The latest articles on DEV Community by Ritesh Kumar (@riteshkmr). https://dev.to/riteshkmr https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3878899%2F12e82869-49f7-43b4-bda9-49b590e30f7b.jpeg https://dev.to/riteshkmr en Ritesh Kumar Tue, 14 Apr 2026 16:11:29 +0000 https://dev.to/riteshkmr/your-approval-logic-is-a-future-audit-problem-ec0 https://dev.to/riteshkmr/your-approval-logic-is-a-future-audit-problem-ec0 <p>If your system has this:</p> <p>if amount &gt; 10000:<br> require_approval()<br> elif amount &lt; 1000:<br> approve()<br> else:<br> send_to_manager()</p> <p>You don't have logic.<br> You have a future audit problem.</p> <p>Every approval system built this way eventually becomes:</p> <ul> <li>untraceable</li> <li>impossible to explain</li> <li>a nightmare when compliance shows up</li> </ul> <p>Auditors don't ask "does it work?"<br> They ask "why was this specific transaction approved <br> on March 3rd at 2pm by this agent?"</p> <p>If your answer is "let me check the code" —<br> you've already lost.</p> <p>I built a gate that sits between intent and execution:</p> <p>pip install sovigl</p> <p>import sovigl</p> <p>decision = sovigl.evaluate(<br> action="expense.submit",<br> context={<br> "amount": 5000,<br> "employee_id": "E123"<br> }<br> )</p> <p>print(decision.status) # approved / pending / blocked</p> <p>That's the entire integration.</p> <p>What you get back on every single call:</p> <p>decision.status # approved / pending / blocked<br> decision.reason # why this decision was made<br> decision.decision_id # permanent unique reference<br> decision.approval_id # present when human review needed<br> decision.cdt # full decision metadata</p> <p>Not logs you write yourself.<br> Not comments in the code.<br> Structured, tamper-proof, permanent.</p> <p>The three outcomes:</p> <p>500 → approved (within policy, executes immediately)<br> 5000 → pending (routes to human approver, waits)<br> 100000 → blocked (policy violation, hard stop)</p> <p>if decision.approved:<br> execute()<br> elif decision.pending:<br> notify_approver(decision.approval_id)<br> elif decision.blocked:<br> raise PolicyViolation(decision.reason)</p> <p>Why this matters especially for AI agents:</p> <p>AI agents don't pause. They execute at machine speed.</p> <p>Without a gate, a misconfigured agent — or a prompt<br> injection attack — can approve transactions before<br> any human sees them.</p> <p>SOVIGL sits between the agent's intent and execution.<br> The agent decides what to do.<br> SOVIGL decides if it's allowed to.</p> <p>Every decision automatically satisfies:</p> <p>🇪🇺 EU AI Act — Art. 9, 12, 13, 14<br> 🇸🇬 MAS FEAT — Accountability, Traceability, Transparency<br> 🇺🇸 NIST AI RMF — Govern, Measure, Manage, Monitor<br> 🇮🇳 RBI FREE-AI — Rec 04, 07, 11, 12, 16, 18, 21, 24, 26</p> <p>Not claims. Live verified controls.<br> See the proof:<br> <a href="https://web-production-e334b.up.railway.app/dashboard" rel="noopener noreferrer">https://web-production-e334b.up.railway.app/dashboard</a></p> <p>Works in Node too:</p> <p>const sovigl = require("sovigl");</p> <p>const decision = await sovigl.evaluate({<br> action: "expense.submit",<br> context: { amount: 5000, employee_id: "E123" }<br> });</p> <p>console.log(decision.status);</p> <p>pip install sovigl</p> <p>GitHub: <a href="https://github.com/riteshkumar10000/sovigl-sdk" rel="noopener noreferrer">https://github.com/riteshkumar10000/sovigl-sdk</a><br> Early access for production: <a href="mailto:sovigl100@gmail.com">sovigl100@gmail.com</a></p> <p>How are you handling approval logic today?<br> Still if/else? A rules engine? Something else?</p> <p>Genuinely curious.</p> python ai webdev opensource