Governance
Governance in PrysmAI is part of the same control plane that powers traces, threats, and policy evidence.
The important concepts are:
- session
- event
- policy
- violation
- evidence
What the MCP surface should produce
When an MCP-connected runtime is instrumented correctly, PrysmAI should be able to record:
- LLM calls
- tool calls
- decisions
- file changes
- delegation events
- behavioral checks
That lets the dashboard answer:
- what happened?
- what policy fired?
- why did it fire?
- what evidence was captured?
Session model
The session is the main unit of governance review.
Within a session, PrysmAI collects:
- timeline events
- behavioral assessments
- security findings
- resource access findings
- multi-agent findings
- policy violations
Policy model
Policies are now framed as compliance and governance packs, not just threshold snippets.
Examples:
- EU AI Act Human Oversight
- SOC 2 Logical Access
- SOC 2 Processing Integrity
- ISO 27001 Logging and Monitoring
- ISO 42001 AI Risk Baseline
- Multi-Agent Delegation Traceability
Why this matters
The governance layer is only real if it produces action and evidence, not just scores.
That is why the current product work is focused on:
- policy-backed enforcement
- session-linked evidence
- exact drill-down into violations, policies, and templates
- parity between proxy-originated and MCP-originated activity