GOVERNANCE ENGINE

How TELOS governs your agent

TELOS scores every agent action against your Purpose Attractor through a 4-layer cascade. Each layer adds precision. The total overhead is under 20ms. The result is a cryptographically signed verdict: proceed, flag, or block.

The Purpose Attractor

Your Purpose Attractor (PA) is a signed declaration of what your agent was deployed to do and where its boundaries are. TELOS embeds it as a mathematical object — a centroid in high-dimensional space — and measures every action's distance from it.

A vague PA produces loose governance. A specific PA produces tight governance. The quality of your purpose statement directly determines the quality of your governance.

# Your PA defines purpose and boundaries
purpose: "Manage development workflow: review PRs,
  run tests, deploy to staging."
boundaries:
  - "Never push to production without approval"
  - "Never access credentials outside project vault"
signing_key: ed25519:your-tkey

The Scoring Cascade

L0

Pattern matching

<1ms

9,458 boundary patterns. Keyword detection against declared hard boundaries. A match triggers immediate ESCALATE — no downstream scoring needed. Sub-millisecond.

L1

SetFit classification

~3ms

Fine-tuned ML classifier trained on boundary detection. 91.8% detection rate at 5.2% false positive rate. AUC 0.9804 ± 0.018 (5-fold cross-validation on 171 balanced training examples). LOCO AUC: 0.972.

L1.5

Embedding similarity

~5ms

ONNX-optimized MiniLM-L6-v2 embeddings. Measures semantic distance between the action and each dimension of the Purpose Attractor. Catches purpose drift that keywords and classification miss.

L2

Contrastive detection

~8ms

Safe centroid margin scoring. Computes the distance between the action embedding and the purpose centroid relative to a safe-action baseline. Produces a continuous purpose alignment score. No LLM inference — deterministic and auditable.

Total cascade: ~15ms p50, 20ms p95. Every action. In real time.

Verdicts

Layer outputs combine through threshold-based hierarchical override. A boundary trigger at L0 produces immediate ESCALATE. Otherwise, L1 through L2 scores are evaluated against configured thresholds.

EXECUTE

Action within purpose. Proceed. Fidelity ≥ 0.45.

CLARIFY

Action is borderline. Proceed but flag for review. Context injected to help the agent self-correct. Fidelity ≥ 0.35.

ESCALATE

Action outside purpose or boundary violation. Hard stop. Routed to human review. Fidelity < 0.35 or boundary triggered.

INERT

PA unsigned or governance suspended. No scoring occurs. Agent cannot act under governance until the PA is signed.

The Audit Trail

Every verdict produces a governance receipt. Every receipt is Ed25519 signed. Every receipt is hash-chained (SHA-256). Your compliance evidence generates itself — no manual logging, no after-the-fact auditing.

// Governance receipt (simplified)
{
  "sequence": 45164,
  "event": "tool_call_scored",
  "tool_name": "exec",
  "verdict": "execute",
  "fidelity": 0.712,
  "cascade": { "l0": "pass", "l1": 0.92, "l1_5": 0.78, "l2": 0.71 },
  "pa_hash": "b533160047f9...",
  "prev_hash": "4a01b926b45c...",
  "entry_hash": "32fcd18b7816..."
}

Commissioning

Every governed agent starts INERT. You define its purpose. You sign it with your TKey. The signing ceremony is the governance contract — cryptographic proof that this agent was authorized for this purpose by this human.

$ pip install telos-gov
$ telos init --activate <token>
$ telos pa author my-agent.yaml
$ telos pa sign my-agent.yaml
# Agent is now governed. Every action scored.

Start governing your agents

$49/month. Full governance engine. Runs locally. Cancel anytime.

Subscribe — $49/mo Ask Stewart on Discord