EdictumFeatures
Edictum feature map grouped by the runtime governance problem each feature solves.
Right page if: you need the categorized feature map for Edictum across runtime decisions, rulesets, workflow gates, approvals, audit, replay, SDKs, Gate CLI, the reference stack, and security starters. Wrong page if: you need install commands -- see https://docs.edictum.ai/docs/quickstart. Gotcha: features are grouped by user problem. The reference API/app stack is optional; enforcement still happens in the agent runtime path.
Edictum is runtime governance for AI agents with real tool access.
It checks actions before tools execute: allow, block, ask for approval, warn, redact, and record the decision. This page groups the feature surface by the problem a team is trying to solve.
Runtime Decisions
Problem: Should this agent action run right now?
Runtime decisions are the center of Edictum. Every tool call enters the same decision path before the tool executes.
| Feature | What it does | Start here |
|---|---|---|
| Pre-tool decisions | Evaluates an attempted tool call before side effects happen | How the pipeline works |
| Decision actions | Returns allow, block, ask, warn, or redact depending on rule type and mode | Rule types |
| Principal-aware evaluation | Uses caller, role, environment, and metadata context in rules | Principals |
| Side-effect aware rules | Treats read, pure, write, and irreversible tools differently | Architecture |
| Structured block reasons | Gives agents a specific reason instead of a vague refusal | Designing block messages |
| Dry-run evaluation | Tests would-allow and would-block outcomes without executing the tool | Dry-run evaluation |
Proof loop:
attempted action -> decision -> allow/block/approval -> audit recordRulesets And Policy-As-Code
Problem: What is this agent allowed to read, write, call, or return?
Rulesets are policy-as-code for single tool-call boundaries. They are written as YAML and shared across Python, TypeScript, and Go.
| Feature | What it does | Start here |
|---|---|---|
| YAML rulesets | Defines tool-call rules in kind: Ruleset documents | YAML rule reference |
| Pre rules | Blocks or asks before a tool executes | Preconditions |
| Post rules | Warns, redacts, or blocks output after a tool returns | Postconditions |
| Session rules | Caps attempts, tool executions, and per-tool usage | Session rulesets |
| Sandbox rules | Restricts paths, commands, and domains | Sandbox rules |
| Operators and interpolation | Matches arguments, metadata, principals, and dynamic message values | Operators, variable interpolation |
| Templates | Starts from common rule patterns instead of a blank file | Templates |
| Schema validation | Validates rules before rollout | CLI reference |
Future ruleset work includes base ruleset inheritance and overlays where the shipped SDK surface supports it.
Workflow Gates
Problem: Did the agent follow the required process before moving forward?
Workflow Gates enforce ordered process with evidence. They are one feature family inside runtime governance, not the whole product.
| Feature | What it does | Start here |
|---|---|---|
| Ordered stages | Moves an agent through named runtime stages | Workflow Gates runtime |
| Entry conditions | Blocks a stage until required prior work exists | Workflow reference |
| Checks | Enforces tool and command constraints while a stage is active | Workflow Gates runtime |
| Exit conditions | Requires proof before a stage can complete | Workflow reference |
| Evidence requirements | Records file, command, approval, and MCP result evidence | Workflow Gates runtime |
| Terminal stages | Stops the agent after the workflow is done | Workflow reference |
| Stage snapshots | Records active stage, completed stages, and blocked reasons | Audit sinks |
| Conformance fixtures | Tests whether the workflow catches process violations | Testing rulesets |
Workflow Gates are documented across the SDKs, but this page does not claim full feature parity. Verify the exact SDK version and workflow surface before depending on a workflow feature in production.
| SDK | Workflow Gates surface | Parity note |
|---|---|---|
| Python | workflow_path, workflow_content, or a prebuilt WorkflowRuntime | Reference implementation path; check the package version for the exact condition set. |
| TypeScript | WorkflowRuntime with loadWorkflowString() | Documented runtime path; do not assume every Python helper exists in TypeScript. |
| Go | workflow.Load() plus guard.WithWorkflowRuntime() | Documented runtime path; Gate uses Go, but SDK and Gate behavior should still be verified per release. |
Human Approval Gates
Problem: Which actions need a human decision before execution?
Humans stay in the review path where it matters. Edictum can pause an action, route it for approval, and continue only when a decision is recorded.
| Feature | What it does | Start here |
|---|---|---|
ask decisions | Converts a rule match into a pending approval instead of immediate execution | Preconditions |
| Timeout behavior | Fails closed when approval is not granted in time | Human-in-the-loop approvals |
| Approval backends | Uses local or server-backed approval providers | Lifecycle callbacks |
| Approval queues | Stores pending approvals for operator review | Reference API/app stack |
| Telegram approval path | Supports interactive approve/block buttons today | Telegram setup |
| Webhook and notification channels | Sends approval notifications to Slack, Discord, webhook, or Telegram | Notification channels |
| Approval audit trail | Records approval request, grant, block, and timeout events | Audit sinks |
Audit, Evidence, And Reporting
Problem: Can we prove what happened later?
Audit and evidence features make runtime governance inspectable after the run.
| Feature | What it does | Start here |
|---|---|---|
| Structured audit events | Emits decision records for allow, block, approval, observe, and execution outcomes | Decision telemetry |
| Local audit sinks | Writes audit data to memory, stdout, files, or OpenTelemetry | Observability setup |
| Server-backed audit | Sends event streams to the optional reference API/app stack | Connecting agents |
| Signed decision bundles | Ties rule content and decision history together for later proof | Ruleset signing |
| Workflow snapshots | Records stage state and evidence beside decisions | Workflow Gates runtime |
| Run/session correlation | Connects decisions back to runs, agents, sessions, and ruleset versions | Decision telemetry |
| Reporting queries | Planned guidance for querying decision logs and SQL sinks | Roadmap |
guard.summary() | Planned helper for local run summaries | Roadmap |
Replay And Blast-Radius Preview
Problem: What would this rule change have changed?
