How it works

Governed actions become checkable events

Atested sits in front of governed AI operations. It evaluates the action before it proceeds, records the decision in a signed immutable chain, and makes the boundary between governed and ungoverned activity visible to the operator.

The governance flow

The core flow is simple. An AI tool routes an action through Atested. Atested evaluates it against active policy. If the action satisfies the policy, it proceeds and the decision is recorded. If it does not, the action is denied and that denial is recorded too.

Action request arrives

A tool submits a governed action through the MCP surface with whatever proof, context, or constraints the policy requires.

Policy is evaluated

Atested resolves the decision deterministically where it can. Where deterministic resolution is not possible, it uses a structured and recorded judgment process.

ALLOW or DENY is issued

ALLOW means the action satisfied the active policy. DENY means the required proof, scope, or constraints were not present.

Signed record is written

Every decision is recorded into a signed immutable chain so it can be checked later without relying on runtime assertions alone.

decision-chain.jsonl ALLOW

{
  "tool": "fs_write",
  "capability_class": "FS_WRITE",
  "policy_decision": "ALLOW",
  "timestamp_utc": "2026-03-30T13:12:00Z",
  "operator_intent": "update README",
  "organization_id": "acme-engineering",
  "record_hash": "sha256:0a1b2c3d4e5f...",
  "prev_record_hash": "sha256:f0e1d2c3b4a5...",
  "signature": "ed25519:8f9c2ab1..."
}

The record itself is part of the product surface. The point is not only to decide correctly in the moment, but to preserve checkable evidence of what happened.

What ALLOW and DENY actually mean

Atested does not just log actions after the fact. It evaluates governed actions before they proceed. ALLOW means the action met the active policy with the required proof, scope, or constraints. DENY means it did not, and the record shows what was missing.

ALLOW

Examples of actions that proceed

A coding agent writes inside an approved project path using an allowed tool and the required execution context. An agent sends a message through an approved channel with the expected recipient scope and supporting context.

DENY

Examples of actions that are stopped

An agent tries to edit files outside the approved workspace, touch production configuration without authority, or assert that tests passed without sufficient evidence to support the claim.

Governance transparency

Atested governs every action that flows through it. It cannot force every action to flow through it, because AI tools also have native capabilities that operate outside any governance layer. That is a structural reality in open environments.

What Atested does is make that boundary visible and measurable. Governed operations produce full signed records. Ungoverned native operations can still be observed and counted through action hooks, so operators can see how much of their AI activity is actually under governance.

transparency-summary.json 72% governed

{
  "governed_operations": 1842,
  "observed_native_operations": 716,
  "transparency_ratio": "72%",
  "observation_mode": "hook-reported",
  "manager_view": "governed vs observed"
}

The goal is not pretending you start at 100 percent. The goal is knowing where you are, seeing what remains outside governance, and improving coverage deliberately.

Scoped approvals for opaque operations

Some governed code cannot produce the evidence Atested requires because it is opaque to inspection. When that code is mission-essential, an operator can grant a scoped approval pinned to the artifact hash, deployment context, and active policy version.

Approvals are explicit and revocable

Change the approved artifact and the approval expires. Granting and revoking approvals are themselves recorded in the governance chain, so exceptions stay visible and auditable.

Not just proof after the fact

Atested is not limited to preserving evidence. It can stop many unsupported or insufficiently evidenced actions before they become operational events.

Operator surface

What the operator sees

The Atested Dashboard gives operators a live view of governance activity, decisions, approvals, audit results, and system health — all backed by the same signed chain the governance engine produces.

Overview

Activity

Approvals

Audit

Reports

Health

This dashboard shows governance activity for your organization. Every governed action produces a signed record in the decision chain. The metrics below reflect the current state of the governance surface.

47 Chain Events

Healthy Chain Integrity

2 Active Approvals

3 Unique Users

36 / 11 ALLOW / DENY

72% Transparency

47 governed / 18 ungoverned observed

Users

bearer:e1f2a3b4 21 actions

bearer:c8d9e0f1 16 actions

bearer:a2b3c4d5 10 actions

Active Approvals

Artifact	Hash	Granted	Status
deploy-script.sh	`sha256:4f2a8b1c…`	Mar 28, 2:14 PM	Active
ci-runner.py	`sha256:8b1ce3d7…`	Mar 29, 9:45 AM	Active

Recent Activity

Time	Category	Tool	User	Decision	Intent
Mar 30, 1:42 PM	Governed Action	`fs_write`	bearer:e1f2a3b4	ALLOW	update deployment config
Mar 30, 1:38 PM	Governed Action	`fs_write`	bearer:c8d9e0f1	DENY	edit /etc/hosts
Mar 30, 1:35 PM	Governed Action	`fs_read`	bearer:e1f2a3b4	ALLOW	read project README
Mar 30, 1:31 PM	Governed Action	`msg_send`	bearer:a2b3c4d5	ALLOW	notify team channel
Mar 30, 1:28 PM	Governed Action	`fs_delete`	bearer:c8d9e0f1	DENY	remove .env.production
Mar 30, 1:24 PM	Governed Action	`fs_write`	bearer:e1f2a3b4	ALLOW	update test fixtures
Mar 30, 1:19 PM	Governed Action	`capabilities_execute`	bearer:a2b3c4d5	ALLOW	run lint check
Mar 30, 1:15 PM	Governed Action	`fs_write`	bearer:c8d9e0f1	DENY	write outside workspace
Mar 30, 1:11 PM	Governed Action	`fs_read`	bearer:a2b3c4d5	ALLOW	inspect build output
Mar 30, 1:08 PM	Governed Action	`fs_write`	bearer:e1f2a3b4	DENY	modify CI pipeline
Mar 30, 1:04 PM	Governed Action	`governance_status`	bearer:e1f2a3b4	ALLOW	check governance status
Mar 30, 12:58 PM	Governed Action	`fs_list`	bearer:c8d9e0f1	ALLOW	list project directory

