How do I stop an AI agent from overspending on API calls?

Route the agent's calls through a runtime cost cap. With Tenet, you wrap tool calls in tenet.execute() and set a USD budget over a rolling window (1 hour to 7 days). When the cap is hit, further calls return a clean 429 and the agent pauses until the window rolls over, so a runaway loop can't produce a surprise five-figure invoice.

How do I require human approval before an AI agent does something irreversible?

Use approval gates: calls classified as irreversible (like github.repos.delete or stripe.refunds.create) automatically pause as pending reviews instead of executing. The reviewer gets an email, and the held call only executes after explicit approval. With Tenet this is on by default for every account; routine tools can be granted standing auto-approvals.

How do you audit AI agent actions?

Record every attempted tool call with its policy outcome in a hash-chained log: each entry includes a fingerprint of the previous entry, so editing or deleting history breaks the chain detectably. Tenet writes every decision (allowed, escalated, or blocked) to such a tamper-evident audit log, verifiable on demand, which maps to the operational logging expectations of frameworks like the EU AI Act Article 12.

How do I keep API keys out of my AI agent's code?

Use credential mediation: the agent holds a single Tenet API key and nothing else. When a call is allowed, Tenet injects the real GitHub, Stripe, or Anthropic credential server-side at execution time. If a model output is exfiltrated via prompt injection, no third-party secrets go with it.

Does Tenet work with LangGraph and LangChain?

Yes. Tenet is framework-agnostic: drop tenet.execute() inside any LangGraph tool node, wrap raw OpenAI or Anthropic SDK calls, or call the HTTP API from n8n or custom Python. Install with pip install tenet-python; the free tier includes every safety control with 500 decisions per month.

What Is AI Agent Governance and Why It Matters

AI agents are no longer science experiments. They're in production: booking flights, managing infrastructure, approving expenses, writing code that ships to users. And the gap between what they can do and what they should do is growing fast.

The Problem: Autonomy Without Accountability

When you give an AI agent access to tools (your database, your email, your cloud infrastructure), you're handing it real power. The agent can create, modify, and delete resources without understanding the consequences the way a human would.

Most teams building with agents today rely on one of two strategies: trust the model completely, or don't use agents at all. Neither works at scale.

The trust-everything approach fails the first time an agent deletes a production database, sends an email to the wrong customer, or approves a transaction that should have been flagged. The avoid-everything approach means you're leaving massive productivity gains on the table.

What Agent Governance Actually Means

Agent governance is the layer between an AI agent and the real world. It's the system that answers three questions for every action an agent wants to take:

Is this action allowed? Policy evaluation. Your organization defines the rules: which tools agents can use, what data they can access, what actions require approval. The governance layer enforces those rules at runtime, every single time.

Does a human need to review this? Escalation logic. Not every action needs a human in the loop, but some absolutely do. Governance defines the escalation boundaries: this agent can read from the database but needs approval to write. This agent can draft emails but a human must press send.

What happened, and can we prove it? Audit trails. Every decision the governance layer makes gets logged: the policy that matched, the action that was requested, whether it was allowed or denied, who approved it if escalation was required. This is your compliance story.

The Three Governance Modes

Different organizations and different use cases need different levels of human involvement:

Human-in-Command (HIC): The human must approve every action before it executes. The agent proposes, the human disposes. Best for high-stakes operations like financial transactions, customer communications, and infrastructure changes.

Human-in-the-Loop (HITL): The agent acts autonomously within defined boundaries, but escalates when it encounters situations outside those boundaries. Best for operational workflows where most actions are routine but edge cases need judgment.

Human-on-the-Loop (HOTL): The agent acts autonomously and the human monitors. Alerts fire when anomalies are detected, but the agent doesn't wait for approval. Best for high-volume, low-risk operations where speed matters more than individual review.

Why Now?

Three trends are converging. First, tool-use in LLMs has matured: Claude, GPT-4, and others can reliably call APIs and use tools in production. Second, agent frameworks like MCP (Model Context Protocol) are standardizing how agents interact with the world. Third, enterprises are moving past POCs into production deployments.

Without governance, every agent deployment is a liability. With it, agents become a competitive advantage: faster, safer, and auditable.

Getting Started

If you're building with AI agents today, the minimum viable governance stack is straightforward: define which tools each agent can access, set escalation thresholds for sensitive actions, and log every decision. You can add sophistication from there: policy versioning, A/B testing governance modes, anomaly detection on decision patterns.

The key insight is that governance isn't a tax on agent productivity. It's what makes agent productivity possible at scale.

Tenet is a runtime governance layer for AI agents. Define policies, enforce them at every tool call, and maintain a complete audit trail. Get started free →