not provided.

Hold / Review Mode (Python SDK)

When the Governor returns a review decision, the Python SDK supports a hold mode that long-polls for human approval:

python

from governor_client import (
    evaluate_action,
    GovernorBlockedError,
    GovernorReviewRejectedError,
    GovernorReviewExpiredError,
)

try:
    decision = evaluate_action(
        "deploy_contract",
        {"contract": "TokenSwap.sol"},
        context={"agent_id": "defi-agent"},
        review_mode="hold",       # wait for human decision
        hold_timeout=120,          # max 120s
    )
    # If we reach here, the action was approved
    print(f"Approved by {decision.get('review_resolved_by')}")
except GovernorBlockedError:
    print("Blocked by policy")
except GovernorReviewRejectedError as e:
    print(f"Human rejected: {e}")
except GovernorReviewExpiredError as e:
    print(f"Review timed out: {e}")

`review_mode`	Behavior
`"proceed"` (default)	Return immediately — caller inspects `decision` field
`"hold"`	Long-poll `POST /escalation/queue/{id}/hold` until human approves, rejects, or timeout

Option B: Direct HTTP

No SDK needed — just POST /actions/evaluate with JSON:

bash

curl -s -X POST https://api.airg.nov-tia.com/actions/evaluate \
  -H "X-API-Key: airg_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "tool": "http_request",
    "args": {
      "method": "POST",
      "url": "https://api.example.com/data",
      "body": {"query": "SELECT * FROM users"}
    },
    "context": {
      "agent_id": "data-pipeline-agent",
      "session_id": "run-456",
      "allowed_tools": ["http_request", "file_read"]
    }
  }' | jq .

Integration Pattern

The standard integration pattern:

┌──────────────┐      ┌──────────────────┐      ┌──────────────┐
│  Your Agent  │─────►│  Governor API    │─────►│  Real World  │
│              │      │  /evaluate       │      │              │
│  1. Decide   │      │  → allow/block   │      │  Tool runs   │
│  2. Ask Gov  │◄─────│                  │      │  only if     │
│  3. Execute  │      │  /verify         │      │  allowed     │
│     if allow │─────►│  → compliant/    │      │              │
│  4. Verify   │      │    violation     │      │              │
└──────────────┘      └──────────────────┘      └──────────────┘

python

# Full lifecycle example (Python)
import governor_client as gc

gc.GOVERNOR_URL = "https://api.airg.nov-tia.com"  # production endpoint
gc.GOVERNOR_API_KEY = "airg_..."  # your API key from the dashboard

# Step 1: Pre-execution governance
decision = gc.evaluate_action("file_write", {
    "path": "/app/config.py",
    "content": "DEBUG = True"
}, context={"agent_id": "my-agent"})

if decision["decision"] == "block":
    print("Blocked — skipping execution")
elif decision["decision"] == "allow":
    # Step 2: Execute the tool
    result = actually_write_file("/app/config.py", "DEBUG = True")

    # Step 3: Post-execution verification (optional but recommended)
    import httpx
    verify_resp = httpx.post(f"{gc.GOVERNOR_URL}/actions/verify", json={
        "action_id": decision["action_id"],
        "tool": "file_write",
        "result": {"status": "success", "output": "Wrote 1 line"},
        "context": {"agent_id": "my-agent"}
    }, headers={"X-API-Key": gc.GOVERNOR_API_KEY})
    print(verify_resp.json()["verdict"])  # "compliant" or "violation"

Context Fields

The context object controls scope enforcement and tracing:

Field	Type	Purpose
`agent_id`	string	Recommended — identifies the agent for chain analysis and filtering
`session_id`	string	Groups related tool calls into a session for chain analysis
`allowed_tools`	string[]	If set, blocks any tool not in this list
`user_id`	string	Associate evaluations with a human user
`channel`	string	Communication channel (slack, web, etc.)
`trace_id`	string	Links evaluation to an agent trace tree
`span_id`	string	Parent span for governance span injection
`conversation_id`	string	Links to a conversation for conversation logging
`turn_id`	integer	Turn number within a conversation
`prompt`	string	(opt-in) The agent's reasoning / prompt — encrypted at rest

Dashboard

The dashboard has 16 tabs, each accessible based on your role:

