Skip to main content

PGAR Runtime Playbooks

Playbooks · PGAR overview · Foundation →

Implementation guides for Policy-Governed Agent Runtime. The insight explains why proposal is not permission. The PGAR Blueprint is the reference design. These playbooks are the how: contracts, enforcement, boundaries, side effects, and tests.

THE CLAIM

The LLM proposes. The PEP enforces. The PDP decides. Every side effect gates at the PEP before downstream runs. These playbooks show you how to build that path.

Four playbook groups

GroupOverviewWhat you build
FoundationOpen →SARAC contracts, token custody, PEP/PDP loop, step-up, audit replay
AssurancePolicy test scenariosGolden authorization cases in CI, adversarial bypass tests
BoundaryOpen →Five trust boundaries from ingress through downstream
DomainTool registryTool manifests, lifecycle, RAG retrieval as governed actions

Plus Further reading (external) for third-party PDP/PEP and OAuth patterns mapped to this series.

  1. Foundation (6 playbooks): policy contracts → token & session → PEP → PDP → step-up → audit
  2. Assurance (2 playbooks): scenario library and adversarial bypass set (start in parallel once PEP exists)
  3. Boundary (5 playbooks + overview): ingress, agentic app, LLM proposal, PEP + PDP, downstream
  4. Domain (3 playbooks): pick tools, manifests, and/or RAG for your agent surface

Bridge reading: PGAR with RAG. Eval overlap: Action plane · Tool plane.

All playbooks at a glance

Foundation playbooks

PlaybookOne-line purpose
Policy contractsSARAC payload shapes the PDP evaluates
Token & sessionCredentials stay out of the LLM boundary
PEP enforcementReceive, ask PDP, audit, act on every proposal
PDP surfacesALLOW, DENY, STEP_UP rule authoring
Step-up & attestationRe-eval after human approval
Audit & replayImmutable verdict chain for examiners

Assurance playbooks

PlaybookOne-line purpose
Policy test scenariosRepresentative, edge, and incident replay cases in CI
Adversarial testingDirect downstream bypass, injection, shadow tools

Boundary playbooks

#PlaybookOne-line purpose
IngressToken validation and claims at the edge
Agentic appOrchestration, token custody, validation gates
LLM proposalTool schemas only; proposal not permission
PEP + PDPVerdict before any side effect
DownstreamRe-auth, execute, return to app

See Boundary overview for request flow and multi-agent patterns.

Domain playbooks

PlaybookOne-line purpose
Tool registryManifest contract, PEP gating per tool
Manifest lifecycleWhere manifests live, version, and roll back
RAG retrievalRetrieval as a governed tool and context pack

Who should read what

Foundation playbooks →