Skip to content
GLACIS GLACIS GLACIS

OVERT-as-Code quickstart — AI governance as code

This quickstart takes you from an empty file to a validated, tested AI governance policy you can run in CI.

Prerequisites

Section titled “Prerequisites”
  • Rust 1.75+ (2021 edition) — for the preview build from source
  • A terminal

  1. Write a policy. Create overt.toml:

    [policy]
    id = "my-agent-v1"
    name = "My Agent Governance Policy"
    enforcement_mode = "shadow"   # observe first; switch to "enforce" when ready
    profile = "enterprise-general"
    

    [tool.defaults]
    mode = "deny"
    

    [[tool.allow]]
    name = "search_docs"
    classification = "read_only"
    

    [[tool.allow]]
    name = "send_email"
    requires_approval = true       # human-in-the-loop gate
    approval_timeout_secs = 120
    

    [[tool.deny]]
    name = "delete_*"
    reason = "Destructive operations require a separate workflow"

  2. Validate it. Catch errors before they reach production:

    Terminal window
    glacis overt validate overt.toml
    Validation complete: 0 error(s), 0 warning(s)
    Policy 'my-agent-v1' v1.0.0 is VALID
    Policy hash: f2f14dfac40cb97e

  3. Write a test suite. Assert decisions for specific requests in tests.toml:

    name = "My Agent Policy Tests"
    

    [[tests]]
    name = "destructive tool is denied"
    [tests.request]
    type = "tool_call"
    tool_name = "delete_account"
    [tests.expect]
    decision = "deny"
    reason_contains = "Destructive"

  4. Run the tests:

    Terminal window
    glacis overt test overt.toml -t tests.toml
    PASS: destructive tool is denied
    1 passed, 0 failed

  5. Wire it into CI. Fail the build on policy regressions:

    - run: glacis overt validate overt.toml
    - run: glacis overt test overt.toml -t tests.toml

Next steps

Section titled “Next steps”