Frequently asked questions.

Nomotic is the Behavioral Control Plane™ for AI agents. It's middleware that sits in the execution path of your AI agents and evaluates every action across 14 governance dimensions before the action executes. It can allow, deny, or escalate to human review, and it maintains interrupt authority throughout execution so it can stop an agent mid-action if behavioral drift is detected.

Think of it as the governance layer that decides not just what agents can do (permissions), but what they should do given their behavioral history, trust level, context, and organizational policy.

Guardrails filter LLM outputs after they're generated. They check whether a response contains harmful content, PII, or off-topic material. That's valuable, but it's not governance.

Nomotic governs agent behavior before, during, and after execution. It evaluates whether an agent should take a specific action (like sending an email, querying a database, or modifying a record) based on 14 dimensions of risk, the agent's behavioral history, its trust trajectory, and the organizational context. Guardrails can't say "this agent's behavior has been drifting for the last 200 actions and we should tighten its authority." Nomotic can.

Every action is scored across: Scope Compliance, Authority Verification, Resource Boundaries, Behavioral Consistency, Cascading Impact, Stakeholder Impact, Incident Detection, Isolation Integrity, Temporal Compliance, Precedent Alignment, Transparency Requirements, Human Override, Ethical Alignment, and Jurisdictional Compliance.

Four of these (Scope, Isolation, Human Override, and Jurisdictional) carry veto authority, meaning they can block an action regardless of how well it scores on other dimensions. You can't override a scope violation with good ethics scores.

Every governance evaluation is an optimization problem: minimize the expected cost of the decision given the available information. Blocking a safe action has a cost (lost productivity). Allowing a dangerous action has a cost (potential harm, liability, compliance violation). Nomotic's evaluation framework weighs these costs across all 14 dimensions.

This extends to escalation: Nomotic escalates to human review when the expected value of human input exceeds the cost of the delay. Not always. Not never. When the math says it matters. We call this VOI-based escalation (Value of Information).

Average evaluation time is 0.62ms across all 14 dimensions. The three-tier decision cascade means simple cases (clear pass/fail on hard boundaries) resolve in microseconds at Tier 1. Only ambiguous cases escalate to the weighted scoring at Tier 2 or full deliberation at Tier 3. Most actions never need Tier 3.

The entire Nomotic governance runtime uses only the Python standard library. No numpy, no requests, no third-party packages. This means zero supply chain risk from the governance layer (a compromised dependency can't compromise your governance), no version conflicts with your existing agent framework, minimal startup latency, and it runs anywhere Python 3.10+ runs.

Agents change over time. An agent that was 70% read actions might gradually shift to 50% write actions. That's behavioral drift. Nomotic detects drift across five distributions: action types, targets, temporal patterns, governance outcomes, and semantic meaning.

Critically, Nomotic also detects human drift. If human reviewers start rubber-stamping approvals (rising approval rate, declining reversal rate, increasing consecutive agreement runs), that's a governance gap. Nomotic monitors both sides of the loop.

A behavioral contract is a declared, versioned, cryptographically sealed artifact that specifies exactly how an agent is expected to behave. It bundles the agent's identity, its authorized scope, trust parameters, and behavioral invariants (e.g., "write-to-read ratio must stay below 0.3") into one inspectable, auditable document.

Contracts are continuously verified at runtime. If an agent violates a contract invariant, governance responds. Enterprise compliance teams can review, approve, and audit contracts as tangible governance artifacts. Patent filed.

Take any agent's actual behavioral history and replay it against a different governance configuration. "What if we had applied stricter thresholds during last week's incident?" "How many additional denials would the new contract produce over the last 30 days?" Counterfactual replay answers the "what would have happened if" question that every regulator, auditor, and risk officer actually wants answered. Patent filed.

Nomotic is framework-agnostic. It includes integration guides and adapters for LangGraph, CrewAI, AutoGen, OpenAI SDK, Anthropic Claude, MCP, and HTTP Proxy (for any framework). If your agent can call a Python function, it can be governed by Nomotic. The GovernedAgentBase class provides a universal integration pattern.

Basic governance can be added in three lines of code:

from nomotic import Nomotic
agent = Nomotic.connect("my-agent")
result = agent.execute(action="query", target="database")

For a production deployment with custom archetypes, behavioral contracts, and organizational policies, plan for a few hours of configuration. The nomotic setup wizard walks you through it.

Yes. Nomotic exports to OpenTelemetry for metrics and traces, and the SIEM exporter supports CEF, Syslog, and JSONL formats for integration with Splunk, Datadog, Elastic, and other platforms. The audit trail is also queryable via API for custom integrations.

The audit trail is hash-chained using SHA-256. Each record contains the hash of the previous record, creating a cryptographic chain where any modification, deletion, insertion, or reordering is detectable. Governance seals provide signed, single-use authorization artifacts that serve as cryptographic proof that governance evaluated and approved each action. This meets the evidence standards for EU AI Act Article 12, SOC 2, and HIPAA audit requirements.

Article 9 (risk management): Continuous evaluation across 14 dimensions with behavioral drift detection. Article 12 (record-keeping): Hash-chained audit trail with complete governance provenance. Article 13 (transparency): Reasoning artifacts and governance scorecards for automated reporting. Article 14 (human oversight): Approval queues, bidirectional drift detection, and interrupt authority. The HIPAA-aligned archetype is included out of the box for healthcare deployments.

Nomotic signals interrupts through cooperative handles. When the governance layer determines an action should be stopped mid-execution (drift detected, trust threshold crossed, external escalation), it sets the interrupt flag. The execution layer checks the flag at safe checkpoints and initiates rollback. This cooperative model ensures the agent reaches a safe state rather than being forcibly terminated mid-transaction, which would leave partial state and potential data corruption.

The core governance runtime is open source. All 14 dimensions, trust calibration, drift detection, behavioral fingerprinting, hash-chained audit trail, 25 built-in archetypes, and all framework integrations are included in the free Community edition. Enterprise features (cloud audit sync, governance dashboard, custom dimensions, organizational policies, fleet management, and SLA support) are available in paid tiers.

Community (Free): Full governance runtime, all dimensions, all archetypes, local audit trail. Team ($499/mo per production environment): Cloud sync, dashboard, custom archetypes, human drift detection, fleet management. Enterprise (Custom): Custom dimensions, organizational policies, EU AI Act reporting, SLA guarantees, air-gap deployment, dedicated support.

Yes. The Community edition runs entirely on your infrastructure with pip install nomotic. No data leaves your environment. The Enterprise tier includes air-gap deployment support for regulated environments that require complete data isolation. The governance runtime server can be started with nomotic serve and configured entirely through environment variables.