Runtime Governance SDKIn-process orchestration

Runtime Governance Guide

Reference guide for governed runtime calls, governance gates, compliance lifecycle, and runtime-platform interoperability.

When to choose which surface

Pick one surface per integration path and avoid mixing semantics in the same snippet.

Unified SDK (`createArelis`): recommended for most use cases. Provides `governedInvoke()` and `agents.run()` with built-in PII scanning, policy enforcement, risk scoring, and audit logging.

Platform API Client: use when you need `/api/v1/*` wrappers for existing platform resources (events, policies, risk, proofs, replay, exports).

Runtime Governance SDK: use when your service executes governed model/tool calls in-process and needs runtime policy gates, evaluation hooks, and compliance orchestration.

Code examples

Expand any example to see the full code in Python, TypeScript, or REST.

governedInvoke

PII scan + policy eval + model call + risk scoring in one step.

agents.run

Governed agent tool loop with event, graph, and proof enrichment.

Governance gate pattern

Pre-invocation gate for policy + PII checks.

PII scanning with platform logging

Scan prompts for PII and log detection events to the platform.

Governed model generation

Policy-enforced model invocation with full audit trail via governedInvoke.

Compliance operations

Generate proofs, verify artifacts, and replay runs using the platform API client.

Runtime to platform sync contract

Use /api/v1/events/batch for runtime event sync and preserve provenance metadata.

Policy evaluation routing

Local runtime gate vs managed platform evaluation.

Use local runtime evaluation when invocation latency is critical and policy bundles are already distributed to the service.

Use platform endpoint evaluation when you need centrally managed policy versioning, cross-service consistency, and managed policy audit history.

Replay and proof correlation

Correlate runtime `runId` with platform records for investigation workflows.

Persist runtime `runId` as the primary join key across runtime outputs, synced events, proof artifacts, and replay jobs.

Store proof artifact IDs and replay IDs in run metadata so support and compliance teams can traverse both runtime and platform timelines deterministically.