I built a governance layer for AI agents after watching them fail silently in production

Joe Carpenter — Tue, 07 Apr 2026 15:03:33 +0000

Picture this: a healthcare AI agent is triaging patient intake. It's running on a solid model, well-prompted, tested in staging. In production, a patient describes symptoms that match two possible care pathways — one urgent, one routine. The agent picks routine. No error is thrown. No log entry flags it. No human is notified. The patient waits three days for a callback that should have been a same-day referral.

Nobody finds out until a follow-up call two weeks later.

I'm not describing a real incident. But I've talked to enough people shipping agents into healthcare, fintech, and legal workflows to know this scenario isn't hypothetical — it's a near-miss waiting in every ungoverned production agent.

The actual problem

When we started shipping AI agents into regulated environments, the agents themselves weren't the problem. The problem was what surrounded them. Or didn't.

No audit trail. When something went wrong, we had inference logs at best — token inputs and outputs, no semantic record of why a decision was made or what policy it touched.

No rollback. If an agent executed a bad action — sent a message, wrote a record, triggered a workflow — we had no native mechanism to undo it or even flag it for review.

No explainability. When a compliance officer asked "why did your agent do that?", the honest answer was "we don't know, here's the prompt."

No governance gate. Actions executed on intent match. There was no intercept layer that could say: this action requires human review before proceeding.

In consumer apps, that's a bad UX. In regulated industries, that's liability.

What we built

DingDawg is a governance layer that wraps any AI agent and intercepts every action before it executes. It's MCP-native, which means it slots directly into Claude Code, Codex, and Cursor without custom middleware. It also works with any Python agent via a two-line install.

pip install dingdawg-loop

from dingdawg import schedule_governed

schedule_governed(agent_id="@hipaa-intake", cron="0 9 * * *")

That's it. Every action the agent takes is now routed through a governance gate before execution.

What the governance receipt looks like

Every governed action produces a receipt:

{
  "action_id": "act_9f3a21bc",
  "agent_id": "@hipaa-intake",
  "timestamp": "2026-04-06T09:00:14Z",
  "action": "route_patient",
  "policy_result": "BLOCKED",
  "lnn_trace": {
    "features": [
      { "name": "symptom_urgency_score", "weight": 0.84, "direction": "ESCALATE" },
      { "name": "prior_visit_flag", "weight": 0.61, "direction": "ESCALATE" },
      { "name": "routing_decision", "weight": -0.91, "direction": "CONFLICT" }
    ],
    "explanation": "Agent routing conflicts with urgency signal at 0.84 confidence. Human review required before execution."
  },
  "ipfs_cid": "bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi",
  "policy_version": "hipaa-v2.1"
}

The LNN causal trace is not a black-box score. It's a weighted feature explanation — you can see exactly which signals triggered the block and why. The ipfs_cid is a content-addressed, immutable proof stored on IPFS. Your regulator can verify it. You cannot alter it after the fact.

The open-core model

The SDK, governance primitives, LNN trace engine, and MCP integration are Apache 2.0. Free. Open on GitHub at github.com/dingdawg/governance-sdk.

The cloud tier adds multi-agent orchestration, managed IPFS pinning, enterprise policy management, and a creator marketplace where governance plugins can be published and monetized. We think the core infrastructure should be auditable. You shouldn't have to take our word for it on something this critical.

The regulatory window is closing

EU AI Act enforcement starts August 2026. It requires audit trails, explainability, and human oversight mechanisms for high-risk AI systems — healthcare, hiring, credit, law enforcement, critical infrastructure.

Colorado SB 205 hits June 30 2026. Narrower but sharper — specifically targeting consequential automated decisions with a right-to-explanation requirement.

If you're shipping agents in any of these domains and you don't have governance infrastructure in place, you're building technical debt that will be expensive to retrofit under deadline pressure.

Try it

Free harness score — 2 minutes, shows exactly where your agent governance gaps are: dingdawg.com/harness

Free compliance scan:

pip install dingdawg-compliance

GitHub: github.com/dingdawg/governance-sdk
npm: npmjs.com/package/dingdawg-governance

If you're shipping agents in regulated environments, I'd genuinely like to hear what you're running into. The governance problem is underspecified and we're building in public.