Gait Post 1
AppSec
If Policy Runs After the Tool Call, It Isn't a Control
Why prompts and post-hoc review are not enough once an agent can execute write-capable actions.
CAISI
Independent research and operating notes on AI agent governance.
CAISI Blog / Gait Implementation Series
Policy Before Action
This four-part series uses the current Gait repo as implementation context for a problem many teams still avoid naming clearly: policy only becomes real when it can change what an agent is allowed to do before the action executes. YAML policy, boundary verdicts, signed traces, and CI regressions matter because they turn AI governance from advisory language into operating discipline.
Boundary before side effect
Signed traces, not screenshots
Fail-closed runtime control
Why a separate Gait series
The CAISI research and operating-model posts already argue that execution boundaries matter. This collection narrows the lens to the enforcement layer itself: the moment a tool call is allowed, blocked, or held for approval, and the artifact trail that proves what happened.
That is worth separating because teams routinely collapse policy into prompts, style guides, or after-the-fact observability. Gait is useful implementation context precisely because the repo is explicit about a different model: tool-boundary verdicts before side effects, signed evidence, and CI regressions that turn incidents into durable tests.
The 4 posts
Gait Post 2
Security leadership
".eslintrc for Agents" Is the Wrong Mental Model
Why the analogy helps people start, but hides the difference between static rules and execution-time enforcement.
Gait Post 3
MCP trust
MCP Trust Needs a Boundary, Not Just a Config File
Why MCP trust cannot stop at declaration review once real tool calls are crossing the boundary.
Gait Post 4
Proof and CI
Signed Traces and Regressions Are How Agent Policy Becomes Real
Why signed artifacts and deterministic regressions are the bridge from policy aspiration to durable operational proof.