SARC: A Runtime Governance Architecture for Agentic AI Systems

Researchers propose the SARC framework, which treats governance constraints for AI Agents as first-class citizens in the system architecture. It achieves executable, verifiable, and auditable constraints through four execution points: pre-execution gating, runtime monitoring, post-action auditing, and escalation routing, aiming to address the current governance dilemmas of Agentic AI systems. Keywords: Agentic AI, AI Governance, SARC Framework, Runtime Constraints, Compliance Architecture, Multi-Agent Systems, AI Security, RegTech.

With the advancement of large language model capabilities, AI Agents are evolving from simple conversational assistants into complex systems capable of autonomous decision-making, tool invocation, and sub-agent coordination. These systems can perform various tasks such as procurement, data analysis, and customer service, but they also bring new governance challenges. The current mainstream approach is to attach governance controls to prompts, dashboards, or post-hoc documents. This architecture creates a structural mismatch in regulated environments: obligations that must constrain behavior during execution are often only evaluated after execution is complete. When an AI Agent has already called a sensitive API or completed an irreversible operation, it is too late to detect violations after the fact.

SARC (Governance-by-Architecture Framework) is a runtime governance architecture for tool-using Agents. Its core innovation lies in treating constraints as first-class specification objects alongside state, action space, and rewards. In SARC, each constraint fully declares the following attributes: Source (regulations, company policies, industry standards), Category (hard prohibition, soft restriction, advisory guidance), Predicate (specific conditions, which can be expressed in formal logic), Verification Point (pre-execution, in-execution, post-execution), Response Protocol (handling methods when violated, such as blocking, warning, recording, escalation), and Operation Point (system boundaries where the constraint applies). This structured constraint declaration enables governance rules to be machine-understandable, automatically executable, and systematically auditable.

SARC compiles constraints into four execution points in the Agent loop: 1. Pre-Action Gate: Before an Agent prepares to execute an action, the gating system evaluates whether the upcoming operation violates any hard constraints, and can block the operation before execution to avoid irreversible consequences; 2. Action-Time Monitor: For long-running or streaming operations, the monitor tracks the execution process in real time, detects signs of deviation from expected behavior, and intervenes immediately; 3. Post-Action Auditor: After the operation is completed, it evaluates whether the execution results comply with all constraints and generates detailed compliance reports to support regulatory audits; 4. Escalation Router: When a constraint violation is detected, it determines the handling method (automatic blocking, manual confirmation, record and continue, etc.) according to preset protocols, balancing security and efficiency.

Theoretical Analysis: The authors define the minimal invariants required to ensure consistency between constraint specifications and actual execution traces; prove that finite reward penalties cannot usually replace hard runtime constraints; and extend to multi-Agent collaboration scenarios through mechanisms such as constraint propagation, permission intersection, and attribution-preserving trace trees. Experimental Evaluation: When compared with baselines like post-hoc auditing, output filtering, workflow rules, and pure policy-as-code on procurement tasks, the results show that SARC achieves zero hard constraint violations; declarative PAA rate-limiting responses reduce soft window overages by 89.5% compared to pure policy-as-code; residual hard violations scale with execution stack errors rather than environmental violation opportunities, proving its effectiveness and reliability.

SARC represents a conceptual shift towards "Compliance as Architecture", where governance is no longer a post-hoc patch but a core component of system design. For highly regulated industries such as finance, healthcare, and government, SARC provides a technical path to meet the regulatory requirements of "explainable, auditable, and controllable". By formalizing governance rules into executable constraints, SARC enables automatic compliance checks, significantly reducing the burden of manual auditing and improving the timeliness and consistency of compliance.

Current Limitations: Formal expression of constraint predicates still requires the participation of domain experts; the computational cost of verifying complex constraints needs further optimization; the interaction interface with human decision-makers needs improvement. Future research directions include more intelligent constraint inference, more efficient verification algorithms, and deep integration with existing enterprise systems.