Core Governance Vocabulary

Core SDK And Governance

Cross-cutting agentic AI OTel SDK enumeration library and GRC governance vocabulary. This file is the required foundation — all industry vertical files extend it. Contains the gen_ai.* namespace attributes, agent governance and safety enums, cross-cutting data governance, OTel metrics catalog, and OPA Rego policy patterns.

v2026.03.20101 enum categories2.3 schema

Back to industry coverage library

Download mirrored JSON Browse vertical SDK quick starts Get API access

How to use this reference

Start with the core file if you need the cross-industry governance baseline.
Then move into the vertical file to see the regulated workflow vocabulary, policy surfaces, and implementation pressure unique to this market.
Use the OTel attributes and policy paths here as the common language across SDK instrumentation, governance review, and evidence export.

Loading Model

Mirrored file: 00_core_sdk_and_governance.json
Kind: core
Loading order: Load 00_core_sdk_and_governance.json first, then the relevant industry vertical file(s). The agent_registry_schema, audit_log_schema, hitl_task_schema, and policy_rule_schema in this file are the shared contracts consumed by the GRC portal regardless of vertical.

OTel Namespaces

agentic_paymentsgen_aigen_ai.datagen_ai.governancegen_ai.metrics

Implementation examples

Core Agentic SDK Library: Agent Autonomy Level. Drive OPA rules requiring HITL approval for supervised_autonomous and fully_autonomous agents on tier_3 or tier_4 risk tasks. (Eu AI Act: Article 14 — Human oversight measures)
Core Agentic SDK Library: Agent Role Kind. Multi-agent topology mapping; scope least-privilege tool grants per role; inter-agent trust policy scoping.
Core Agentic SDK Library: Tool Type. Require HITL for payment, computer_use, and identity_verification when risk_tier >= tier_3. (Eu AI Act: Article 13 — Transparency obligations)
Core Agentic SDK Library: Output Confidence Tier. Require HITL review when confidence_tier is very_low or low on high-value, high-impact, or irreversible actions. (Nist AI 600 1: MEASURE 2, MANAGE 2 - uncertainty and output quality management)

Illustrative policy patterns

hitl required for critical irreversible actions

Require prior HITL approval before a fully autonomous agent executes an irreversible critical action on a tier_4 risk task.

Regulatory basis: EU AI Act Article 14; NIST AI RMF MANAGE 2.2

package gen_ai.governance

default allow = false

allow { input.gen_ai_agent_autonomy_level != "fully_autonomous" }

allow {
  input.gen_ai_task_risk_tier != "tier_4_critical"
  input.gen_ai_action_reversibility != "irreversible_critical"
}

allow { input.gen_ai_hitl_decision == "approved" }
allow { input.gen_ai_hitl_decision == "modified_and_approved" }

eu ai act high risk conformity gate

Block deployment of EU AI Act Annex III high-risk agentic systems without a conformity assessment on record.

Regulatory basis: EU AI Act Article 43

package gen_ai.regulatory

conformity_complete := {"self_assessment_complete", "third_party_certified"}

deny[msg] {
  input.gen_ai_regulatory_eu_ai_act_risk_level in {"high_risk_annex1", "high_risk_annex3"}
  input.gen_ai_deployment_environment == "production"
  not input.gen_ai_regulatory_conformity_status in conformity_complete
  msg := sprintf("EU AI Act high-risk deployment blocked: conformity status '%v' does not satisfy Article 43", [input.gen_ai_regulatory_conformity_status])
}

From enum to evidence

The same vocabulary should carry from instrumentation through review. The OTel attribute names here become emitted metadata, those attributes become policy inputs, and those same labels should still be intelligible when a reviewer opens the decision record later.

import { VeriproofClient, VeriproofSdkOptions, SessionMetadata } from '@veriproof/sdk-core';

const client = new VeriproofClient(
  VeriproofSdkOptions.createProduction({
    apiKey: process.env.VERIPROOF_API_KEY!,
    applicationId: '00-core-sdk-and-governance-production',
  }),
);

const session = client
  .startSession('00-core-sdk-and-governance.review')
  .withSessionMetadata(SessionMetadata.forTransaction('txn-1001').withEnvironment('production'))
  .addStep('evaluate_workflow', { output: { status: 'completed' } })
  .withMetadata('gen_ai.operation.name', 'chat')
  .withMetadata('gen_ai.task.state', 'created')
  .withMetadata('gen_ai.task.status', 'success')

await session.complete();

SDK: emit the OTel attribute shown on this page during the decision workflow.
Policy: reference the matching `opa_policy_path` in governance rules.
Evidence: surface the same label and value in the portal and exported record so reviewers are not translating between systems.

