The Governance Tuple
Every governed AI decision produces a triple: CONTRACT (what was authorized), DCT (who authorized it, cryptographically signed), and EVIDENCE (what actually happened). This is the atomic record that makes AI governance auditable.
from hummbl_governance import DelegationTokenManager, BusWriter, CostGovernor
# CONTRACT: define what the agent may do
contract = {
"ops_allowed": ["read", "summarize"],
"resources": ["docs/*"],
"expiry": "2026-12-31T23:59:59Z"
}
# DCT: cryptographically bind the delegation
dtm = DelegationTokenManager()
token = dtm.issue(
issuer="orchestrator",
subject="summarizer-agent",
operations=contract["ops_allowed"],
resources=contract["resources"]
)
# EVIDENCE: audit what actually happened
bus = BusWriter("governance.jsonl")
bus.append(agent="summarizer-agent", action="read", resource="docs/report.md")
bus.append(agent="summarizer-agent", action="summarize", resource="docs/report.md")
Cognitive Layer: Base120 Mental Models
Base120 is the secondary governed reasoning substrate that operates over runtime governance primitives. It keeps model selection, problem framing, and reasoning transformations inspectable without turning the homepage into a package-status ledger.
Try It Now
Describe a problem you're facing and get recommended mental models instantly. No signup required.
Recommended Models
Use Cases
HUMMBL is for teams putting agents into production workflows where authority, containment, evidence, compliance, and release risk must be explicit.
Agent Fleet Authority
Scope what every agent may do with HMAC-signed delegation tokens: operations, resources, caveats, expiry. No ambient permissions.
Runtime Containment
Kill switches, circuit breakers, and cost governors that stop a misbehaving agent in-flight, not in next sprint's postmortem.
Audit-Ready Evidence
Append-only receipts for every governed decision. Answer who authorized this and what actually happened in minutes, not a forensics engagement.
EU AI Act Readiness
Map runtime evidence to Annex III obligations ahead of the December 2027 target. Compliance generated by the system, not written about it.
Governance Gates in CI/CD
Block merges and deploys that violate declared contracts. The same gates that validate this site validate your pipeline.
Procurement-Grade Proof
Public trust surfaces with source-linked claims: hand security reviewers a validation page instead of a questionnaire thread.