Reframe · /stacks/adapters
Engineering · Platform / DevOps
The enforcement pipeline — the ordered controls every agent request passes through.
Enforcement Stacks
Enforcement Chain
default-egress
agent request in
●Identity Checkinspect
Resolve the calling agent and its owner from the request identity.
on
12.4k passed
24h
↓
●LLM Allow/Denyallow-deny
Permit approved model endpoints; block all other LLM destinations.
on
312 blocked
24h
↓
◐PII Redactiontransform
Detect and strip PII from request bodies before egress — currently observe-only.
observe
1.1k flagged
24h
↓
●Spend Capallow-deny
Block requests once the agent or team exceeds its token budget.
on
0 blocked
24h
↓
✕Require Owner Before Egressallow-deny
Block egress from any agent without an assigned owner. Disabled — unowned agents pass through.
off
not enforcing
24h
↓
●Audit Loginspect
Record every decision with agent, destination, and verdict for the audit trail.
on
12.1k logged
24h
↓
egress out
Reordering or disabling nodes changes live enforcement. The OFF Require Owner Before Egress node is why marketing-gpt could egress while still unowned — turning it on closes the gap.