Skip to Content
GuidesGoverned Agent Demo

Governed Agent Demo

This is the three-minute version of “let agents do real work without handing them the keys.” You will watch a model call stop and wait for a human because it crossed a governance threshold, approve it, and then see the cost, trace, and audit record it produced. Everything here runs against the live gateway — no special demo mode.

What actually gates here. The gateway’s human-in-the-loop gate fires on estimated cost crossing a threshold you set. That makes it easy to trigger on demand for this demo. Gating a specific tool call (a file write, a shell command, an export) is done by the approval spine at the action layer, not by a gateway cost threshold — see What this is not below.

What you need

  • A Curate-Me org and a Gateway API key (cm_sk_*)
  • Any LLM SDK (or curl) pointed at the gateway base URL
  • Dashboard access to Approvals, Costs, Traces, and Audit

The walkthrough

Set a low approval threshold

In the dashboard, open your governance policy and set the HITL cost threshold very low (for example $0.001) — or apply the Coding Agent policy preset, which ships with an approval threshold already set. This guarantees the next real call trips the gate.

Make a call through the gateway

Point your SDK at the gateway and make a normal request — zero code changes beyond the base URL and the X-CM-API-Key header. Because the estimated cost is over your threshold, the gateway does not proxy it. Instead it returns:

HTTP/1.1 202 Accepted
X-CM-Request-Id: req_...
{ "status": "pending_approval", "reason": "cost_threshold", ... }

The action is held, not executed. Nothing reached the provider.

Approve it (as a human)

Open Approvals in the dashboard. The pending request is there with its estimated cost and the model it would call. Approve it. Approval issues a one-time X-CM-Approval-Token — it works for exactly this request, once.

Retry with the approval token

Re-send the same request with the X-CM-Approval-Token header. This time the gate is satisfied, the call proxies to the provider, and you get a normal completion back. The token is now consumed — replaying it does nothing.

See what it produced

  • Costs — the call’s cost is recorded against your org, key, and model.
  • Traces — the request appears with a W3C trace id and its governance timing.
  • Audit — the decision (held → approved → proxied) is in the hash-chained audit trail, with who approved it.

A viewer who watches those five steps understands the whole pitch: an action that acts was held for a human, approved deliberately, and left a cost + trace + audit trail — without anyone writing governance code.

What this is not (so the demo stays honest)

  • It is not a rollback. Nothing is “undone.” The value is that the action was held before it ran — and, for side-effecting actions, a receipt confirms success by reading the target back (a failed write surfaces as a loud failure, not a silent one). There is no time-machine that reverses a completed side effect.
  • The gateway gate is cost-based. Approving before a specific file write or shell command is enforced by the approval spine at the action layer today; a per-tool gate expressed as gateway policy is on the roadmap.
  • It is governance, not a guarantee about the provider. See What data leaves your environment for the honest data-flow.

Next

Governance ChainLangChain Integration