Edictum

Edictum

Runtime governance for AI agents. Edictum checks actions before tools execute, routes approvals, and records decision evidence.

AI Assistance

Right page if: you need an overview of Edictum or help finding the right docs page. Wrong page if: you want to install and run Edictum -- see https://docs.edictum.ai/docs/quickstart instead. Gotcha: Edictum is not prompt engineering and not an orchestrator. It checks actions before tools execute: allow, block, ask for approval, warn, redact, and record the decision. The optional reference API/app stack coordinates rulesets, approvals, and audit, but enforcement still runs in the agent runtime path.

Edictum is runtime governance for AI agents with real tool access.

It checks actions before tools execute: allow, block, ask for approval, warn, redact, and record the decision. Rulesets enforce tool-call boundaries, Workflow Gates enforce ordered process with evidence, and adapters make the same runtime model work across agent frameworks.

Start here:

Features

See the full runtime governance feature map grouped by user problem.

Quickstart

Write one ruleset and block a bad tool call.

Runtime Governance

Map agent rules to runtime decisions, approvals, evidence, and audit trails.

Runtime Core And Reference Stack

See what enforces locally and what the optional API/app stack coordinates.

Workflow Gates

Stage work, require evidence, and pause for approval.

Rulesets

Define what agents can read, write, call, or return.

Reference API/App Stack

Coordinate rulesets, approvals, audit, and visibility across agents.

Product Model

Edictum is built around runtime decisions:

  1. The agent attempts an action.
  2. Edictum evaluates rules, workflow state, principal context, and side-effect class.
  3. The action is allowed, blocked, routed for approval, warned, or redacted.
  4. The decision is recorded for audit and reporting.
attempted action -> decision -> allow/block/approval -> audit record

Feature Taxonomy

User problemFeature categoryStart here
Should this agent action run right now?Runtime DecisionsFeatures
What can the agent read, write, call, or return?Rulesets And Policy-As-CodeYAML reference
Did the agent follow the required process?Workflow GatesWorkflow Gates
Which actions need a human decision?Human Approval GatesApprovals
Can we prove what happened later?Audit, Evidence, And ReportingDecision telemetry
What would this rule change have changed?Replay And Blast-Radius PreviewCLI reference
Can I use this with my current stack?SDKs And Framework AdaptersAdapter overview
Can this control coding agents and local runners?Gate CLI And Coding AssistantsGate guide
How do teams coordinate across agents?Reference API/App StackReference API/app stack
What common risks can I cover immediately?Security And Compliance StartersOWASP Agentic starter

Install

pip install edictum[yaml]
npm install @edictum/core
go get github.com/edictum-ai/edictum-go

Core Runtime Docs

Quickstart

Install Edictum, load a ruleset, and block a dangerous tool call.

How the Pipeline Works

See the runtime path from tool-call envelope to decision and audit event.

Rule Types

Choose pre, post, session, and sandbox rules.

Choosing Rule Types

Pick the right rule family for a concrete runtime problem.

Workflow Gates

Workflow Gates enforce process with evidence. Rulesets answer whether one tool call is in bounds. Workflow Gates answer whether the agent is allowed to be at this point in the process.

apiVersion: edictum/v1
kind: Workflow
metadata:
  name: feature-delivery

stages:
  - id: implement
    entry:
      - condition: file_read("specs/feature.md")
        message: "Read the spec first"
    checks:
      - command_matches: "git diff"
        message: "Inspect your changes before review"
    exit:
      - condition: exec("pnpm test", exit_code=0)
        message: "Tests must pass"

  - id: review
    entry:
      - condition: stage_complete("implement")
    approval:
      message: "Human approval required"

Workflow Gates Runtime

Runtime behavior, evidence model, and SDK parity notes.

Workflow Reference

Exact kind: Workflow schema and validation rules.

Gate Guide

Apply runtime governance to coding assistants and local tool runners.

SDKs And Adapters

The same ruleset model works across SDKs, but adapter parity is documented per language. Use the SDK pages as the source of truth for each runtime.

Python SDK

Reference SDK, Python adapters, server connection, and local Workflow Gates.

TypeScript SDK

Node and TypeScript SDK with shared YAML semantics.

Go SDK

Go rules engine, Gate CLI, adapters, and documented workflow runtime path.

Adapter Overview

Framework adapters across Python, TypeScript, and Go.

Operations

Audit and Observability

Record allow, block, approval, observe, and execution decisions.

Reference API/App Stack

Optional API and app for ruleset delivery, approvals, events, and visibility.

Runtime Core And Reference Stack

The local enforcement and optional coordination boundary.

Security Overview

Threat model, fail-closed behavior, and common starter controls.

Roadmap

Current, next, later, and not-planned product direction.

Last updated on

On this page

Product ModelFeature TaxonomyInstallCore Runtime DocsWorkflow GatesSDKs And AdaptersOperations