PGAR Foundation Playbooks
PGAR overview · Blueprint · Foundation overview · Policy contracts →
Foundation playbooks define how PGAR works before you wire a specific agent surface. They cover contracts, custody, enforcement, verdicts, attestation, and audit. Read them before boundary and domain playbooks.
Build foundations first. Boundaries describe where control lives; domain playbooks describe what side effects look like. Neither replaces SARAC, PEP, or audit.
Implementation order
| # | Playbook | What it defines | Read when |
|---|---|---|---|
| 1 | Policy contracts | SARAC shape the PDP evaluates | Designing PEP-to-PDP payloads |
| 2 | Token & session | What crosses the LLM line (and what never does) | PGAR test, credential stripping |
| 3 | PEP enforcement | Receive, ask PDP, audit, act | Building the choke point |
| 4 | PDP surfaces | ALLOW, DENY, STEP_UP rules | Authoring policy versions |
| 5 | Step-up & attestation | Re-eval after human approval | High-risk actions, four-eyes |
| 6 | Audit & replay | Immutable verdict chain for examiners | Retention, replay packs |
Then boundary playbooks (where each control sits in the request path) and domain playbooks (tools, manifests, RAG).
How foundations connect
Every tool proposal at runtime flows: agentic app assembles SARAC → PEP asks PDP → verdict logged → ALLOW reaches downstream or DENY/STEP_UP returns to app.
Assurance (after foundations)
| Playbook | Purpose |
|---|---|
| Policy test scenarios | Golden authorization cases in CI |
| Adversarial testing | Bypass attempts, prompt injection against enforcement |
See the Assurance playbooks category in the sidebar for both.