Tab	Icon	What It Shows
Dashboard	📊	Summary: total actions, allow/review/block counts, risk distribution, live feed
Agent Demo	🤖	Run the 17-step demo agent directly from the browser
Action Tester	⚡	Manual tool evaluation form — test any tool /args / context
Policies	📜	CRUD editor for dynamic policies with active/inactive toggle
Review Queue	👁	Pending escalation events — approve / reject actions
SURGE	💎	Hash-chained receipts, Merkle checkpoints, compliance tagging, sovereign attestation
Audit Log	🔍	Full action history with search/filter, SSE live merge (LIVE badge)
Conversations	💬	Agent conversation turns + unified timeline
Verification	✅	Post-execution verification logs
Drift	📈	Per-agent drift detection — deviation from behavioural baseline
Chain Analysis	🔗	Detected multi-step attack patterns (dynamic bar chart)
Traces	🌲	Agent trace explorer — span trees, governance correlation
Topology	🗺	Agent-to-tool interaction graph
API Keys	🔑	View / copy / regenerate your API key + code samples
Settings	⚙️	Kill switch toggle, system configuration
Users	👥	User management — create operators and auditors

Demo Mode vs Live Mode

Demo Mode: Fully self-contained — uses simulated data to showcase all 16 tabs.
Live Mode: Connects to the production backend at https://api.airg.nov-tia.com. All data is real.

Post-Execution Verification

The verification engine inspects tool results after execution — closing the gap between allowing an intent and validating the outcome.

Submit a verification

bash

curl -s -X POST https://api.airg.nov-tia.com/actions/verify \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "action_id": 42,
    "tool": "file_write",
    "result": {
      "status": "success",
      "output": "Wrote 150 lines to /etc/passwd",
      "diff": "- root:x:0:0\n+ root:x:0:0:hacked"
    },
    "context": {
      "agent_id": "my-agent",
      "trace_id": "trace-abc"
    }
  }' | jq .

Verification Checks

The verification engine runs multiple automated checks against tool outputs including credential scanning, destructive output detection, scope compliance validation, anomaly detection, policy re-verification, and behavioural drift analysis. Each check contributes to a final verdict.

Verdict

Verdict	Meaning
`compliant`	All checks passed
`suspicious`	Some checks flagged concerns but below violation threshold
`violation`	One or more critical failures — auto-escalated

List verifications

bash

curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/actions/verifications?verdict=violation" | jq .

Conversation Logging

Opt-in capture of agent reasoning and prompts. All content is encrypted at rest.

Include conversation context in evaluations

python

decision = evaluate_action("shell", {"command": "ls"}, context={
    "agent_id": "my-agent",
    "conversation_id": "conv-abc-123",
    "turn_id": 1,
    "prompt": "User asked me to list directory contents"
})

Batch ingest conversation turns

bash

curl -s -X POST https://api.airg.nov-tia.com/conversations/turns/batch \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '[
    {
      "conversation_id": "conv-abc-123",
      "turn_number": 1,
      "role": "user",
      "content": "List the files in /tmp"
    },
    {
      "conversation_id": "conv-abc-123",
      "turn_number": 2,
      "role": "assistant",
      "content": "I will use the shell tool to list the files."
    }
  ]' | jq .

View conversations

bash

# List all conversations
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/conversations" | jq .

# Get unified timeline (turns + governance actions interleaved)
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/conversations/conv-abc-123/timeline" | jq .

Agent Trace Observability

Capture the full lifecycle of every agent task — LLM reasoning, tool invocations, retrieval steps, and governance decisions as an OpenTelemetry-inspired span tree.

Ingest trace spans

bash

curl -s -X POST https://api.airg.nov-tia.com/traces/ingest \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "spans": [
      {
        "trace_id": "trace-task-001",
        "span_id": "root-span",
        "name": "Research Market Data",
        "kind": "agent",
        "start_time": "2026-02-28T12:00:00Z",
        "end_time": "2026-02-28T12:00:05Z"
      },
      {
        "trace_id": "trace-task-001",
        "span_id": "llm-call-1",
        "parent_span_id": "root-span",
        "name": "GPT-4 reasoning",
        "kind": "llm",
        "start_time": "2026-02-28T12:00:01Z",
        "end_time": "2026-02-28T12:00:03Z"
      }
    ]
  }' | jq .

