Skip to content
XeroML XeroML

Compliance

XeroML Compliance adds a policy enforcement layer to your existing observability and evaluation workflow. Every trace can be evaluated against active rules, producing a compliance verdict with explainable per-rule outcomes.

It also includes a Live Verification layer that intercepts agent decisions in real time and verifies policy before execution.

Live Verification First

Live Verification is the primary compliance control surface in XeroML:

  • Intercepts agent decisions before execution
  • Applies active policy checks in real time
  • Returns approve/block outcomes with compliance context
  • Writes audit-ready records and reasoning logs

Start here: Live Verification

What the Compliance Engine Does

For each trace, XeroML can:

  • Evaluate active rules in severity order (CRITICAL, WARNING, INFO)
  • Produce per-rule results (PASS, FAIL, WARN, SKIP)
  • Aggregate a trace-level verdict (COMPLIANT, PROCESS_FAILURE, NEEDS_REVIEW)
  • Persist an immutable audit record with a SHA-256 hash
  • Generate compliance alerts
  • Route traces to the reviewer queue when human review is required

Compliance Navigation

In a project, open the COMPLY section:

  • Live verification
  • Live Sessions
  • Live Traces
  • Live Alerts
  • Compliance Dashboard
  • Rules
  • Alerts
  • Reviewer Queue
  • Audit Trail

Live Verification Intercept Flow

For running agent workflows, XeroML applies a real-time intercept:

  1. REQUEST.RECEIVED()
  2. AGENT.EVALUATE()
  3. RULE.VERIFY() (intercept)
  4. DECISION.EXECUTE()

This produces approve/block outcomes, compliance flags, audit trail records, and reasoning logs in the same decision path.

Supported Rule Check Types

Check typePurpose
STEP_SEQUENCEEnsure required steps happen in order
SENSITIVE_DATA_SCANDetect sensitive data in trace/span input/output/metadata
NUMERIC_THRESHOLDCheck score-threshold and decision consistency
LLM_POLICYEvaluate policy requirements expressed in natural language

Verdict Logic

  • PROCESS_FAILURE: at least one rule returned FAIL
  • NEEDS_REVIEW: no FAIL, but at least one rule returned WARN
  • COMPLIANT: no FAIL and no WARN

Where Compliance Results Appear

  • Trace details include a dedicated compliance panel with re-run support
  • Prompt detail pages include compliance rate by prompt version
  • Experiment comparison pages include compliance comparison by run

Next Steps