Adding Governance
This tutorial covers adding governance policies to control and audit agent behavior.
What is Governance?
Governance in Waxell includes:
- Rate Limiting: Control execution frequency
- Approval Workflows: Require human approval for sensitive actions
- Audit Logging: Track all agent actions
- Policy Enforcement: Apply rules to agent behavior
Rate Limiting
Limit how often an agent can execute:
@agent(
name="email-sender",
rate_limit={
"requests_per_minute": 10,
"tokens_per_minute": 50000
}
)
class EmailSender:
pass
Approval Requirements
Require human approval for sensitive operations:
@tool(requires_approval=True)
def delete_account(self, ctx, user_id: str):
"""Delete user account - requires human approval."""
pass
@tool(
requires_approval=True,
approval_policy="two_person_rule"
)
def transfer_funds(self, ctx, amount: float, destination: str):
"""Transfer funds - requires two approvers."""
pass
Audit Logging
All agent actions are automatically logged:
# View audit logs via CLI
# wax agent trace <execution_id>
# Or query programmatically
from waxell_infra.telemetry import get_execution_trace
trace = get_execution_trace(execution_id)
for event in trace.events:
print(f"{event.timestamp}: {event.action}")
Policy Configuration
Configure policies in the control plane:
# policies/email-sender.yaml
agent: email-sender
rules:
- name: rate-limit
type: rate_limit
config:
requests_per_minute: 10
- name: content-filter
type: content_filter
config:
blocked_patterns: ["password", "ssn", "credit card"]
- name: require-approval
type: approval
config:
actions: ["delete_account"]
approvers: ["admin"]
Next Steps
- Production Guide - Deploy with governance
- Enterprise Guide - Advanced governance features