References for engineering and compliance teams: how Spctre works, what it produces for auditors, and how it protects your data.
No. Spctre is stack-neutral. You can start with CLI hooks, SDK ingestion, REST calls, MCP tools, or framework adapters without migrating to a new runtime. Start in observe mode to build confidence, then move selected agents to enforcement when your policy workflow is ready.
Most teams have audit log ingestion running within a day. Gateway enforcement requires a policy bundle and a gateway endpoint — typical rollout is one to two weeks depending on how many runtimes you're connecting. Spctre's observe mode lets you test policies against real traffic before any enforcement goes live.
Spctre evaluates the agent, connector, action, environment, and runtime context against your active policy bundle. A DENY halts the action and records the decision. A REVIEW pauses the workflow and routes it to a human approver before the action can proceed. An ALLOW records the decision and lets the agent continue.
Every decision record includes the agent identity, connector, action, environment, runtime target, matched policy references, reviewer state, decision status, timestamp, and artifact hash of the active policy bundle. Review decisions additionally store the approver identity, rationale, and resolution time.
Yes. REVIEW decisions pause the workflow, route the action to a named approver, and preserve the full claim, resolution, reviewer identity, rationale, and policy references in the operations ledger. Approvers can act from the Spctre UI or via API.
Spctre governs agent actions — it does not train models, route LLM traffic, or manage cloud infrastructure. It also does not replace your provider invoices: cost and token figures in the dashboard are directional governance telemetry, not billing records.
Spctre evaluates agent actions through a normalized surface called the Agent Governance Target (AGT). Regardless of which framework, model, or cloud your agents run on, Spctre maps each action to the same structure — agent, connector, action, environment, runtime target, and policy context — so policies and audit logs are consistent across your entire fleet.
A low-latency enforcement point that evaluates each action against your active policy bundle and returns ALLOW, DENY, or REVIEW with policy references and trace IDs. Designed to sit inline without adding meaningful latency to your agent workflows.
A versioned, hashed artifact containing the rules a runtime enforces. Every bundle is linked to a branch, revision, reviewer, and simulation log — so you can prove which policy was active at the time of any decision.
Start with audit log ingestion and framework watch mode. Policies run against real traffic without blocking anything. Move individual runtimes to gateway enforcement or human review as your confidence grows — at your own pace.
REVIEW decisions pause the agent workflow and route the action to a named approver. The approver sees the full decision context, approves or rejects, and the outcome is recorded in the operations ledger with their identity and rationale.
AWS Bedrock, Google ADK, Azure AI, OpenAI Agents, LangChain, CrewAI, AutoGen, Claude, Codex, Gemini, MCP, REST, and custom agent infrastructure. If a runtime can describe its agent, tool, action, and environment, it can be mapped into Spctre.
Internal tooling and proprietary agent frameworks can be integrated via REST or the SDK. Spctre's normalized AGT model means your internal agents get the same audit and enforcement coverage as off-the-shelf runtimes.
Spctre produces exportable compliance packets containing policy references, runtime targets, artifact hashes, reviewer chains, timestamps, and decision records. An auditor can inspect exactly how any agent action was governed — who approved it, which policy applied, and what the outcome was.
Spctre records which policy permitted access to a PHI-adjacent connector, who reviewed exceptions, and what redaction or retention rules applied. Decision records are scoped per tenant and exportable for covered-entity audits.
Policy change history, reviewer decisions, bundle artifact hashes, and gateway outcomes export directly as evidence for access control, change management, incident response, and monitoring trust service criteria.
Audit logs covering access management, change control, supplier integrations, and operational review are structured, timestamped, and exportable — ready to map against Annex A controls.
Spctre logs the connector scope, data access context, and policy reference for every agent action. Retention windows are configurable per workspace, and audit records can be purged on request without breaking the structural log.
Spctre records connector scope, environment boundaries, and reviewer state for payment-adjacent actions. Compliance packets confirm that sensitive card data boundaries were enforced at the policy layer, not just assumed.
Traceable policies, monitored runtime decisions, human review paths, and operating logs satisfy Govern, Map, Measure, and Manage functions — giving risk teams documented evidence that AI controls are active and auditable.
Spctre enforces strong tenant isolation, configuration provenance, and credential scoping. Audit logs and compliance packets are exportable in formats suitable for regulated public-sector review.
Export a structured packet for any decision window: policy refs, runtime targets, artifact hashes, reviewer chains, timestamps, and outcomes — everything an auditor needs to verify how your agents were governed without requiring direct system access.