polygraph-gov 0.0.0

Trace-level governance analysis for agentic AI systems, mapped to EU AI Act and NIST AI RMF.

Polygraph

Open-source governance tooling for agentic AI systems.

Status: active development, pre-1.0. Created May 29, 2026. Targeting v1.0 in late September 2026. Built in the open — star this repository to follow along.

What this is

Polygraph is a Python library and CLI that ingests execution traces from agentic AI systems and produces structured governance assessments: which policies were violated, which regulatory clauses each violation maps to, and an audit-ready evidence bundle that can be imported into existing GRC platforms.

It is designed to fill a specific gap in the current AI governance stack. Today's platforms (Credo, VerifyWise, Holistic AI, Fairly) are sophisticated document repositories — excellent at storing, organizing, and presenting evidence to auditors, but the evidence still has to be generated by humans running scripts and writing memos. Polygraph is the evidence-generating engine that feeds into those platforms, not a replacement for them.

Why agents need their own governance layer

The traditional AI governance model — risk assessment before deployment, fairness testing at model promotion, monitoring at the metrics layer — was designed for static models that produce predictions. It breaks down when the subject of governance is an agent that:

• Reasons over many steps, where each step is benign but the composite trajectory is risky
• Uses tools dynamically, potentially outside its declared scope
• Spawns or coordinates other agents, multiplying the surface area faster than any review process can keep up
• Operates against open-ended objectives, making "goal drift" a meaningful failure mode

Pre-deployment review cannot enumerate this state space. The governance function has to migrate from a gate to continuous, trajectory-level evaluation. Polygraph is one piece of the tooling that makes that migration possible.

Planned v1.0 scope

Trace ingestion

• OpenTelemetry GenAI semantic conventions
• LangSmith trace exports
• Langfuse trace exports

Built-in detectors

• Tool-scope violations
• Unauthorized tool sequences
• Loop and runaway-behavior detection
• PII exposure in tool arguments and model context
• Prompt-injection patterns in tool outputs
• Goal drift
• Dynamic scope creep
• Multi-step risk accumulation scoring

Policy and reporting

• YAML policy DSL for declaring detectors, severity thresholds, allowlists, and regulatory profile
• Regulatory mapping for EU AI Act (high-risk obligations, Annex III and Article 50) and the NIST AI RMF Generative AI Profile (NIST.AI.600-1)
• OSCAL-compatible evidence bundle export for ingestion into existing GRC platforms
• Extension API for writing custom detectors

Installation

pip install polygraph-gov

(Coming with v1.0. The current repository is a placeholder.)

Status

Field	Value
Created	May 29, 2026
v1.0 target	Late September 2026
License	Apache-2.0
Maintainer	@jodyb

Follow along

Star this repository to follow progress. The Discussions tab is open for design feedback, use-case suggestions, and requests for additional detectors or trace-format support.

---

This repository is under active construction. APIs, scope, and design decisions will change before v1.0. If you are working on the same problem space and want to compare notes, open a Discussion.