Agents get scopes, not
the keys to everything
govern.sh evaluates every tool call against policy before it executes. Grant the exact actions each agent needs, cap what it can spend, and let the Policy Enforcement Point deny the rest — in single-digit milliseconds.
Least privilege, per agent, per tool
Replace the god-mode API key with a matrix your security team can actually read. Every agent gets an explicit grant for every tool — allow, deny, or require approval — and anything not granted is denied by default.
Default deny — an agent can only do what a policy explicitly grants
Grants scoped to actions and amounts, not whole APIs — refund up to $500, never charge
Change a grant once and it applies fleet-wide on the very next call
Reads like English, enforces like infrastructure
Policies live in version control next to the agents they govern. Nine lines declare what an agent may touch, how much it may spend, and when a human signs off — and the engine compiles them to real-time enforcement.
Declarative policies your whole team can review — shipped through the same PR flow as any other code
Versioned history, so you always know exactly which policy governed any past action
Approval thresholds route high-stakes calls to a human automatically — no extra glue code
A gate on the hot path that never becomes the bottleneck
The Policy Enforcement Point sits between your agents and their tools, evaluating every call before it executes — as a lightweight sidecar or an in-process SDK call.
In-line, not after the fact
Enforcement happens on the call path. A denied action is a prevented action — not a finding in next week's log review.
Sub-10ms decisions
Median policy decisions land in 8.4ms and keep getting faster. Your agents will not notice the gate — until it saves them.
Blocked before the API call
Denied actions never reach the provider — no rollbacks, no cleanup scripts, no incident channel at 2am.
Spend caps built in
Budgets evaluate inside the same decision, so a runaway loop stops at the cap — not on the invoice.
Every verdict signed
Allow, deny, or hold — each decision lands in the audit trail as a chained, Ed25519-signed receipt.
Built to work as one system
Passports, policies, approvals, and receipts share one control plane — each primitive makes the others stronger.
Give your agents scopes, not secrets.
Write your first policy in nine lines and watch it enforce on the very next call. Free for your first three agents.