← c15c15 / wf1 - Persona App (Direction D build) / Stacks·persona-app-v1-v1 · 2026-06-03 · draft
Qpoint
QP
← Engineering/Enforcement Stacks & Adapters
Reframe · /stacks/adapters

Engineering · Platform / DevOps

The enforcement pipeline — the ordered controls every agent request passes through.

A stack is an ordered chain of adapters. Each agent request is matched to a stack and walked through its adapters in order — inspect, allow/deny, transform, log. Reordering or disabling a node changes live enforcement immediately.

Enforcement Stacks

4 stacks

Enforcement Chain

default-egress

Requests enter at the top and exit at the bottom. Order is enforcement order.

agent request in
Identity Checkinspect

Resolve the calling agent and its owner from the request identity.

on

12.4k passed

24h

LLM Allow/Denyallow-deny

Permit approved model endpoints; block all other LLM destinations.

on

312 blocked

24h

PII Redactiontransform

Detect and strip PII from request bodies before egress — currently observe-only.

observe

1.1k flagged

24h

Spend Capallow-deny

Block requests once the agent or team exceeds its token budget.

on

0 blocked

24h

Require Owner Before Egressallow-deny

Block egress from any agent without an assigned owner. Disabled — unowned agents pass through.

off

not enforcing

24h

Audit Loginspect

Record every decision with agent, destination, and verdict for the audit trail.

on

12.1k logged

24h

egress out
Reordering or disabling nodes changes live enforcement. The OFF Require Owner Before Egress node is why marketing-gpt could egress while still unowned — turning it on closes the gap.