Action-control & evidence layer

Content · integrity · action

Govern what an agent does — not just what it says.

Director-Class AI sits between an autonomous agent and its effectors. It reviews high-impact shell, SQL, infrastructure, API, and MCP actions before they dispatch; uncertain or high-risk actions escalate to human approval, and every decision emits a tamper-evident audit record. A separate commercial product built above the Apache-licensed Director-AI base.

Effector-boundgoverns the action, before dispatch
Human-in-loophigh-risk escalates for approval
Tamper-evidentaudit & evidence on every verdict
CommercialBUSL-1.1, source-available

One verdict, three planes

Most guardrails check the words. This one checks the act.

A parallel detector ensemble governs three planes at once. The action plane is the differentiator; content and integrity are supporting signals that feed effector-bound governance, not a standalone prevention guarantee.

Content

Is what it says grounded?

Response-level checks on whether the model's output is true and supported — the same family of signals Director-AI provides.

Integrity

Was the input tampered with?

Detects manipulation of the input or surrounding context before it shapes a decision.

Action — the differentiator

Is what it does safe to run?

The shell, SQL, infrastructure, API, and MCP call the agent is about to make is reviewed before dispatch; destructive or high-risk actions are blocked or escalated.

What it does

A control point between the agent and the real world.

Pre-dispatch action review

High-impact shell, SQL, infrastructure, API, and MCP tool calls are evaluated before they execute — not after the damage is done.

Human escalation

Uncertain or high-risk actions are held and routed to a human for explicit approval instead of dispatching automatically.

Tamper-evident evidence

Every verdict emits an audit and evidence record, so an agent's real-world actions carry a durable, reviewable trail.

SDK, MCP gateway, SIEM export

Drop it in as a library, run it as an MCP gateway in front of your tools, and stream decisions to your existing SIEM.

The action checkpoint

Five lines between intent and effect.

# gate a destructive command before it runs
from director_class_ai.action import DestructiveCommandDetector
from director_class_ai.core import ParallelEnsembleScorer, EvaluationRequest

guard = ParallelEnsembleScorer([DestructiveCommandDetector()])
verdict = guard.evaluate(EvaluationRequest(action="rm -rf /"))

assert verdict.allow is False
assert verdict.requires_human is True

The same checkpoint wraps any effector-bound action your agent takes — a shell command, a SQL statement, an infrastructure API call, an MCP tool invocation.

A blocked action does not silently fail: it returns a verdict with the reason, the requires-human flag, and the evidence record that explains the decision.

Built above the Apache-licensed Director-AI base, which it reuses for the content and integrity planes.

pre-dispatch governanceshell · SQL · infra · API · MCPhuman-in-the-looptamper-evident auditSIEM exportBUSL-1.1

Honest status

Production-ready. Commercial access on request.

Director-Class AI is production-ready and source-available under the Business Source License 1.1. Commercial pricing is being finalised — reach out for early commercial access and an evaluation. Benchmark evidence to date is local functional evidence; we do not position it as a public advantage claim.