Splendor
Reference

Governance

Approvals, interventions, escalation, circuit breakers, policies, and audit.

Governance

Governance is runtime state and verifier behavior. It pauses, denies, narrows, or explains authority; it does not create a side-effect path around the gateway.

Approval flow

Approval policies can require scoped approval before an action executes. Missing approval evidence returns NeedsApproval; the adapter is not called. Resume from approval-waiting state requires scoped approval evidence and still re-enters the gateway/verifier chain.

Denial, expiry, revocation, wrong scope, unsupported schema, or verifier uncertainty fails closed.

Escalation and intervention

Escalation policies can turn runtime facts such as verifier uncertainty, repeated failure, quota pressure, policy expiry, approval timeout, or safety risk into a denial, pause, or intervention outcome.

Circuit breakers

Circuit breakers deny matching actions by scope: tenant, agent, adapter, action, action class, node, instance, fleet, or global. Matching breakers prevent adapter execution and are replay-explainable.

Policy TTL and revocation

Policy bundles can expire or be revoked. Missing, expired, or revoked policy must fail closed for affected side-effectful work.

Audit and replay

Audit exports and replay explain approvals, denials, expiries, revocations, escalations, circuit breakers, and policy decisions without calling external approval systems or executing adapters.

On this page