Zero-config governance correlation

Pass trace_id and span_id in the evaluation context — the Governor auto-creates a governance span as a child:

python

decision = evaluate_action("shell", {"command": "ls"}, context={
    "agent_id": "my-agent",
    "trace_id": "trace-task-001",
    "span_id": "llm-call-1",
})
# → A governance span is auto-created as a child of llm-call-1

View traces

bash

# List all traces
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/traces" | jq .

# Full trace with span tree
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/traces/trace-task-001" | jq .

Span Kinds

Kind	Dashboard Color	What It Represents
`agent`	Red	Root agent task / orchestration
`llm`	Violet	LLM inference call
`tool`	Amber	Tool invocation
`governance`	Red	Governor evaluation (auto-created)
`retrieval`	Cyan	RAG / vector search
`chain`	Green	Multi-step chain execution
`custom`	Gray	Anything else

Real-Time Streaming (SSE)

The Governor pushes every governance decision to connected clients via Server-Sent Events.

Connect to the stream

bash

# Terminal
curl -N -H "Authorization: Bearer $TOKEN" \
  https://api.airg.nov-tia.com/actions/stream

# Or with API key
curl -N -H "X-API-Key: airg_your_key" \
  https://api.airg.nov-tia.com/actions/stream

From JavaScript

javascript

const es = new EventSource(
  "https://api.airg.nov-tia.com/actions/stream?token=" + jwt
);
es.addEventListener("action_evaluated", (e) => {
  const { tool, decision, risk_score } = JSON.parse(e.data);
  console.log(`${tool}: ${decision} (risk ${risk_score})`);
});

Events

Event	When
`connected`	On initial connection
`action_evaluated`	After every `POST /actions/evaluate`
`:heartbeat`	Every 15 seconds (keep-alive)

Check status

bash

curl https://api.airg.nov-tia.com/actions/stream/status
# → {"active_subscribers": 2, "heartbeat_interval_seconds": 15}

The dashboard auto-connects to SSE in Live Mode. A LIVE badge appears in the Audit Log + Dashboard tabs when streaming is active.

Policy Management

Built-in Policies

Multiple governance policies are pre-configured and active on every account. Example:

yaml

- policy_id: shell-dangerous
  description: "Block destructive shell commands"
  tool: "shell"
  severity: critical
  action: block
  args_regex: "(rm\\s+-rf|mkfs|dd\\s+if=|shutdown|reboot)"

Dynamic Policies (API)

Create, update, toggle, and delete policies at runtime:

bash

# Create a policy
curl -s -X POST https://api.airg.nov-tia.com/policies \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "policy_id": "block-external-uploads",
    "description": "Block HTTP uploads to external domains",
    "tool": "http_request",
    "severity": "high",
    "action": "block",
    "url_regex": "^https?://(?!internal\\.company\\.com)"
  }' | jq .

# Toggle a policy on/off
curl -s -X PATCH https://api.airg.nov-tia.com/policies/block-external-uploads/toggle \
  -H "Authorization: Bearer $TOKEN" | jq .

# Partial update (only change description and severity)
curl -s -X PATCH https://api.airg.nov-tia.com/policies/block-external-uploads \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"description": "Updated description", "severity": "critical"}' | jq .

Policy Versioning

Every edit creates an immutable PolicyVersion snapshot + PolicyAuditLog with before/after JSON diffs. You can restore any previous version:

bash

# List versions
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/policies/block-external-uploads/versions" | jq .

# Restore a version
curl -s -X POST \
  "https://api.airg.nov-tia.com/policies/block-external-uploads/versions/2/restore" \
  -H "Authorization: Bearer $TOKEN" | jq .

Policy Cache

Policies are cached with a 10-second TTL. After creating or updating a policy, allow up to 10 seconds for the change to take effect across all evaluations.

SURGE v2 — Cryptographic Governance Receipts

Every governance decision produces a hash-chained, compliance-tagged receipt proving that a specific agent action was evaluated on specific infrastructure, under a specific jurisdiction. Receipts are tamper-evident — altering any single record breaks the entire chain.

