Governance by Construction for Generalist Agents
A new paper from arXiv (2605.20874) presents CUGA's policy system, a modular policy-as-code layer that composes with generalist LLM agents to deliver predictable, auditable, and compliance-aware behavior in compound workflows without model fine-tuning. The runtime governance architecture enforces policy interventions at five structural checkpoints: Intent Guard (upstream of planning), Playbook (within system prompt to steer reasoning), Tool Guide (at tool-call boundary), Tool Approvals (Human-in-the-Loop for high-risk actions), and Output Formatter (output stage). This design allows enterprises to specify which actions are allowed, when human oversight is required, and what information may be exposed, without rebuilding the agent for each domain. The system is demonstrated in the context of enterprise agents operating autonomously across tools and interfaces, addressing production deployment needs for governance by construction.
Enables safe, auditable deployment of autonomous agents in regulated enterprise environments.