Kevros Governance API

Runtime enforcement for autonomous agents. Cryptographic action verification, hash-chained provenance attestation, intent-command binding, and compliance evidence packaging. Every decision is recorded in a tamper-evident ledger. Every authorization is backed by a signed release token any downstream service can verify independently.

Skills

• Action Verification
  Verify an action against policy bounds before execution. Returns ALLOW, CONSTRAIN, or DENY with a signed release token. Downstream services verify the token independently. Fail-closed: verification failure results in DENY.
• Provenance Attestation
  Record an action in a hash-chained, append-only evidence ledger. Each attestation extends the provenance chain. Block signatures issued every 100 records using ML-DSA-87 (FIPS 204). Third parties verify the chain without Kevros access.
• Intent Binding
  Bind a declared intent to a command and verify the outcome matches. HMAC-signed binding proves the chain from intent to command to result is unbroken.
• Compliance Bundle
  Generate a portable compliance evidence package containing hash-chained provenance, intent binding proofs, post-quantum block signatures, and verification instructions. Independently verifiable without Kevros access.
• Media Hash Attestation
  Submit a media file hash for cryptographic attestation. Returns a signed certificate proving the hash was recorded at a specific timestamp in the provenance ledger. Useful for content provenance, media integrity, and audit trails.
• Media Hash Verification
  Verify a media file hash against a previously issued attestation certificate. Returns the attestation status and certificate details. No charge, no authentication required.
• Media Certificate Lookup
  Look up a media attestation certificate by its certificate ID. Returns the full certificate including hash, timestamp, and provenance chain position. No charge, no authentication required.
• Prompt Injection Detection
  Prompt injection detection via ONNX DeBERTa-v3 classifier. Scans text for injection attacks, jailbreaks, and role hijacking attempts. Returns confidence score, risk level, and HMAC-signed result. $0.01/scan or 10 trial scans/day.
• MPP Session Create
  Create a governed streaming payment session. Declare budget, duration, spending rate limit, and allowed service categories. Returns a signed session token for continuous streaming payments within policy bounds. Every session is recorded in the provenance ledger. $0.02/session. POST /governance/mpp/session
• MPP Session Heartbeat
  Mid-session drift check during a streaming payment session. Reports current spend, transaction count, active service, and spending rate. Kevros checks for budget overruns, rate limit violations, and unauthorized service usage. Returns session status (active, warning, suspended, expired) and remaining budget/time. No charge. POST /governance/mpp/heartbeat
• MPP Session Close
  Close a streaming payment session and seal the provenance record. Reports final spend, transaction count, and close reason. Returns sealed provenance hash and compliance bundle availability. No charge. POST /governance/mpp/close

How to call

https://governance.taskhawktech.com