"How much latency does this add?" It's the first question every CTO asks. If policy enforcement slows your agents to a crawl, the security benefits don't matter.
Here are real-world latency benchmarks from PolicyLayer deployments.
TL;DR: The Numbers
| Operation | P50 Latency | P95 Latency | P99 Latency |
|---|---|---|---|
| Gate 1 (Intent Validation) | 28ms | 45ms | 72ms |
| Gate 2 (Authorisation Verify) | 8ms | 15ms | 24ms |
| Total Policy Overhead | 36ms | 60ms | 96ms |
For comparison:
- Ethereum block time: 12,000ms
- Average DEX swap: 2,000-15,000ms
- Human approval: 60,000-3,600,000ms (1 min to 1 hour)
Policy enforcement adds less than 100ms to a process that takes seconds to minutes.
Methodology
These benchmarks come from production deployments across:
- 3 enterprise customers
- 1.2M total transactions measured
- 90-day measurement period
- Geographic distribution: US-East, EU-West, APAC
Test conditions:
- PolicyLayer API hosted on AWS (multi-region)
- Clients in same region as nearest API endpoint
- HTTPS/TLS 1.3 connections
- Connection pooling enabled
Gate 1: Intent Validation
Gate 1 is where the work happens:
- Policy lookup
- Counter retrieval
- Limit evaluation
- Amount reservation
- JWT generation
Latency distribution:
0-20ms ████████████░░░░░░░░ 35%
20-40ms ██████████████████░░ 52%
40-60ms ████░░░░░░░░░░░░░░░░ 9%
60-80ms ██░░░░░░░░░░░░░░░░░░ 3%
80ms+ █░░░░░░░░░░░░░░░░░░░ 1%
What affects Gate 1 latency:
| Factor | Impact |
|---|---|
| Policy complexity | +5-15ms for complex rules |
| Counter operations | +3-8ms (Redis lookup) |
| Geographic distance | +10-50ms per 5000km |
| TLS handshake (first request) | +50-100ms (amortised) |
Gate 2: Authorisation Verification
Gate 2 is lightweight:
- JWT signature verification
- Fingerprint comparison
- Token consumption marking
Latency distribution:
0-10ms ██████████████████░░ 75%
10-20ms █████░░░░░░░░░░░░░░░ 18%
20-30ms ██░░░░░░░░░░░░░░░░░░ 5%
30ms+ █░░░░░░░░░░░░░░░░░░░ 2%
Gate 2 is faster because:
- No database writes (token consumption is async)
- No complex policy evaluation
- Cryptographic operations are optimised
End-to-End Transaction Flow
Here's where policy enforcement fits in a typical transaction:
┌────────────────────────────────────────────────────────────────┐
│ Total Transaction Time: ~3,500ms (example ETH transfer) │
├────────────────────────────────────────────────────────────────┤
│ │
│ Agent Decision [░░░░░░░░░░] ~100ms │
│ Gate 1 (Policy) [█] ~35ms │
│ Gate 2 (Verify) [▪] ~10ms │
│ Transaction Sign [░] ~5ms │
│ RPC Submission [░░] ~50ms │
│ Mempool Wait [░░░░░░░░░░░░░░░░░░░░░░░░░] ~3,000ms │
│ Block Confirmation [░░░░░] ~300ms │
│ │
└────────────────────────────────────────────────────────────────┘
Policy overhead: 45ms / 3,500ms = 1.3%
For most blockchain transactions, policy enforcement is under 2% of total latency.
Optimisation Techniques
Connection Pooling
Reuse HTTPS connections to eliminate TLS handshake overhead:
import { PolicyWallet } from '@policylayer/sdk';
// SDK automatically pools connections
const wallet = new PolicyWallet(adapter, {
apiUrl: 'https://api.policylayer.com',
// Connection pooling is enabled by default
keepAlive: true,
maxSockets: 10
});
Impact: -50-100ms on first request of a session.
Regional Deployment
Choose the API region closest to your agents:
| Your Region | Recommended Endpoint | Added Latency |
|---|---|---|
| US East | api.policylayer.com | Baseline |
| US West | api-usw.policylayer.com | +15ms |
| EU | api-eu.policylayer.com | +5ms from EU |
| APAC | api-apac.policylayer.com | +10ms from APAC |
Batch Operations
For high-volume scenarios, batch intent validation:
// Instead of sequential validation
for (const intent of intents) {
await wallet.validateIntent(intent); // 35ms each
}
// Use batch validation
const results = await wallet.validateIntentBatch(intents); // 50ms total
Impact: Up to 10x throughput improvement for batch operations.
Throughput Limits
PolicyLayer API can handle:
| Tier | Requests/Second | Monthly Volume |
|---|---|---|
| Starter | 10 | 100,000 |
| Growth | 100 | 1,000,000 |
| Enterprise | 1,000+ | Unlimited |
For reference:
- 100 req/s = 8.6M transactions/day
- Most agents process 10-1,000 transactions/day
Failure Scenarios
API Unavailable
PolicyLayer operates fail-closed. If the API is unreachable:
try {
const result = await wallet.send(transaction);
} catch (error) {
if (error.code === 'POLICY_API_UNAVAILABLE') {
// Transaction blocked - API unreachable
// This is intentional: fail-closed design
await alertOps('PolicyLayer API unavailable');
return { blocked: true, reason: 'Policy service unavailable' };
}
}
Why fail-closed: If we can't verify the policy, we can't allow the transaction. This prevents agents from operating outside policy bounds during outages.
Timeout Configuration
Adjust timeouts based on your latency requirements:
const wallet = new PolicyWallet(adapter, {
apiUrl: 'https://api.policylayer.com',
timeout: {
validateIntent: 5000, // 5 seconds (default)
verifyAuth: 2000, // 2 seconds (default)
total: 10000 // 10 seconds max
}
});
Comparison: Policy Layer vs Alternatives
| Approach | Latency | Throughput | Determinism |
|---|---|---|---|
| PolicyLayer | 35-100ms | 1000+ req/s | Deterministic |
| On-chain guards | 12,000ms+ | ~10 tx/s | Deterministic |
| Multisig | 60,000ms+ | ~1 tx/min | Human-dependent |
| LLM guardrails | 500-2000ms | ~10 req/s | Non-deterministic |
PolicyLayer is 100-1000x faster than alternatives while maintaining deterministic enforcement.
Monitoring Latency
Track policy latency in your observability stack:
const startGate1 = Date.now();
const validation = await wallet.validateIntent(intent);
const gate1Latency = Date.now() - startGate1;
const startGate2 = Date.now();
const verification = await wallet.verifyAuthorisation(auth);
const gate2Latency = Date.now() - startGate2;
metrics.histogram('policylayer.gate1.latency', gate1Latency);
metrics.histogram('policylayer.gate2.latency', gate2Latency);
metrics.histogram('policylayer.total.latency', gate1Latency + gate2Latency);
Related Reading
- Two-Gate Enforcement Explained — Architecture deep-dive
- SDK Documentation — Configuration options
- API Reference — Endpoint specifications
Ready to add policy enforcement without sacrificing speed?
- Quick Start Guide — Production-ready in 5 minutes
- GitHub — Open source SDK
Top comments (0)