OPS suite — operator-facing governance
1. Action Approval —
the killer wedge
Pre-action human review of an AI agent's proposed action before it commits. Shows the actor, action class, target system, payload summary, risk level, policy decision, evidence to be retained, and the approval mode. Approve / reject / edit / escalate. Every decision lands in the WORM audit chain.
Envelopes: kye.governedui.action_proposal.v1 · kye.governedui.approval.v1
API: POST /v1/actions/propose · POST /v1/actions/{id}/{approve,reject,edit,escalate}
action_proposalhigh risk
actionissue_refund
amount£420.00
modetwo_person
ApproveReject
2. Entity Passport
What an entity is + what it's allowed to do: verification status, authority profile, allowed capabilities, restricted actions, approval-required actions, connected systems, recent activity, trust posture. Visible at-a-glance identity for any agent / human / system / external app.
Envelope: kye.governedui.entity_passport.v1
API: GET /v1/entities/{id}/passport
3. Authority Scope
Three-way can / cannot / needs-approval breakdown for any entity. Computed from the entity's authority profile + active delegations + applicable policies. Visualises cross-agent handoffs (Agent A delegated to Agent B) with the full kye.delegation_chain.v1 hop list — scope can never widen at a hop.
Envelope: kye.governedui.authority_scope.v1
API: GET /v1/entities/{id}/authority-scope
4. Critical Point Review
Heavy-weight review for irreversible / regulated actions. Two-person or two-person-with-legal approval modes; captures alternative paths the agent considered, policy rationale, dual-control approvers, evidence references. The required surface for SR 11-7 four-eyes compliance and EU AI Act Article 14 human oversight.
Envelope: kye.governedui.critical_point_review.v1
API: POST /v1/critical-reviews · POST /v1/critical-reviews/{id}/{approve,reject}
5. Evidence Timeline
Replay-proof chain of events from proposal to execute-or-block. Every step (proposed → authority-checked → policy-evaluated → approval-requested → human-decided → executed-or-blocked → audit-sealed) carries a signed envelope hash. A regulator with the timeline + the public verification key can re-derive every verdict offline.
Envelope: kye.governedui.evidence_timeline.v1
API: GET /v1/actions/{id}/timeline
6. Approval Queue
Multi-reviewer queue with pending / high-risk / escalations / second-approval-pending / SLA-breached / evidence-gap views. Routes to managers, compliance, risk, legal, security, or operations based on the action's risk level + the approval mode.
API: GET /v1/approvals/{pending,escalated,sla-breached}
7. Authority Drift Detector
Surfaces live drift events from the kye-drift-detector Worker — when an agent's behaviour subtly diverges from its declared authority profile (scope creep across small approvals, frequency drift, target drift, semantic drift, etc.). Ten drift dimensions tracked. Critical drift recommends revocation; lesser drifts recommend approval-gating going forward.
Envelope: kye.agency_drift.event.v1
API: GET /v1/drift/events