AI agents are writing code, managing infrastructure, and making autonomous decisions. But who governs the governors?
We just released TealTiger v1.3.0 — deterministic, cryptographically verifiable governance for autonomous AI agents. Open source, Apache 2.0.
The Problem
Most AI governance falls into two traps:
- "Trust but verify" — Log everything, review later. Damage already done.
- "Block everything suspicious" — Use an LLM to judge another LLM. Non-deterministic, slow, expensive.
TealTiger takes a third path: deterministic enforcement with cryptographic proof. No LLM in the governance path. Same input + same policy = same decision, every time.
What's New in v1.3
🔐 Non-Human Identity (NHI)
Agents are principals, not ambient credentials:
- Lifecycle management (active → suspended → revoked)
- Scope enforcement — agents only access what they're allowed to
- Zero Standing Privilege — just-in-time grants that expire
- Attestation — verify agent integrity before granting access
🧾 TealProof — Cryptographic Receipts
Every governance decision produces a tamper-evident receipt:
- SHA-256 decision hash chained via Merkle tree
- RFC 3161 timestamping anchors
- Standalone Verification SDK (no TealTiger dependency needed for audit)
⚡ TealFlow — Declarative Governance Workflows
name: high-risk-action-approval
on:
agent_action:
risk_score_above: 80
jobs:
require-approval:
steps:
- uses: tealtiger/require-approval
with:
approvers: ['security-team']
timeout: '30m'
Org-level workflows set a floor that teams cannot weaken.
🧠 TealClassifier — Local ML (≤20ms)
ONNX-based inference running locally. No API calls. Deterministic. Four ensemble modes to combine regex + ML detection.
📊 TealDrift — Behavioral Drift Detection
Statistical baselines per agent/provider/model. Alerts when behavior diverges beyond threshold.
💰 TealMonitor v2 — Governance-Owned Cost Ceilings
Application code cannot override governance limits. Anomaly detection for cost spikes. Reasoning-token budgets.
🛡️ OWASP Agentic Top 10 — Zero Config
const engine = new TealEngineV13({
policy_packs: ['owasp-agentic-top10']
});
// All 10 ASI risks covered. One line.
🔌 Platform Adapters + 12 Providers
- AWS Bedrock Agents, AWS AgentCore, Azure AI Agent Service
- 5 new providers: DeepSeek, Groq, Together AI, HuggingFace TGI, xAI
- Total: 12 providers, 95%+ market coverage
Performance
| Component | p50 | p95 | p99 |
|---|---|---|---|
| TealEngine evaluate() | 0.8ms | 2.1ms | 4.3ms |
| TealClassifier (ONNX) | 12ms | 18ms | 22ms |
| TealGuard v2 (full) | 1.5ms | 3.2ms | 5.1ms |
| TealProof hash | 0.02ms | 0.05ms | 0.08ms |
Install
npm install tealtiger@1.3.0
pip install tealtiger==1.3.0
Full Backward Compatibility
v1.2 configs work without modification. All new features are opt-in. No breaking changes.
Links
Star us on GitHub if you believe AI agents need governance, not just guardrails. 🐯
Top comments (0)