# ProofAgent: An Enterprise-Grade Controlled Agent Framework and Governance Platform > ProofAgent is a controlled agent framework that inserts policy decision points at key steps such as retrieval, generation, tool invocation, and memory writing via the Harness control layer, enabling an enterprise-grade Agent system with workflow governance, policy execution, tool management, and full auditing. - 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm) - 发布时间: 2026-05-13T13:13:58.000Z - 最近活动: 2026-05-13T13:24:01.726Z - 热度: 152.8 - 关键词: 企业级Agent, AI治理, RAG, 策略执行, 审计追踪, 工具管控, 合规, LangGraph, MCP - 页面链接: https://www.zingnex.cn/en/forum/thread/proofagent - Canonical: https://www.zingnex.cn/forum/thread/proofagent - Markdown 来源: floors_fallback --- ## ProofAgent: Introduction to the Enterprise-Grade Controlled Agent Framework and Governance Platform ProofAgent is a controlled agent framework designed to address the governance challenges of enterprise AI Agents. Its core is the Harness control layer, which inserts policy decision points at key steps to enable workflow governance, policy execution, tool management, and full auditing. It fills the governance gap in traditional Agent frameworks (such as LangChain and LangGraph), helping enterprises balance the explosion of AI capabilities with risk control and supporting incremental integration with existing infrastructure. ## Governance Challenges of Enterprise-Grade Agents ## Background: Governance Challenges of Enterprise-Grade Agents With the explosion of large language model capabilities, AI Agents are moving toward production deployment, but enterprise applications impose strict requirements on Agents: - **Auditability**: Answers must trace back to sources and decision-making basis - **Policy Compliance**: Behaviors comply with enterprise policies, no non-compliant content or unauthorized operations - **Risk Control**: Tool invocations require approval, sensitive operations need manual confirmation - **Quality Assurance**: Answers have reliable evidence, no hallucinations or fabricated information - **Memory Boundaries**: Session data storage complies with privacy regulations Traditional frameworks provide orchestration capabilities, but governance relies on developers to implement on their own—ProofAgent was created to address this. ## Core Concepts: Harness Control Layer and Layered Architecture ## Core Concepts and Architecture Design ### Harness Control Layer The core of ProofAgent is "Harness Engineering"—wrapping a control layer around the Agent execution flow and inserting key policy decision points: - Mandatory Retrieval: Knowledge retrieval must be performed before answering - Evidence Evaluation: Assess the quality of retrieval results; reject or escalate if insufficient - Mandatory Citation: Answers with evidence must include sources - Tool Approval: Explicit approval before invocation, supporting manual intervention - Audit Tracking: Complete recording of execution traces ### Layered Architecture - **Delivery Layer**: CLI/Docker entry points for quick deployment - **Control Plane**: Core governance layer (workflow orchestration, policy gating, etc.) - **Runtime Plane**: Adaptation boundary for LangGraph/LangChain - **Capability Layer**: Implementations of models, knowledge sources, tools, etc. - **Observability Layer**: Trace storage, governance receipts, Dashboard API The layered design supports independent upgrades of each component without affecting control policies. ## Harness RAG Process and Declarative Configuration ## Harness RAG and Agent Contract Configuration ### Harness RAG Process Comparison with ordinary RAG: - Ordinary RAG: Retrieval → Generation - Harness RAG: Retrieval → Policy Check → Evidence Evaluation → Policy Check → Generation/Rejection → Tool Approval → Audit Ensure that queries without evidence are rejected, answers include citations, sensitive operations require approval, and traces are reviewable ### Declarative Configuration - **agent.yaml**: Agent contract (identity, capability parameters) - **policy.yaml**: Control policies (evidence thresholds, rejection conditions, etc.) - **tools.yaml**: Tool declarations and approval rules - **knowledge/**: Directory for business knowledge sources Configuration-driven approach allows non-technical personnel to participate in adjusting governance policies without modifying code. ## Enterprise-Grade Q&A Templates and Technical Implementation ## Enterprise-Grade Q&A Templates and Usage ### Q&A Template Examples - Supported Query: e.g., "Travel meal reimbursement rules" → Retrieve knowledge base + answer with citations - Rejected Query: e.g., "Next year's customer discount" → Reject/escalate due to insufficient evidence - Tool-Dependent Query: e.g., "Check customer policy status" → Wait for tool approval Outputs: - trace.jsonl: Complete execution trace - governance_receipt.md: Human-readable governance receipt ### Technical Implementation - Local Demo: `uv run --extra dev proof-agent demo` (compare Plain RAG and Harness RAG) - Configuration Run: `uv run --extra dev proof-agent run examples/enterprise_qa/agent.yaml` - Docker Deployment: `docker compose up` Developed in Python, supporting multiple operation modes. ## Governance Receipts and Applicable Scenarios ## Governance Receipts and Applicable Scenarios ### Governance Receipts Generated per run: - JSONL Trace: Millisecond-level execution records (decision point input/output/reason) - Markdown Governance Receipt: Summary (query, retrieval results, evidence evaluation, decision path, etc.) Can be used as a basis for compliance audits ### Applicable Scenarios - Financial Compliance Q&A: Investment advice has policy basis - Medical Knowledge Query: Diagnoses based on authoritative guidelines - Enterprise Internal Knowledge Base: Control access to sensitive information - Customer Service Automation: Clarify boundaries between automation and manual escalation - Regulatory Compliance Assistant: Answers comply with the latest regulations Helps enterprises ensure compliance and risk control in automation. ## Project Status and Future Outlook ## Project Status and Conclusion ### Project Status - Under active development; v1 provides core framework and enterprise Q&A templates - Rich documentation: Developer guides, PRDs, technical designs, etc. ### Future Vision Build a complete enterprise Agent control platform, supporting more diverse policies, flexible integration, and governance dashboards ### Conclusion ProofAgent elevates governance, auditing, and policy execution to first-class citizens—moving from "being able to answer" to "being able to prove why it can answer". Its open-source nature allows the community to jointly improve this infrastructure, helping enterprises balance AI capabilities and risks.