FuseGov Documentation

Start with visibility (Agent Catalog), then expand to control (Active Protection).

Explore Agent Catalog Active Protection Architecture

Part 1: Visibility (Agent Catalog)

Registry-first quickstart

  1. Define an agent manifest (agent.yaml)
  2. Register the agent (CLI/API/CI) to establish ownership
  3. Generate and apply a policy bundle

Agent Manifest Spec

The minimum fields required to register an agent with ownership, environment, tool mapping, and lifecycle metadata.

Read spec

Register an Agent

Recommended patterns: register at deploy time via CI/CD, or via CLI/API for fast starts.

Registration

Policy Bundles

How catalog settings compile into deployable guardrails for the Enforcement Proxy (ASEP).

Bundles

API Reference

Full OpenAPI 3.1.0 spec for Catalog, Policy, and Evidence endpoints.

View API

Part 2: Control (Active Protection)

When you are ready to enforce, the Agent Security Enforcement Proxy (ASEP) sits at the edge of your agent, intercepting tool calls and enforcing policy bundles generated by the Catalog.

Stage 1: Deterministic (Fast)

Checks basic constraints locally in microseconds. No LLM calls.

  • • Allow/Block by destination (e.g., "No external IPs")
  • • PII regex matching (e.g., "Redact credit card numbers")
  • • Role-based access control (RBAC)
  • • Rate limiting & cost caps

Stage 2: Semantic (Deep)

If Stage 1 passes, optionally routes to an LLM evaluator for context-aware safety.

  • • "Is this prompt trying to jailbreak the agent?"
  • • "Does this response contain competitive intel?"
  • • "Is this SQL query touching unauthorized tables?"

Integration Patterns

FuseGov enforces at the network boundary—no agent code changes required. Choose the deployment pattern that fits your environment:

1. Sidecar (Kubernetes)

Deploy ASEP as a sidecar container next to your agent service. Transparent interception.

localhost:8080
2. Gateway Mode

Centralized gateway for multiple agents (common for platform teams).

proxy.internal:8080
3. Client Library (Optional)

For additional observability—not required for enforcement. Useful for custom telemetry.

pip install fusegov
Note: Enforcement works without this

Operations & Performance

Performance Targets

Proxy Overhead:<2ms (Stage 1)
Throughput:10k+ req/sec
Fail-mode:Bypass or Fail-Closed (Configurable)

Deployment Checklist

  • Co-locate with LLM where possible
  • Enable local policy caching
  • Configure timeouts for Semantic Stage

Additional Resources

Product Architecture

Deep dive into the two-stage enforcement engine and evidence recorder.

Use Cases

Real-world scenarios across fintech, healthcare, and infrastructure.

Technical Whitepaper

Architecture overview and deployment guide (PDF).

Ready to deploy?

We help design partners go from "Zero" to "Registered Agent" in less than a week.

Book a demoContact Engineering