Feature	Description
Hash Chain	Each receipt includes the previous receipt’s SHA-256 digest — tamper-evident chain
Merkle Checkpoints	Periodic Merkle tree roots for efficient batch verification (default: every 100 receipts)
EU AI Act Tagging	Auto-tags receipts with applicable Articles (9, 12, 13, 14, 15, 17, 26)
NIST AI RMF	Maps to GOVERN-1.1, MAP-1.1, MEASURE-2.1, MANAGE-1.1, MANAGE-2.1
OWASP LLM Top 10	Tags LLM01 (Injection), LLM02 (Info Disclosure), LLM05, LLM06, LLM10
Sovereign Attestation	Each receipt embeds deployment_id, jurisdiction, operator, infrastructure, data_residency
Auditor Export	Download JSON bundles with receipts, checkpoints, and independent verification instructions

SURGE v2 Endpoints

Method	Path	Description
`GET`	`/surge/v2/status`	Engine status, chain integrity, deployment info
`POST`	`/surge/v2/issue`	Issue a new governance receipt
`GET`	`/surge/v2/receipts`	List receipts (filterable by agent_id, decision)
`GET`	`/surge/v2/receipts/:id`	Get specific receipt
`GET`	`/surge/v2/receipts/:id/verify`	Verify single receipt integrity
`POST`	`/surge/v2/checkpoint`	Create Merkle tree checkpoint
`GET`	`/surge/v2/checkpoints`	List all Merkle checkpoints
`GET`	`/surge/v2/verify`	Verify entire receipt chain
`GET`	`/surge/v2/export`	Download auditor-ready compliance bundle

bash

# Check SURGE v2 status
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/surge/v2/status" | jq .

# List receipts
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/surge/v2/receipts" | jq .

# Verify chain integrity
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/surge/v2/verify" | jq .

# Export compliance bundle
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/surge/v2/export?period_start=2026-01-01&period_end=2026-03-31" | jq .

Escalation & Alerting

Automated escalation engine with 5 notification channels:

Channel	Integration
Email	SMTP (any provider)
Slack	Webhook URL or Bot API token
WhatsApp	Meta Cloud API
Jira	Issue creation via REST API
Webhook	Generic HTTP POST

Auto-Kill-Switch

The escalation engine monitors for sustained high-risk activity and automatically engages the kill switch when genuine threats are detected. Thresholds are calibrated to minimize false positives.

Configure notification channels

bash

# Create a Slack channel
curl -s -X POST https://api.airg.nov-tia.com/notifications/channels \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "security-alerts",
    "channel_type": "slack",
    "config_json": {
      "webhook_url": "https://hooks.slack.com/services/T.../B.../..."
    },
    "is_active": true
  }' | jq .

View escalation events

bash

curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/escalation/events?status=pending" | jq .

# Approve an event
curl -s -X PUT https://api.airg.nov-tia.com/escalation/events/42/approve \
  -H "Authorization: Bearer $TOKEN" | jq .

Agent Fingerprinting

Behavioural fingerprinting automatically tracks each agent's usage patterns and detects deviations from established baselines.

The fingerprint engine monitors 6 deviation dimensions:

Check	What It Detects
Tool distribution	Agent using tools outside its normal pattern
Risk score drift	Average risk shifting higher than baseline
Action frequency	Unusual spike or drop in evaluation volume
Block rate	Abnormal increase in blocked actions
Session pattern	Changes in session duration/length
Temporal pattern	Activity outside normal time windows

Retrieve fingerprint data via the API:

bash

# List all fingerprinted agents
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/fingerprint/agents" | jq .

Impact Assessment

Built-in AI impact assessment engine aligned with international governance frameworks.

Supported Frameworks

Framework	Coverage
ISO 42001	AI management system requirements
NIST AI RMF	Risk management framework for AI systems
EU AI Act	European AI regulatory compliance

Endpoints

bash

# Assess a specific action
curl -s -X POST https://api.airg.nov-tia.com/impact/assess \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"tool": "deploy_contract", "args": {}, "context": {"agent_id": "my-agent"}}' | jq .

# Get impact assessment for an agent
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/impact/assess/agent/my-agent" | jq .

# List all assessed agents
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/impact/agents" | jq .

Compliance & Regulatory

Five compliance modules are included with every account:

Module	What It Does
PII Scanner	Detects PII (emails, SSNs, phone numbers) in tool arguments and outputs
Injection Detector	Detects prompt injection attempts beyond the built-in firewall
Budget Enforcer	Per-agent budget and quota enforcement
Metrics	Prometheus-compatible `/metrics` endpoint for your monitoring stack
Compliance Exporter	Generate compliance reports for auditing and regulatory submissions

All modules run automatically in the evaluation pipeline. No configuration required.

Regulatory Clauses

The Governor includes regulatory clause mappings for three frameworks:

bash

# List all clauses
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/compliance/clauses" | jq .

# Filter by framework
curl -s -H "Authorization: Bearer $TOKEN" \
  "https://api.airg.nov-tia.com/compliance/clauses/eu_ai_act" | jq .

