GOVERNANCE LAYER
Default-Deny by Policy.
Evidence by Default.
Most agent tools start permissive and audit later. Clyro flips that. Every action runs against your policy first, every decision lands in the Violation Chain, and the Coverage Dashboard rolls it all into a reliability score per agent that reviewers, auditors and security teams can point at.
The inversion: from observability to evidence
A trace tells you what happened. A policy tells you what was allowed. Clyro checks the policy before the agent acts, and stores the verdict with the rule, the input and the outcome. The same trace your engineers use to debug becomes the evidence your auditor reviews.
The result is a governance layer with two properties most agent stacks lack: actions are bounded by policy, not by hope, and the audit trail is per-action and append-only, not a sampled telemetry stream.
The three surfaces
Policy Wizard
Compose rules from concerns, regulations and the tools an agent can call. Default-deny under the hood. Push the resulting policy to every machine the agent runs on.
Violation Chain
An append-only record of every blocked or allowed action: the rule, the tool call, the parameters, the verdict. Audit-grade, evidentially clean.
Coverage Dashboard
Which concerns and regulations are covered by policy, which are gapped, which are firing in production. Rolls into the Agent Reliability Index per agent.
Walkthrough
A regulated-buyer walkthrough: Policy Wizard authors the rules, Coverage Dashboard shows what is and is not covered, Violation Chain stores the evidence per action. The interactive product walkthrough lives on the homepage product demo section.
Clyro vs. ML observability vendors
Arize, Fiddler and WhyLabs were built for traditional ML monitoring. They observe outputs after the fact. They do not enforce policy, do not produce a per-action audit trail with rule attribution, and do not roll up into a reliability score per agent. The gap is architectural, not feature-level.
| Vendor | Runtime | Evidence | Reliability | Surface |
|---|---|---|---|---|
| Clyro | Enforces policy at runtime (default-deny) | Violation Chain per agent, append-only | ARI per agent, drift-aware | Built for agents |
| Arize | Observes outputs post hoc | Trace exports for ML models | Model quality metrics, no agent-policy view | Adapted from ML monitoring |
| Fiddler | Observes outputs post hoc | Drift + fairness reports for ML | Model performance, not agent reliability | Adapted from ML monitoring |
| WhyLabs | Telemetry, no enforcement | Statistical drift logs | Data drift, not policy coverage | Adapted from ML monitoring |
What this means for a regulated review
- Policy as artefact. The YAML lives in your repo. Reviewers see the rules; auditors see the evidence of each enforcement.
- One identifier per action. Every Violation Chain entry has a deterministic id you can cite in a ticket, a change record or a tribunal filing.
- Coverage you can show. The Coverage Dashboard answers "which of our concerns are covered by policy?" in one screen.
- ARI you can point at. A single reliability score per agent, with the contributing dimensions broken out.