How it works

Governed actions become checkable events

Atested sits in front of governed AI operations. Every action is evaluated against the same logic a well-informed engineer would apply — then the evaluation and the decision are signed and provable.

The governance flow

The core flow is simple. An AI tool routes an action through Atested. Atested evaluates it against verifiable conditions — the scope, evidence, and constraints that any well-informed engineer would require. If the conditions are met, the action proceeds and the decision is recorded. If not, the action is denied and that denial is recorded too.

1

Action request arrives

A tool submits a governed action through the MCP surface with whatever proof, context, or constraints the governance logic requires.
2

Conditions are evaluated

Atested resolves the decision deterministically where it can. Where deterministic resolution is not possible, it uses a structured and recorded judgment process.
3

ALLOW or DENY is issued

ALLOW means the evidence was sufficient, the scope was valid, and the constraints were satisfied. DENY means something verifiable was missing.
4

Signed record is written

Every decision is recorded into a signed immutable chain so it can be checked later without relying on runtime assertions alone.
decision-chain.jsonl ALLOW 
{
  "tool": "fs_write",
  "capability_class": "FS_WRITE",
  "policy_decision": "ALLOW",
  "timestamp_utc": "2026-03-30T13:12:00Z",
  "operator_intent": "update README",
  "organization_id": "acme-engineering",
  "record_hash": "sha256:0a1b2c3d4e5f...",
  "prev_record_hash": "sha256:f0e1d2c3b4a5...",
  "signature": "ed25519:8f9c2ab1..."
}
The record itself is part of the product surface. The point is not only to decide correctly in the moment, but to preserve checkable evidence of what happened.

What ALLOW and DENY actually mean

Atested does not just log actions after the fact. It evaluates governed actions before they proceed. ALLOW means the action met the verifiable conditions — the evidence was sufficient, the scope was valid, the constraints were satisfied. DENY means something was missing, and the record shows exactly what.

ALLOW

Examples of actions that proceed

A coding agent writes inside an approved project path using an allowed tool and the required execution context. An agent sends a message through an approved channel with the expected recipient scope and supporting context.

DENY

Examples of actions that are stopped

An agent tries to edit files outside the approved workspace, touch production configuration without authority, or assert that tests passed without sufficient evidence to support the claim.

Governance transparency

Atested governs every action that flows through it. It cannot force every action to flow through it, because AI tools also have native capabilities that operate outside any governance layer. That is a structural reality in open environments.

What Atested does is make that boundary visible and measurable. Governed operations produce full signed records. Ungoverned native operations can still be observed and counted through action hooks, so you can see how much of your AI activity is actually under governance.

transparency-summary.json 72% governed 
{
  "governed_operations": 1842,
  "observed_native_operations": 716,
  "transparency_ratio": "72%",
  "observation_mode": "hook-reported",
  "manager_view": "governed vs observed"
}
The goal is not pretending you start at 100 percent. The goal is knowing where you are, seeing what remains outside governance, and improving coverage deliberately.
The underlying principle

Deterministic where possible, recorded judgment where necessary

Governance decisions fall into two kinds: those that can be determined logically, and those that require judgment. Atested resolves as many as possible deterministically — is the evidence present, is the scope valid, are the preconditions met. These aren't arbitrary rules. They're the same questions a careful engineer would ask if they were reviewing every action by hand. Atested asks them consistently, every time, and signs the answer.

The conditions aren't invented. They're logical necessities. If an AI agent wants to write to a file, the deterministic questions are: does the file path resolve to a real, approved location? Is the agent authenticated? Is there a valid chain of decisions leading to this action? A well-informed engineer would ask exactly the same things.

Where judgment is needed, you make the call

Where a decision can't be resolved deterministically, Atested says so. Scoped approvals exist for exactly this case — you make the judgment call, and that judgment is recorded alongside the deterministic decisions. The system is honest about what it can prove and what required your judgment.

Approvals are explicit and revocable

Change the approved artifact and the approval expires. Granting and revoking approvals are themselves recorded in the governance chain, so exceptions stay visible and auditable.

Your dashboard

What you see

The Atested Dashboard gives your team a live view of governance activity, decisions, approvals, audit results, and system health — all backed by the same signed chain the governance engine produces.

Atested Dashboard Governance overview
Demo — sample data
Overview
Activity
Approvals
Audit
Reports
Health

This dashboard shows governance activity for your organization. Every governed action produces a signed record in the decision chain. The metrics below reflect the current state of the governance surface.

47 Chain Events
Healthy Chain Integrity
2 Active Approvals
3 Unique Users
36 / 11 ALLOW / DENY
72% Transparency
47 governed / 18 ungoverned observed
Users
bearer:e1f2a3b4 21 actions
bearer:c8d9e0f1 16 actions
bearer:a2b3c4d5 10 actions
Active Approvals
ArtifactHashGrantedStatus
deploy-script.sh sha256:4f2a8b1c… Mar 28, 2:14 PM Active
ci-runner.py sha256:8b1ce3d7… Mar 29, 9:45 AM Active
Recent Activity
TimeCategoryToolUserDecisionIntent
Mar 30, 1:42 PMGoverned Actionfs_writebearer:e1f2a3b4ALLOWupdate deployment config
Mar 30, 1:38 PMGoverned Actionfs_writebearer:c8d9e0f1DENYedit /etc/hosts
Mar 30, 1:35 PMGoverned Actionfs_readbearer:e1f2a3b4ALLOWread project README
Mar 30, 1:31 PMGoverned Actionmsg_sendbearer:a2b3c4d5ALLOWnotify team channel
Mar 30, 1:28 PMGoverned Actionfs_deletebearer:c8d9e0f1DENYremove .env.production
Mar 30, 1:24 PMGoverned Actionfs_writebearer:e1f2a3b4ALLOWupdate test fixtures
Mar 30, 1:19 PMGoverned Actioncapabilities_executebearer:a2b3c4d5ALLOWrun lint check
Mar 30, 1:15 PMGoverned Actionfs_writebearer:c8d9e0f1DENYwrite outside workspace
Mar 30, 1:11 PMGoverned Actionfs_readbearer:a2b3c4d5ALLOWinspect build output
Mar 30, 1:08 PMGoverned Actionfs_writebearer:e1f2a3b4DENYmodify CI pipeline
Mar 30, 1:04 PMGoverned Actiongovernance_statusbearer:e1f2a3b4ALLOWcheck governance status
Mar 30, 12:58 PMGoverned Actionfs_listbearer:c8d9e0f1ALLOWlist project directory
System Health
Healthy Overall status — 0 alerts
47 Chain records — verified, no breaks
DENY Rate 23.4% (11 of 47) — within normal range
Storage Chain: 12.4 KB · Stability log: 1.8 KB · Records: 84.2 KB
FAQ

Common questions

Does my team need to define governance rules?

No. Atested's governance logic reflects the conditions any well-informed engineer would apply — is the evidence present, is the scope valid, are the preconditions met. You configure scope and constraints for your environment, but the evaluation logic is built in. Most decisions are resolved deterministically without any rules to write.

Why this matters operationally

Without a governance layer, AI operations often become reconstruction work after something goes wrong. With Atested, many unsupported actions can be denied before they land, and the resulting record gives you and your team a usable account of what happened instead of a black box and a pile of logs.

See pricing Read implementation guidance View GitHub