Use POST /api/check for full records and POST /api/gate when an agent, IoT gateway, robot workflow, or CI/CD process needs an allow/review/block response before execution.
{
"policy_profile": "agentic_ai",
"action_title": "AI agent sends customer email",
"system_or_context": "CRM assistant",
"proposed_action": "Send an external email to a customer",
"expected_governed_effect": "Customer-facing communication",
"evidence_reference": "ticket-123 / sha256:...",
"privacy_mode": "hash_only",
"answers": {
"verified_mandate": "yes",
"valid_constraints": "yes",
"live_context_integrity": "yes",
"accountability": "yes",
"reviewability": "yes",
"sufficient_verifiable_proof": "yes"
},
"notes": {
"live_context_integrity": "Context checked at execution time."
}
}