System Health

Healthy Overall status — 0 alerts

47 Chain records — verified, no breaks

DENY Rate 23.4% (11 of 47) — within normal range

Storage Chain: 12.4 KB · Stability log: 1.8 KB · Records: 84.2 KB

Time	Tool	User	Decision	Intent	Record Hash
Mar 30, 1:42 PM	`fs_write`	bearer:e1f2a3b4	ALLOW	update deployment config	`sha256:0a1b2c3d…`
Mar 30, 1:38 PM	`fs_write`	bearer:c8d9e0f1	DENY	edit /etc/hosts	`sha256:f0e1d2c3…`
Mar 30, 1:35 PM	`fs_read`	bearer:e1f2a3b4	ALLOW	read project README	`sha256:8b1ce3d7…`
Mar 30, 1:31 PM	`msg_send`	bearer:a2b3c4d5	ALLOW	notify team channel	`sha256:2d4f6a8b…`
Mar 30, 1:28 PM	`fs_delete`	bearer:c8d9e0f1	DENY	remove .env.production	`sha256:c3b4a5f0…`
Mar 30, 1:24 PM	`fs_write`	bearer:e1f2a3b4	ALLOW	update test fixtures	`sha256:9e8d7c6b…`
Mar 30, 1:19 PM	`capabilities_execute`	bearer:a2b3c4d5	ALLOW	run lint check	`sha256:5a4b3c2d…`
Mar 30, 1:15 PM	`fs_write`	bearer:c8d9e0f1	DENY	write outside workspace	`sha256:1b2c3d4e…`
Mar 30, 1:11 PM	`fs_read`	bearer:a2b3c4d5	ALLOW	inspect build output	`sha256:e5f6a7b8…`
Mar 30, 1:08 PM	`fs_write`	bearer:e1f2a3b4	DENY	modify CI pipeline	`sha256:7c8d9e0f…`
Mar 30, 1:04 PM	`governance_status`	bearer:e1f2a3b4	ALLOW	check governance status	`sha256:3d4e5f6a…`
Mar 30, 12:58 PM	`fs_list`	bearer:c8d9e0f1	ALLOW	list project directory	`sha256:b8c9d0e1…`

Artifact	Hash	Family	Approved By	Granted	Status
deploy-script.sh	`sha256:4f2a8b1c…`	FS_WRITE	bearer:e1f2a3b4	Mar 28, 2:14 PM	Active
ci-runner.py	`sha256:8b1ce3d7…`	CAPABILITIES_EXECUTE	bearer:a2b3c4d5	Mar 29, 9:45 AM	Active

Artifact	Hash	Revoked By	Revoked	Reason
legacy-migrate.sh	`sha256:d7e8f901…`	bearer:e1f2a3b4	Mar 27, 4:30 PM	Artifact updated — hash mismatch

Time	Tool	User	Intent	Denial Reason
Mar 30, 1:38 PM	`fs_write`	bearer:c8d9e0f1	edit /etc/hosts	Path outside governed workspace
Mar 30, 1:28 PM	`fs_delete`	bearer:c8d9e0f1	remove .env.production	Protected file — requires approval
Mar 30, 1:15 PM	`fs_write`	bearer:c8d9e0f1	write outside workspace	Path outside governed workspace
Mar 30, 1:08 PM	`fs_write`	bearer:e1f2a3b4	modify CI pipeline	Insufficient authority for CI scope
Mar 30, 12:52 PM	`fs_delete`	bearer:a2b3c4d5	remove build cache	Bulk delete not permitted

Aggregate governance reports summarizing operations by user, tool, and decision outcome over a configurable time period. Use these for compliance reviews and management reporting.

Operations by User (7 days)

User	ALLOW	DENY	Total	DENY %
bearer:e1f2a3b4	17	4	21	19.0%
bearer:c8d9e0f1	10	6	16	37.5%
bearer:a2b3c4d5	9	1	10	10.0%

Operations by Tool (7 days)

Tool	ALLOW	DENY	Total
`fs_write`	14	7	21
`fs_read`	10	0	10
`fs_delete`	2	3	5
`msg_send`	5	0	5
`capabilities_execute`	3	0	3
`governance_status`	2	0	2
`fs_list`	0	1	1

Decision Trend (7 days)

Mon

Tue

Wed

Thu

Fri

Sat

Sun

ALLOW DENY

System health and operational status of the governance infrastructure. Chain integrity is verified continuously — any break in the hash chain triggers an alert.

Healthy Overall Status

14d 6h Server Uptime

Valid License Status

Chain Integrity

Check	Status	Last Verified
Hash chain continuity	Pass	Mar 30, 1:42 PM
Signature verification	Pass	Mar 30, 1:42 PM
Record ordering	Pass	Mar 30, 1:42 PM
No orphaned records	Pass	Mar 30, 1:42 PM

Performance

Metric	Value
Avg decision latency	12ms
P95 decision latency	28ms
Chain write latency	4ms
Policy eval cache hit	84%

DENY Rate Trend 23.4% (11 of 47) — within normal range

Transparency Trend 72% governed — 47 governed / 18 ungoverned

Storage

Chain: 12.4 KB

Stability log: 1.8 KB

Decision records: 84.2 KB

Attestation bundles: 6.1 KB

Why this matters operationally

Without a governance layer, AI operations often become reconstruction work after something goes wrong. With Atested, many unsupported actions can be denied before they land, and the resulting record gives operators and managers a usable account of what happened instead of a black box and a pile of logs.

See pricing Read implementation guidance View GitHub