What is the check-action pattern and how does it work?

Answer

The check-action pattern is a synchronous API call made before every agent action. The agent sends: orgId, agentId, actionType, actionName, resourceType, and an input summary. The compliance engine runs a pipeline:

1. Prompt injection scan.
2. Content safety scan (toxicity, PII, PHI, PCI).
3. Rules engine evaluation against configured policies.
4. Usage event recording. The response is either allow (proceed), warn (proceed with logging), or block (halt the action). Total latency target under 100ms. This is the fundamental primitive of runtime governance.