DEV Community

Ritesh Kumar
Ritesh Kumar

Posted on

Your approval logic is a future audit problem

#python #webdev #ai #opensource

If your system has this:

if amount > 10000:
require_approval()
elif amount < 1000:
approve()
else:
send_to_manager()

You don't have logic.
You have a future audit problem.

Every approval system built this way eventually becomes:

  • untraceable
  • impossible to explain
  • a nightmare when compliance shows up

Auditors don't ask "does it work?"
They ask "why was this specific transaction approved
on March 3rd at 2pm by this agent?"

If your answer is "let me check the code" —
you've already lost.

I built a gate that sits between intent and execution:

pip install sovigl

import sovigl

decision = sovigl.evaluate(
action="expense.submit",
context={
"amount": 5000,
"employee_id": "E123"
}
)

print(decision.status) # approved / pending / blocked

That's the entire integration.

What you get back on every single call:

decision.status # approved / pending / blocked
decision.reason # why this decision was made
decision.decision_id # permanent unique reference
decision.approval_id # present when human review needed
decision.cdt # full decision metadata

Not logs you write yourself.
Not comments in the code.
Structured, tamper-proof, permanent.

The three outcomes:

500 → approved (within policy, executes immediately)
5000 → pending (routes to human approver, waits)
100000 → blocked (policy violation, hard stop)

if decision.approved:
execute()
elif decision.pending:
notify_approver(decision.approval_id)
elif decision.blocked:
raise PolicyViolation(decision.reason)

Why this matters especially for AI agents:

AI agents don't pause. They execute at machine speed.

Without a gate, a misconfigured agent — or a prompt
injection attack — can approve transactions before
any human sees them.

SOVIGL sits between the agent's intent and execution.
The agent decides what to do.
SOVIGL decides if it's allowed to.

Every decision automatically satisfies:

🇪🇺 EU AI Act — Art. 9, 12, 13, 14
🇸🇬 MAS FEAT — Accountability, Traceability, Transparency
🇺🇸 NIST AI RMF — Govern, Measure, Manage, Monitor
🇮🇳 RBI FREE-AI — Rec 04, 07, 11, 12, 16, 18, 21, 24, 26

Not claims. Live verified controls.
See the proof:
https://web-production-e334b.up.railway.app/dashboard

Works in Node too:

const sovigl = require("sovigl");

const decision = await sovigl.evaluate({
action: "expense.submit",
context: { amount: 5000, employee_id: "E123" }
});

console.log(decision.status);

pip install sovigl

GitHub: https://github.com/riteshkumar10000/sovigl-sdk
Early access for production: sovigl100@gmail.com

How are you handling approval logic today?
Still if/else? A rules engine? Something else?

Genuinely curious.

Top comments (0)