For a step-by-step getting-started walkthrough specific to this vertical, browse the industry SDK quick-start guides. For the full core API reference, continue with TypeScript, Python, or .NET.

Ready to connect your first workflow?

Register a free Builder account for full SDK and REST API access, enter the live demo if you want to see the portal first, or request a coverage workshop if your team wants a guided review of this vertical before implementation starts.

Live demo →Get API access →Request coverage workshop →

Highlighted Enum Categories

Enum	OTel Attribute	Values
OperationName Defines the OpenTelemetry GenAI operation name recorded on a span so telemetry, dashboards, and policy rules can distinguish chat, retrieval, tool execution, and related agent actions. Terminology aligns to the OpenTelemetry GenAI semantic conventions. Workflow area: Core Agentic SDK Library	gen_ai.operation.name	chat, create_agent, embeddings, execute_tool, generate_content, invoke_agent, retrieval, text_completion
TaskLifecycleState Defines the allowed values for Task Lifecycle State in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry Task Semantic Conventions. Workflow area: Core Agentic SDK Library	gen_ai.task.state	created, submitted, planned, started, in_progress, paused, suspended, awaiting_hitl
TaskOutcomeStatus Defines the allowed values for Task Outcome Status in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry GenAI SIG. Workflow area: Core Agentic SDK Library	gen_ai.task.status	success, failure, timeout, cancelled, unknown, partial_success, policy_denied, guardrail_blocked
TaskIntentKind Defines the allowed values for Task Intent Kind in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry Task Attributes Proposal. Workflow area: Core Agentic SDK Library	gen_ai.task.kind	planning, retrieval, reasoning, execution, evaluation, delegation, synthesis, coordination
AgentAutonomyLevel Defines the allowed values for Agent Autonomy Level in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to NIST AI RMF autonomy spectrum; EU AI Act Article 14. Workflow area: Core Agentic SDK Library	gen_ai.agent.autonomy_level	fully_manual, assisted, semi_autonomous, supervised_autonomous, fully_autonomous
AgentRoleKind Defines the allowed values for Agent Role Kind in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to CrewAI, AutoGen, LangGraph agent role patterns; CSA MAESTRO framework. Workflow area: Core Agentic SDK Library	gen_ai.agent.role	orchestrator, subagent, tool_agent, retrieval_agent, validator_agent, monitor_agent, human_proxy, critic_agent
AgentMemoryOperation Defines the allowed values for Agent Memory Operation in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to Richmond Alake / Agentic Memory Framework; GDPR Article 17. Workflow area: Core Agentic SDK Library	gen_ai.memory.operation	generation, storage, retrieval, integration, updating, deletion, extraction, consolidation
MemoryType Defines the allowed values for Memory Type in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to IBM Agentic Memory Paradigm; OpenSearch agentic memory patterns. Workflow area: Core Agentic SDK Library	gen_ai.memory.type	working, episodic, semantic, procedural, long_term, history, external_store, vector_index
ToolType Defines the allowed values for Tool Type in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry GenAI Spans spec; Anthropic MCP specification. Workflow area: Core Agentic SDK Library	gen_ai.tool.type	function, extension, data_store, code_interpreter, web_search, file_system, database, api_connector
ToolCallOutcome Defines the allowed values for Tool Call Outcome in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry GenAI SIG; OPA agentic guardrail patterns. Workflow area: Core Agentic SDK Library	gen_ai.tool.call.outcome	success, failure, timeout, rate_limited, permission_denied, guardrail_blocked, not_found, invalid_input
ModelOutputType Defines the allowed values for Model Output Type in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenTelemetry GenAI Semantic Conventions. Workflow area: Core Agentic SDK Library	gen_ai.output.type	text, image, audio, video, embedding, classification, structured_json, code
ReasoningEffortLevel Defines the allowed values for Reasoning Effort Level in the core governance catalog so OpenTelemetry spans and OPA policy inputs remain consistent across VeriProof. Terminology aligns to OpenLLMetry / OpenTelemetry GenAI SIG. Workflow area: Core Agentic SDK Library	gen_ai.request.reasoning_effort	minimal, low, medium, high, extended

This reference page is rendered from the mirrored JSON file inside the docs app, not from a hand-written website model.

If you need the machine-readable asset for offline review, automation, or internal diffing, use the mirrored JSON download above.

Next: open the corresponding SDK reference under SDK documentation and then compare it with the public-site industry page to see how the same vocabulary is framed commercially.