Replay and blast-radius preview let teams evaluate rule changes before promoting them.
| Feature | What it does | Start here |
|---|---|---|
| Ruleset replay | Compares historical events against a candidate ruleset | CLI reference |
| Would-block analysis | Shows which actions would have been blocked in observe or replay mode | Observe mode |
| Saved versions | Keeps ruleset versions available for comparison | Reference stack rulesets |
| Promotion safety | Uses replay before enforcing a stricter rule | Testing rulesets |
| Blast-radius summary | Planned public summary of affected tools, principals, and runs | Roadmap |
SDKs And Framework Adapters
Problem: Can I use this with my current agent stack?
Edictum is framework-independent at the ruleset layer. SDK and adapter parity is documented per surface; do not assume every adapter or workflow helper exists in every language.
| Feature | What it does | Start here |
|---|---|---|
| Python SDK | Reference SDK for rulesets, adapters, server connection, and local Workflow Gates | Python SDK |
| TypeScript SDK | Node/TypeScript SDK with shared YAML semantics and TypeScript adapters | TypeScript SDK |
| Go SDK | Go rules engine, Gate CLI, adapters, and documented workflow runtime path | Go SDK |
| Shared schemas | Keeps ruleset semantics aligned across SDKs; workflow parity is documented separately | YAML rule reference |
| Conformance fixtures | Keeps adapter behavior honest across languages | Adapter comparison |
| Python adapters | LangChain, LangGraph, OpenAI Agents, Claude SDK, CrewAI, Google ADK, Semantic Kernel, Agno, and Nanobot docs | Adapter overview |
| TypeScript adapters | Vercel AI SDK, Claude Agent SDK, LangChain.js, OpenAI Agents SDK, and OpenClaw docs | TypeScript adapters |
| Go adapters | Google ADK Go, LangChainGo, Eino, Anthropic SDK Go, and Firebase Genkit docs | Go adapters |
Gate CLI And Coding Assistants
Problem: Can Edictum control coding agents and local tool runners?
Gate is the local enforcement path for coding assistants and other tool runners.
| Feature | What it does | Start here |
|---|---|---|
| Go CLI | Ships the canonical edictum command | CLI reference |
edictum validate | Validates ruleset and workflow files | CLI reference |
edictum check | Evaluates one tool-call envelope against a ruleset | CLI reference |
edictum replay | Replays captured events against rulesets | CLI reference |
edictum gate init | Creates local Gate config for coding assistant enforcement | Gate guide |
edictum gate run | Runs a command under Gate enforcement | Gate guide |
| Local WAL | Buffers audit events locally before sync | Gate guide |
| Skill scanner | Reviews local skill directories for risky patterns | Skill scanner |
| Self-protection rules | Blocks changes to enforcement files unless the workflow allows it | Gate guide |
| Ruleset signing | Verifies that rules came from a trusted source where supported | Ruleset signing |
Reference API/App Stack
Problem: How do teams coordinate visibility, approvals, and audit across agents?
The reference API/app stack is optional. Enforcement still happens in the agent/runtime path.
| Feature | What it does | Start here |
|---|---|---|
| API keys | Authenticates agent-to-API traffic for the hosted stack | Setup |
| Events ingestion | Receives decision and run events from agents | API reference |
| Runs and agents | Groups activity by run, agent, workspace, and session | Connecting agents |
| Rulesets and versions | Stores, versions, signs, and distributes rulesets | Reference stack rulesets |
| Approvals | Stores approval requests and operator decisions | Human-in-the-loop approvals |
| Audit feed | Gives teams a central decision stream | Reference API/app stack |
| SSE/hot reload | Pushes ruleset updates to connected agents | Hot reload |
| Notification channels | Sends approval notifications to Telegram, Slack, Discord, or webhook | Notification channels |
| Sample run | Creates a quick reference run for app/API validation | API reference |
| Signed bundle download | Planned proof bundle for ruleset and decision review | Roadmap |
Security And Compliance Starters
Problem: What common agent risks can I cover immediately?
Security starters turn common agent risk patterns into rulesets, tests, and evidence.
| Feature | What it does | Start here |
|---|---|---|
| Adversarial tests | Tests whether rules hold up against bypass attempts | Adversarial testing |
| Secret redaction | Detects and redacts sensitive output | Data protection patterns |
| Destructive command blocking | Blocks unsafe shell or deployment commands | Change control patterns |
| Data scope restrictions | Restricts what the agent can read, write, or send | Access control patterns |
| Prompt-injection-adjacent tool controls | Limits the actions available after untrusted content is read | Defense scope |
| OWASP Agentic starter controls | Starter control set for common agentic risks | OWASP Agentic starter |
| EU AI Act mapping | Supports compliance conversations after the runtime controls are in place | Compliance mapping |
Feature Map
| User problem | Feature category |
|---|---|
| Should this agent action run right now? | Runtime Decisions |
| What can the agent read, write, call, or return? | Rulesets And Policy-As-Code |
| Did the agent follow the required process? | Workflow Gates |
| Which actions need a human decision? | Human Approval Gates |
| Can we prove what happened later? | Audit, Evidence, And Reporting |
| What would this rule change have changed? | Replay And Blast-Radius Preview |
| Can I use this with my agent stack? | SDKs And Framework Adapters |
| Can this control coding agents and local runners? | Gate CLI And Coding Assistants |
| How do teams coordinate across agents? | Reference API/App Stack |
| What common risks can I cover immediately? | Security And Compliance Starters |
Last updated on