PolicyStrata Agent Assurance
Release gates for enterprise AI agents.
Verify live context and governed-data policies before agent releases reach production. DocPull checks sources; PolicyStrata checks invariants; the control plane stores evidence.
pip install docpull policystrataControl plane for agent releases
Agent Assurance is the commercial system of record around OSS evidence engines, self-hosted runners, release blockers, and audit state.
Ship control
Release gates
Every run lands against a project and release candidate with an explicit pass, fail, blocked, or needs-review state.
- Track projects, release candidates, runner executions, and current blockers
- Separate context findings from policy findings without hiding either signal
- Keep a reviewable history of what changed before an agent shipped
Audit state
Evidence packs
Runners upload normalized metadata, findings, hashes, artifact references, and reviewer decisions.
- Summarize DocPull and PolicyStrata outputs for security review
- Store artifact references and checksums instead of raw customer data by default
- Create compact release narratives for engineering, security, and compliance
Local execution
Self-hosted runners
Customer-sensitive source data, traces, policies, and schemas stay inside the customer environment.
- Run DocPull and PolicyStrata in CI, developer machines, or customer VPCs
- Upload evidence through scoped runner tokens
- Fail CI when configured gates should block release
B2B base
Tenant-aware SaaS
Better Auth organizations, Neon Postgres, and tenant policies make the control plane behave like enterprise software from day one.
- Organization-scoped projects, runs, findings, evidence packs, and runner tokens
- Application queries filter by organization and database policies enforce tenant context
- Separate runtime, auth, and migration connection profiles
DocPull
Source risk
DocPull remains the open-source engine for context freshness, source diffs, citation gaps, and reproducible packs.
- Freshness and source-diff checks for docs, schemas, runbooks, and APIs
- Citation and evidence-missing findings normalized into assurance runs
- Local-first execution with hashes and artifact references for the control plane
PolicyStrata
Policy risk
PolicyStrata remains the open-source engine for tenancy, PII, SQL, RLS, and governance invariants.
- Find tenant-scope, data-access, and release-policy drift across agent layers
- Produce minimized witnesses and affected-surface metadata
- Feed high-severity blockers into release decisions
Product boundary
Engines create evidence. Agent Assurance controls release state.
runner -> evidence -> review -> release decisionClear product boundaries
The open-source engines stay useful on their own. The paid product is the enterprise system of record around release evidence and review.
| Surface | Owns | Emits / Stores | Does Not Own |
|---|---|---|---|
| DocPull | Context/source evidence | Freshness, source diffs, citation gaps, fetch failures, hashes, pack refs | Organizations, releases, reviewers, billing, or dashboards |
| PolicyStrata | Policy and data-access evidence | Tenant-scope failures, SQL/RLS drift, PII signals, witnesses, invariant refs | Hosted approval workflow or enterprise account state |
| Agent Assurance | Release control plane | Projects, runs, findings, evidence packs, release blockers, approvals, audit state | Crawling, source locking, policy scanning, or witness minimization internals |
FAQ
Questions teams ask before using Agent Assurance as an AI release gate.