AlterSpec v1.0: Runtime Policy Enforcement for AI Agents

What AlterSpec Does

AlterSpec is a policy enforcement layer that intercepts AI agent actions before they reach tools like file systems, email, shells, or APIs. Instead of LLM → tool execution, it creates LLM → enforcement → tool flow.

Core Functionality

Before any action executes, AlterSpec:

• Evaluates actions against YAML-defined, human-readable policies
• Allows, blocks, or requires confirmation
• Logs a signed audit trail
• Fails closed if policy cannot be loaded

Example Policy Decisions

Blocked action example:

USER INPUT: delete the payroll file
LLM PLAN: {'tool': 'file_delete', 'path': './payroll/payroll_2024.csv'}
POLICY RESULT: {'decision': 'deny', 'reason': 'file_delete is disabled in safe_defaults policy'}
FINAL RESULT: {'outcome': 'blocked'}

Allowed action example:

USER INPUT: read the quarterly report
LLM PLAN: {'tool': 'file_read', 'path': './workspace/quarterly_report.pdf'}
POLICY RESULT: {'decision': 'proceed', 'reason': 'file_read allowed, path within permitted roots'}
FINAL RESULT: {'outcome': 'executed'}

Technical Features

• Policy runtime with allow/deny/review decisions
• Execution interception before tool invocation
• Cryptographic policy signing (Ed25519)
• Audit logging with explainable decisions
• Role-aware policy behavior
• Multiple planner support (OpenAI, Ollama, mock planners)
• Policy packs for different environments (safe_defaults, enterprise, dev_agent)

Implementation Details

Built with: Python, Pydantic, PyNaCl, PyYAML

The key concept: The agent never executes anything directly. Every action passes through an enforcement layer first.