Governance

Memory audit trails, compliance scanning, and executive dashboards.

Endpoints

MethodPathAuthDescription
GET/v1/governance/memory/auditAPI KeyMemory change history
GET/v1/governance/memory/statsAPI KeyOperation counts by type
GET/v1/governance/memory/complianceAPI KeyPII and policy scan
GET/v1/governance/sleep-time/reportAPI KeySleep-time refinement history
GET/v1/governance/summaryAPI KeyExecutive dashboard
POST/v1/governance/policy/dry-runAPI KeyPolicy dry-run evaluation
GET/v1/governance/lineage/{request_id}API KeyThe WHY answer for one request
GET/v1/governance/lineageAPI KeyTrace/request reconstruction
GET/v1/governance/audit/chain/verifyAPI KeyHash-chain + provenance verify

Policy dry-run

Evaluate a policy context against the tenant's current ruleset without enforcement. Useful for testing policies before activating them.

curl -X POST "https://api.brainstormrouter.com/v1/governance/policy/dry-run" \
  -H "Authorization: Bearer br_live_..." \
  -H "Content-Type: application/json" \
  -d '{"action": "POST:/v1/chat/completions", "agentId": "agent-007", "modelName": "gpt-4"}'

Request body

FieldTypeRequiredDescription
actionstringYesAction string
actorobjectNo{ type, id } actor identity
targetstringNoTarget resource path
categorystringNoCategory (e.g., routing)
agentIdstringNoAgent identifier
toolNamestringNoTool name
modelNamestringNoModel name

Response

{
  "decision": "deny",
  "matchedRule": {
    "id": "deny-gpt4",
    "description": "Block GPT-4 usage",
    "action": "deny"
  },
  "ruleCount": 3,
  "mode": "active"
}

Returns decision: "allow" with matchedRule: null when no rules match or no ruleset is configured.

Memory audit

Query the full change history for memory operations.

curl "https://api.brainstormrouter.com/v1/governance/memory/audit?limit=50&operation=append" \
  -H "Authorization: Bearer br_live_..."

Query parameters

ParamTypeDefaultDescription
memory_keystringtenant IDMemory scope
limitnumber100 (max 500)Results to return
sincenumberUnix timestamp (ms)
operationstringFilter: append, replace, delete, pin, evict

Response

{
  "entries": [
    {
      "id": "audit-uuid",
      "timestamp": "2025-02-20T10:30:00.000Z",
      "operation": "append",
      "block": "human",
      "entry_id": "entry-uuid",
      "fact_after": "User prefers dark mode",
      "actor": "agent",
      "reason": "Extracted from conversation"
    }
  ],
  "count": 1
}

Compliance scan

curl https://api.brainstormrouter.com/v1/governance/memory/compliance \
  -H "Authorization: Bearer br_live_..."
{
  "total_entries": 42,
  "violations_found": 1,
  "compliant": false,
  "violations": [
    {
      "entry_id": "entry-uuid",
      "block": "general",
      "fact_preview": "Contact email is john@example...",
      "issues": ["possible_email"]
    }
  ]
}

Executive summary

curl https://api.brainstormrouter.com/v1/governance/summary \
  -H "Authorization: Bearer br_live_..."
{
  "memory": {
    "total_entries": 42,
    "pinned_entries": 5,
    "blocks": [
      { "block": "human", "entries": 12, "limit": 50, "utilization": 24 },
      { "block": "project", "entries": 18, "limit": 50, "utilization": 36 }
    ],
    "pii_violations": 1,
    "compliant": false
  },
  "activity_24h": { "append": 8, "replace": 2, "delete": 1 }
}

Sleep-time report

curl "https://api.brainstormrouter.com/v1/governance/sleep-time/report?since=1708387200000" \
  -H "Authorization: Bearer br_live_..."

Decision lineage

Durable, tamper-evident decision lineage bound to the audit chain. See Committed Lineage for the model and Decision Provenance — Chain Payload v2 for the normative commitment + test vectors. All three routes require governance.read.

The WHY answer

GET /v1/governance/lineage/{request_id} returns the committed audit row's verified block (chain hashes + a provenance recompute), the synchronous policy_context deny reason, the Inc 3 grant_context pointer, the durable lineage row + its causal neighbors, the coverage enum, and any anomalies. The response echoes the request's traceparent and x-br-request-id headers.

curl "https://api.brainstormrouter.com/v1/governance/lineage/req_01HXXXXXX" \
  -H "Authorization: Bearer br_live_..."
{
  "request_id": "req_01HXXXXXX",
  "coverage": "captured",
  "verified": {
    "outcome": "denied",
    "event_hash": "…",
    "chain_schema_version": 2,
    "provenance_check": "ok",
    "provenance_digest": "b96591a0…",
    "trace_id": "0af7651916cd43dd8448eb211c80319c",
    "edge_provenance": "caller_asserted",
    "trace_inbound_trusted": false
  },
  "policy_context": { "reason_code": "scope_denied", "deny_rule": "no-gpt4" },
  "grant_context": null,
  "lineage": { "binding": "bound", "edge_label": "verified", "...": "..." },
  "causal_neighbors": [],
  "anomalies": ["authority_without_causation"]
}

coverage ∈ captured | sampled_out | dropped | aggregated | pre_rollout | expired_by_retention. provenance_check ∈ ok | redacted | missing_lineage | expired_by_retention | sampled_out | failed.

Trace / request reconstruction

GET /v1/governance/lineage?trace_id=… (or ?request_id=…) reconstructs a causal episode ordered by span parentage. Every record carries an edge_label (verified | claimed | unverified) derived from the row's committed fields — one wire shape in all modes. Add ?live=true to read the recent in-memory ring buffer through the same mapper.

curl "https://api.brainstormrouter.com/v1/governance/lineage?trace_id=0af7651916cd43dd8448eb211c80319c" \
  -H "Authorization: Bearer br_live_..."

Chain + provenance verify

GET /v1/governance/audit/chain/verify verifies the hash chain and adds per-row provenanceChecks[] recomputing provenanceDigest from the stored columns + the bound lineage bytes. The provenance recompute is best-effort and never flips the chain result.