Policy Enforcement Before Execution

Stop the action, not just describe it

EVE CoreGuard sits in the decision path. A proposed AI action is evaluated against your policy packs and the verdict is binding — ALLOWED, BLOCKED, or MODIFIED, decided before the action executes.

Policy Enforcement Before Execution

Stop the action, not just describe it

Most "guardrails" observe and annotate. EVE CoreGuard sits in the decision path: the proposed action is evaluated against policy and the verdict is binding. A BLOCKED action does not run.

Pre-execution gate

The action is evaluated before it reaches the tool, the model output, or the downstream system. Enforcement happens up front, not in post-mortem.

Three dispositions

Every request resolves to ALLOWED, BLOCKED, or MODIFIED — with a reason code and a signed record of which policy fired.

🧮

Risk-scored

Policy packs compute deterministic risk and map it to a disposition. The same inputs always produce the same verdict.

evaluate — the binding decisionPOST /v1/decisions/evaluate
{
  "request_id": "req-001",
  "tenant_id": "org_acme",
  "proposed_action": { "type": "loan_approval", "amount": 50000 },
  "context": { "credit_score": 610, "debt_to_income": 0.55 },
  "policy_set": "lending_v1"
}

// → { "decision": { "status": "BLOCKED" },
//     "risk": { "level": "HIGH" }, "audit": {…signed…} }
The Three Dispositions

ALLOWED, BLOCKED, or MODIFIED — and why

A binding verdict is only useful if it explains itself. Each disposition carries a structured reason code and the exact policy version that produced it.

A

ALLOWED

The action satisfies every rule in the active policy pack. It proceeds — and the allow is still recorded, so "nothing happened" is itself provable.

B

BLOCKED

The action violates a rule or crosses a risk threshold. It is stopped before execution and the reason code names the rule that fired.

M

MODIFIED

The action can proceed only in a constrained form — a redaction, a cap, an added control. CoreGuard returns the bounded version rather than a flat refusal.

Why Pre-Execution Matters

Observation is not enforcement

A monitor tells you, after the fact, that something happened. A gate decides whether it happens at all. In a regulated workflow, that is the difference between a control and a report.

A guardrail that annotates an action after it ships has already let the harm out the door. EVE CoreGuard's verdict is binding before the action reaches the world — the only point at which "no" still means something.
— EVE CoreGuard
FAQ

Common questions

What does EVE CoreGuard actually enforce?
It evaluates a proposed AI action — a tool call, a model output, an API request — against a tenant's policy pack before that action executes, returning a binding ALLOWED, BLOCKED, or MODIFIED disposition with a reason code.
How is this different from a guardrail or content filter?
Most guardrails observe and annotate after generation. EVE CoreGuard sits in the decision path: a BLOCKED action does not run. The verdict is binding, not advisory.
What is returned on a decision?
A disposition (ALLOWED / BLOCKED / MODIFIED), a deterministic risk level, a structured reason code naming the rule that fired, and a signed audit record of the decision.
Keep Reading

Related

Safety
Fail-Closed Architecture
Why an ambiguous or failed decision denies by default.
Policy
Multi-Tenant Policy Packs
Isolated, versioned, add-only policy per organization.
Evidence
Decision Certificates ↗
How a binding verdict becomes signed evidence.

Request a Design Partner Pilot

Put EVE CoreGuard in front of one real, high-stakes AI workflow. We'll stand up a policy pack, wire the gate, and show you blocked actions with signed evidence.

Request a Design Partner Pilot Deep-dive the product
The EVE Control-Plane Stack

Enforce. Prove. Govern.

eveaicore.com
EVE AI Core
The deterministic governance platform.
eveproof.com
EVE Proof
Signed, independently verifiable decision evidence.
evegovernance.com
EVE Governance
Deterministic governance principles & mappings.
eveaicore.com
EVE Agent Infrastructure
Governed runtime for autonomous agents.