Catch Drift While the Agent Is Still Running
Reconciling after a run is good; stopping a bad action mid-flight is better. Each proposed step is checked against the sealed mission and the running state - a risky step is held, and a tampered or expired session is halted entirely.
Illustrative product view
Two responses: hold the step, or halt the session
Not every deviation is equal. A single payment that drifts outside the envelope should be held without killing an otherwise-good run. But a change to the agent’s identity, a tampered mission hash, or an expired authority window compromises the whole session - so it is halted entirely. Governing at the session level, in real time, is what turns post-hoc reconciliation into prevention.
| What happened | Response |
|---|---|
| Invoice added after the mission was sealed | Hold that step |
| Payment exceeds the per-item cap | Hold that step |
| Vendor or bank account changed | Hold that step |
| Running aggregate exceeds the cap | Hold that step |
| Executing-agent identity changed | Halt the session |
| Mission expired or hash tampered | Halt the session |
Bound to a sealed mission
A session is bound to the same Mission Envelope that authorized it. Because the mission is sealed with a hash, any tampering is detectable, and because it carries an expiry, an agent that runs past its window loses authority automatically. The session governor evaluates each proposed action against both the sealed authorization and the state accumulated so far in the run.
Frequently asked questions
What is agent session governance?
It binds a sealed mission to a live execution session and evaluates every proposed action as it happens, holding a single risky step or halting the whole session when the run is compromised.
What is the difference between a hold and a halt?
A hold stops one affected action - an over-cap payment, a late-added invoice - while the rest of the run continues. A halt stops the entire session, triggered by identity change, mission tampering, or expiry.
How is this different from reconciliation?
Reconciliation checks after the run finished. Session governance checks during the run, so a bad action can be stopped before it completes rather than merely reported afterward.
What makes a session trustworthy?
It is bound to a hash-sealed mission with an expiry. Tampering breaks the hash and halts the session; running past the window revokes authority automatically.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
Put a decision - with proof - in front of every action
See how Fintra decides allow / step-up / hold / block per action and writes each verdict to a tamper-evident ledger.
Talk to us