Runtime decisions
Pre-tool decisions with allow, block, ask, warn, redact, structured reasons, and dry-run checks.
Public roadmap
Now, Next, Later, Not Now.
Edictum is centered on open-source runtime enforcement for agent actions. The API/app reference stack supports visibility and approvals, but it is not where enforcement happens.
Direction
What the product is doing and what it is deliberately avoiding.
Now
The current public product center: OSS runtime enforcement, rulesets, workflow gates, adapters, Gate CLI, audit, and the optional reference stack.
Rulesets and policy-as-code
YAML rulesets for pre, post, session, and sandbox rules with templates and schema validation.
Workflow Gates
Ordered stages, evidence requirements, terminal states, and workflow conformance fixtures.
SDKs, adapters, and Gate CLI
Python, TypeScript, Go, framework adapters, local checks, assistant hooks, and audit WAL.
Optional reference stack
Self-hosted API/app for approvals, event ingestion, audit feed, runs, agents, ruleset versions, and hot reload.
Next
The next work is about safer rollout: better previews, clearer reporting, and more complete operational guidance.
Blast-radius preview
Replay past decisions against candidate rulesets and summarize what would have changed before promotion.
Decision telemetry reference
Clear event attributes, OpenTelemetry guidance, reporting queries, and SQL sink examples.
Ruleset overlays
Base rulesets, environment overlays, and promotion flows for teams running multiple agent profiles.
Approval routing
More consistent webhook and notification paths around ask decisions, timeouts, and reviewer identity.
Security starter packs
OWASP Agentic starter controls, adversarial tests, and common destructive-command and secret-redaction patterns.
Later
Later work extends proof, portability, and team operation without changing the OSS-first center.
Signed decision bundles
Exportable evidence packages for approvals, workflow snapshots, ruleset versions, and decision history.
guard.summary()
Runtime summaries that explain what fired, what was blocked, and what policy coverage looked like.
Broader adapter parity
Keep Python, TypeScript, and Go aligned while documenting parity honestly where adapters differ.
Reporting playbooks
Reusable reporting patterns for rule coverage, approval latency, denied actions, and workflow conformance.
Not Now
These are intentionally out of center for the hub because they pull attention away from runtime enforcement.
App-first product story
The website should not make the app the product center. Enforcement remains local to the runtime path.
Broad AI governance platform copy
Edictum is runtime governance for agent actions, not a general governance suite for every AI risk.
Output-quality evals
Accuracy, relevance, and answer quality evals are separate tools. Edictum composes with them.
Framework orchestration
LangGraph, Temporal, CrewAI, and similar systems own orchestration. Edictum enforces action policy before tools run.
Unapproved customer case studies
The public site should not imply customer deployments without approved public material.
How to engage
Use the OSS path first. Bring design-partner feedback when the agent has real tool access.
The best feedback is specific: which agent, which tools, which approval path, what audit evidence, and what rule change would have reduced operational risk.