Uncontrolled actions
Agents make API calls, send messages, move data. Without enforcement, "the LLM did it" is not an answer your auditor accepts.
AGR assurance
The governance runtime under every AI agent we deploy
AGR is the assurance layer Shreeja Technologies uses on every client engagement. Policy, approvals, risk scoring, and tamper-evident audit — built in from day one, not bolted on.
The problem
Why AI projects stall in regulated organizations
Most enterprise AI pilots fail at the same gate — security, audit, and operational risk. AGR exists to make that gate routine instead of fatal.
No paper trail
Grepping logs after the fact is not an audit artifact. Regulators want signed, sequenced, tamper-evident records — by request.
No human checkpoint
Sensitive actions — payments, deletions, customer escalations — must wait for a person. That gate has to be built before the demo, not after the incident.
Capabilities
Six controls. Every engagement.
AGR ships the same enforcement stack on every project — no slideware, no "coming soon".
1. Policy engine
Declarative policies evaluated on every agent tool call. Outcomes: allow, deny, or route to approval. Versioned, testable, reversible.
2. Approval workflows
Durable multi-step approvals with SLA timers, reminders, escalation, and reassignment. Decisions arrive via email or Slack.
3. Risk scoring
Six-factor risk score per action, with per-organization weights and thresholds. Borderline actions auto-escalate; high-risk actions auto-deny.
4. Tamper-evident audit
SHA-256 hash-chained events with per-tenant sequence numbers and monthly partitioning. Exportable as a signed evidence pack on demand.
5. Compliance plugins
Findings mapped to EU AI Act Art. 13, SOC 2 CC6.1, and ISO 42001 §8.4 — advisory by default, enforcing where policy requires.
6. Tenant isolation
Postgres row-level security on every table. Tenants cannot see each other's data — enforced at the database, not at the application.
How it works
Every agent action runs the same gate
From the agent's perspective it is one call. Under the hood, AGR sequences six checks in milliseconds.
📥
Evaluate request
POST /v1/evaluate
→
📜
Policy check
Cedar engine
→
📊
Risk score
6 factors · 0–100
→
✅
Decision
allow · deny · approve
→
🔗
Hash-chained audit
SHA-256 sequence
Median end-to-end latency stays within budget for production agents. Cached evaluations return in tens of milliseconds.
Compliance mapping
Evidence your auditor will actually accept
Every AGR decision is labelled against the control frameworks your security and compliance teams already operate.
EU AI ACT · ART. 13
Transparency obligations: every agent decision carries an explainable trace of the policy and data that produced it.
SOC 2 · CC6.1
Logical access controls and authorisation gates on every privileged action. Reviewable, time-stamped, attributable.
ISO 42001 · §8.4
AI system operation and monitoring controls, including human oversight and incident-ready audit retention.
Other frameworks — HIPAA, DPDP Act, GDPR Art. 22, RBI guidelines — supported through custom policy packs.
Deployment
Run AGR where your data is allowed to live
Same product, three placements. Your data residency and compliance posture decide which.
Shreeja-managed cloud
Fastest path to value. We host, patch, and operate AGR in a single-region cloud account. Suitable for pilots and most production workloads.
Single-tenant cloud
Your VPC, your region, your keys. We deploy and operate; data never leaves the boundary you specify.
Air-gapped on-prem
Signed license, pre-built images, no outbound calls. Designed for banks, pharma, and government environments.
Video walkthrough
See AGR in a real engagement
A short walkthrough of how governed delivery is presented to business stakeholders.
AGR walkthrough
2m 55s · business-ready overviewHow governed delivery is communicated to business stakeholders during a typical engagement.
Risk-aware AI adoption
Governance confidence
Decision-ready visibility
If playback does not start, download the walkthrough video.
Bring AGR to your AI rollout
We will scope your highest-risk AI use case and ship a governed pilot — policy, approvals, audit, and a real evidence pack — in 30 to 45 days.