Three tiers of enforcement for AI agents - strong, bounded, detectable

Most AI agent frameworks give you zero enforcement. Your agent can call any tool, take any action, and there is no audit trail. Here is how we think about enforcement at three levels. The problem When an AI agent runs in production, you need to answer two questions: Was the agent allowed to do what it did? Can you prove it? Most teams have logging. But logs can be edited. Mutable logs give auditors nothing to verify. Three tiers Strong enforcement The agent never has direct tool access. All tool calls go through a proxy that checks policy before forwarding.