# Seed clauses (first time)
curl -s -X POST https://api.airg.nov-tia.com/compliance/clauses/seed \
  -H "Authorization: Bearer $TOKEN" | jq .

Available frameworks: eu_ai_act, nist_ai_rmf, owasp_llm_top10.

Drift Detection

Drift detection compares an agent's current behaviour against its historical baseline to identify behavioural changes.

The verification engine includes drift-detection as one of its checks — it compares:

Tool usage distribution — is the agent calling different tools than usual?
Risk score trend — is the average risk score climbing?
Action outcome pattern — is the block/review ratio changing?

Drift scores are computed per-agent and displayed in the Drift dashboard tab as trend charts. High drift scores may indicate compromised agent behaviour or configuration changes.

API Reference

Base URL

https://api.airg.nov-tia.com

Authentication

All API calls require one of:

X-API-Key: airg_your_key header (recommended)
Authorization: Bearer <jwt_token> header
?token=<jwt> query parameter (for SSE/EventSource)

Key Endpoints

Method	Endpoint	Description
`GET`	`/healthz`	Health check
`POST`	`/auth/login`	Authenticate and receive JWT
`POST`	`/auth/me/rotate-key`	Generate / rotate API key
`POST`	`/actions/evaluate`	Evaluate a tool call (core endpoint)
`GET`	`/actions`	List evaluation history
`POST`	`/actions/verify`	Post-execution verification
`GET`	`/actions/stream`	Real-time SSE event stream
`GET/POST`	`/policies`	List / create governance policies
`PATCH`	`/policies/:id`	Update a policy
`PATCH`	`/policies/:id/toggle`	Enable / disable a policy
`GET`	`/policies/:id/versions`	Policy version history
`POST`	`/conversations/turns/batch`	Batch ingest conversation turns
`GET`	`/conversations`	List conversations
`GET`	`/conversations/:id/timeline`	Unified conversation timeline
`POST`	`/traces/ingest`	Ingest agent trace spans
`GET`	`/traces`	List traces
`GET`	`/traces/:trace_id`	Full trace with span tree
`GET`	`/surge/v2/status`	SURGE engine status and chain integrity
`GET`	`/surge/v2/receipts`	List governance receipts
`GET`	`/surge/v2/verify`	Verify receipt chain integrity
`GET`	`/surge/v2/export`	Download compliance bundle
`GET`	`/escalation/events`	Escalation review queue
`PUT`	`/escalation/events/:id/approve`	Approve an escalation
`POST`	`/notifications/channels`	Create notification channel
`GET`	`/fingerprint/agents`	Agent fingerprint profiles
`POST`	`/impact/assess`	Run impact assessment
`GET`	`/compliance/clauses`	Regulatory compliance clauses
`GET`	`/summary/overview`	Governance summary statistics
`GET`	`/admin/status`	Kill switch status

Rate Limits

Endpoint	Limit
`POST /auth/login`	5 requests / minute
`POST /actions/evaluate`	120 requests / minute
All other endpoints	Fair use

SDKs

Language	Package	Install
Python	`airg-client`	`pip install airg-client`
TypeScript/JS	`@airg/governor-client`	`npm install @airg/governor-client`
Java	`dev.airg:governor-client`	Maven Central `0.3.0`

All SDKs auto-read GOVERNOR_URL and GOVERNOR_API_KEY from environment variables.

Troubleshooting

Problem	Solution
401 Unauthorized	Token expired (8-hour TTL). Re-authenticate via `POST /auth/login` or use an API key instead.
403 Forbidden	Your account role lacks permission. Contact your admin to update your role.
Policy changes not visible	Policy cache refreshes every 10 seconds. Wait briefly and retry.
Kill switch won't release	`curl -X POST https://api.airg.nov-tia.com/admin/resume -H "Authorization: Bearer $TOKEN"`
All evaluations return "block"	Kill switch may be engaged. Check at `GET /admin/status` and resume if needed.
SSE stream disconnects	15s heartbeat keeps connections alive. Check proxy/firewall timeouts. Dashboard auto-reconnects.
CORS errors in browser	Contact support to add your domain to the allowed origins list.
SDK connection timeout	Verify `GOVERNOR_URL` is `https://api.airg.nov-tia.com` and outbound HTTPS is allowed.

Support

© 2026 SOVEREIGN AI LAB