Skip to main content
Private BetaContact us to get set up.
Char governance is integration-based. You choose the policy provider. Char handles tool execution orchestration and propagates provider decisions to runtime metadata and UI.

Trust boundaries

  • IdP provides authoritative identity, group, and role context.
  • Governance provider provides authoritative policy outcomes.
  • UI hints and badges are advisory only and should not be trusted for enterprise governance.

Supported models

ModelWho owns policy logicIntegration path
LangGuardLangGuardConfigure interceptor URL + API key
BYO ProviderYour team or vendorImplement the interceptor contract

Integration contract

Every provider must accept an interceptor/validate request and return:
  • success to allow tool execution
  • notify to allow execution with warnings
  • failure to block execution
See Policy Decision Point for the exact JSON-RPC request/response contract.

Why this model

  • You keep governance vendor choice and can switch providers later.
  • Char does not require maintaining provider-specific policy engines.
  • Tool-call policy outcomes remain portable through shared metadata.
  • If no provider is configured or enabled, tool calls explicitly bypass governance checks.