Modes & Responsibility

ASG provides two enforcement modes. In both modes, ASG owns validation and decisioning.

Managed Safety Mode

Managed Safety Mode is read-only, vendor-owned enforcement.

ASG provides the managed policy catalog.
You supply action intent and context.
You cannot edit managed policies.
ASG returns PASS/WARN/BLOCK.

Responsibility boundary:

ASG is responsible for policy definitions and evaluation.
You are responsible for sending accurate context and enforcing the returned status.

Policy Control Mode

Policy Control Mode is user-owned enforcement.

You configure custom rules in ASG.
ASG still owns validation and decisioning.
ASG returns PASS/WARN/BLOCK based on your configured rules.

Responsibility boundary:

ASG is responsible for evaluation, auditing, and decision contracts.
You are responsible for rule configuration correctness and enforcing the returned status.

What nodes can and cannot do

Client/workflow code

- calls ASG

- enforces PASS/WARN/BLOCK

- must not implement policy logic

- validates input shape

- normalizes payloads

- evaluates policies

- issues decisions

- records audit logs

Legal & Responsibility Notice

Summary

Informational only

Provided for general guidance. Not legal, compliance, security, or professional advice.

You control implementation

You are responsible for policies, prompts, integrations, workflows, and regulatory requirements.

Liability limitation

To the maximum extent permitted by law, the company disclaims liability for losses arising from use of this documentation or implementations based on it.