FuseGov Documentation
Start with visibility (Agent Catalog), then expand to control (Active Protection).
Part 1: Visibility (Agent Catalog)
Registry-first quickstart
- Define an agent manifest (
agent.yaml) - Register the agent (CLI/API/CI) to establish ownership
- Generate and apply a policy bundle
Agent Manifest Spec
The minimum fields required to register an agent with ownership, environment, tool mapping, and lifecycle metadata.
Read specRegister an Agent
Recommended patterns: register at deploy time via CI/CD, or via CLI/API for fast starts.
RegistrationPart 2: Control (Active Protection)
When you are ready to enforce, FuseGuard sits at the edge of your agent, intercepting tool calls and enforcing policy bundles generated by the Catalog.
Stage 1: Deterministic (Fast)
Checks basic constraints locally in microseconds. No LLM calls.
- • Allow/Block by destination (e.g., "No external IPs")
- • PII regex matching (e.g., "Redact credit card numbers")
- • Role-based access control (RBAC)
- • Rate limiting & cost caps
Stage 2: Semantic (Deep)
If Stage 1 passes, optionally routes to an LLM evaluator for context-aware safety.
- • "Is this prompt trying to jailbreak the agent?"
- • "Does this response contain competitive intel?"
- • "Is this SQL query touching unauthorized tables?"
Integration Patterns
FuseGov enforces at the network boundary—no agent code changes required. Choose the deployment pattern that fits your environment:
Deploy FuseGuard as a sidecar container next to your agent service. Transparent interception.
localhost:8080Centralized gateway for multiple agents (common for platform teams).
proxy.internal:8080For additional observability—not required for enforcement. Useful for custom telemetry.
pip install fusegovOperations & Performance
Performance Targets
Deployment Checklist
- Co-locate with LLM where possible
- Enable local policy caching
- Configure timeouts for Semantic Stage
Additional Resources
Ready to deploy?
We help design partners go from "Zero" to "Registered Agent" in less than a week.