Title: How to add a governance layer to your LangChain agent in 3 lines

Ritesh Kumar — Thu, 16 Apr 2026 21:21:59 +0000

Every tutorial shows you how to build
an AI agent.

Nobody shows you what happens when it
does something it shouldn't.

Your agent approves a payment it wasn't
supposed to. Calls an API with wrong
parameters. Executes an action outside
its mandate.

No audit trail. No explanation. No way
to prove what happened.

This post shows you how to fix that
in 3 lines of code.

The problem

When your AI agent takes a real-world
action — payment, approval, data export
— two things need to happen:

Someone needs to decide if the action is allowed
That decision needs to be recorded permanently

Most agent frameworks give you neither.

The solution

SOVIGL is a policy enforcement layer
that sits between your agent and the
action it wants to take.

One call. Three outcomes:

approved — action executes
pending — held for human approval
blocked — stopped permanently

Every outcome is permanently recorded
with a decision ID, plain English
explanation, risk score, and policy
version.

Install

pip install sovigl

Basic usage

import sovigl

sovigl.configure(
api_key="your-key",
org_id="your-org"
)

decision = sovigl.evaluate(
action="payment.create",
context={
"amount": 5000,
"role": "employee",
"user_id": "user_123",
"agent_id": "invoice_bot"
}
)

if decision.approved:
execute_payment()
elif decision.pending:
route_to_human_approver()
elif decision.blocked:
log_and_stop()

What you get back

Every decision returns:

decision.status # approved/pending/blocked
decision.decision_id # permanent immutable ID
decision.reason # why this decision was made
decision.explanation_registry # full explainability
decision.risk_assessment # risk score 0.0-1.0
decision.policy_version # which policy was active
decision.approval_id # human approval reference

LangChain integration

from langchain.agents import AgentExecutor
import sovigl

sovigl.configure(api_key="your-key", org_id="your-org")

def governed_payment(amount: float, role: str) -> str:
decision = sovigl.evaluate(
action="payment.create",
context={"amount": amount, "role": role}
)

if decision.approved:

    return f"Payment approved. Audit ID: {decision.decision_id}"

elif decision.pending:

    return f"Payment held for approval. ID: {decision.approval_id}"

else:

    return f"Payment blocked. Reason: {decision.reason}"

Use as a LangChain tool

from langchain.tools import tool

@tool
def process_payment(amount: float, role: str) -> str:
"""Process a payment with governance."""
return governed_payment(amount, role)

Why this matters for compliance

Every decision automatically produces
evidence for:

EU AI Act Art.12 — audit trail
EU AI Act Art.13 — explainability
EU AI Act Art.14 — human oversight
NIST AI RMF — govern and measure
MAS FEAT — accountability
RBI FREE-AI — REC21 + REC24

Not claims. Structured evidence in every
API response.

Try it now

Demo works with no API key:

import sovigl

decision = sovigl.evaluate(
action="payment.create",
context={"amount": 5000}
)

print(decision.status)
print(decision.decision_id)
print(decision.reason)

Live dashboard — no signup:
https://web-production-e334b.up.railway.app/dashboard

GitHub:
https://github.com/riteshkumar10000/sovigl-sdk

What's next

If you're building agents that take
real-world actions — payments, approvals,
data operations — SOVIGL gives you
governance without rebuilding your
agent architecture.

Free during beta. No credit card.

Questions in the comments — happy to help.

Your approval logic is a future audit problem

Ritesh Kumar — Tue, 14 Apr 2026 16:11:29 +0000

If your system has this:

if amount > 10000:
require_approval()
elif amount < 1000:
approve()
else:
send_to_manager()

You don't have logic.
You have a future audit problem.

Every approval system built this way eventually becomes:

untraceable
impossible to explain
a nightmare when compliance shows up

Auditors don't ask "does it work?"
They ask "why was this specific transaction approved
on March 3rd at 2pm by this agent?"

If your answer is "let me check the code" —
you've already lost.

I built a gate that sits between intent and execution:

pip install sovigl

import sovigl

decision = sovigl.evaluate(
action="expense.submit",
context={
"amount": 5000,
"employee_id": "E123"
}
)

print(decision.status) # approved / pending / blocked

That's the entire integration.

What you get back on every single call:

decision.status # approved / pending / blocked
decision.reason # why this decision was made
decision.decision_id # permanent unique reference
decision.approval_id # present when human review needed
decision.cdt # full decision metadata

Not logs you write yourself.
Not comments in the code.
Structured, tamper-proof, permanent.

The three outcomes:

500 → approved (within policy, executes immediately)
5000 → pending (routes to human approver, waits)
100000 → blocked (policy violation, hard stop)

if decision.approved:
execute()
elif decision.pending:
notify_approver(decision.approval_id)
elif decision.blocked:
raise PolicyViolation(decision.reason)

Why this matters especially for AI agents:

AI agents don't pause. They execute at machine speed.

Without a gate, a misconfigured agent — or a prompt
injection attack — can approve transactions before
any human sees them.

SOVIGL sits between the agent's intent and execution.
The agent decides what to do.
SOVIGL decides if it's allowed to.

Every decision automatically satisfies:

🇪🇺 EU AI Act — Art. 9, 12, 13, 14
🇸🇬 MAS FEAT — Accountability, Traceability, Transparency
🇺🇸 NIST AI RMF — Govern, Measure, Manage, Monitor
🇮🇳 RBI FREE-AI — Rec 04, 07, 11, 12, 16, 18, 21, 24, 26

Not claims. Live verified controls.
See the proof:
https://web-production-e334b.up.railway.app/dashboard

Works in Node too:

const sovigl = require("sovigl");

const decision = await sovigl.evaluate({
action: "expense.submit",
context: { amount: 5000, employee_id: "E123" }
});

console.log(decision.status);

pip install sovigl

GitHub: https://github.com/riteshkumar10000/sovigl-sdk
Early access for production: sovigl100@gmail.com

How are you handling approval logic today?
Still if/else? A rules engine? Something else?

Genuinely curious.

Forem: Ritesh Kumar

Title: How to add a governance layer to your LangChain agent in 3 lines

The problem

The solution

Install

Basic usage

What you get back

LangChain integration

Use as a LangChain tool

Why this matters for compliance

Try it now

What's next

Your approval logic is a future audit problem