AI agents break trust when their authorization boundaries are implicit. ConsentGraph gives you a deterministic, auditable policy layer that travels with your deployment—bridging the gap between LLM reasoning and hard infrastructure constraints.
Four tiers. No ambiguity.
SILENT
Execute and log. High-trust actions the agent handles autonomously. No notification, full audit trail.
VISIBLE
Execute and notify. Agent acts, then tells the operator what it did and why. Undoable.
FORCED
Ask first. Low-confidence or sensitive actions require explicit operator approval before execution.
BLOCKED
Never execute. Absolute prohibition. Attempt is logged and operator is alerted.
Three lines to integrate
from consentgraph import check_consent tier = check_consent("aws_ecs", "update_service", confidence=0.92) # → "SILENT" | "VISIBLE" | "FORCED" | "BLOCKED"
Define policy in JSON
{
"domains": {
"aws_ecs": {
"autonomous": ["describe_clusters", "list_services"],
"requires_approval": ["update_service", "stop_task"],
"blocked": ["delete_cluster", "deregister_task_definition"]
},
"kubernetes": {
"autonomous": ["get_pods", "get_logs"],
"requires_approval": ["rollout_restart", "scale_deployment"],
"blocked": ["delete_namespace", "create_clusterrolebinding"]
}
}
}
MCP-native MCP
# Any MCP-compatible agent can query your policy directly consentgraph mcp # Tool exposed: check_consent(domain, action, confidence) → tier
Ready for FedRAMP & CMMC
ConsentGraph ships 9 production-ready policy profiles for AWS ECS, Azure Government, GCP, Kubernetes, Terraform, and more. Every domain maps directly to NIST 800-53 and NIST 800-172 controls—so your compliance team can review agent policy without reading agent code.
AWS ECS
AWS Cost Optimizer
Kubernetes
Azure Gov · FedRAMP-High
CMMC-L3 DevOps
GCP
Azure DevOps
Terraform / IaC
Multi-Agent Orchestrator