Agent Governance: ALLOW/FRICTION/REVIEW/BLOCK Decision Patterns

AI agents can search your catalog, compare prices, build carts, and initiate payments. But should they be able to do all of that without any oversight? The answer depends on the action, the amount, the agent's trust history, and the merchant's risk tolerance. Agent governance is the framework that makes these decisions systematic rather than ad-hoc. Without it, every agent interaction is either fully open — creating risk — or fully blocked — losing revenue. The KYAI Policy Engine solves this by introducing four decision levels that apply to every agent action.

In traditional e-commerce, governance is implicit. A human buyer navigates your store, and the store's UX guides and constrains their behavior. Checkout limits, quantity caps, and fraud detection work because a human is in the loop. With AI agents, that implicit governance disappears. An agent can execute hundreds of actions per minute, process complex multi-step flows, and interact with your systems in ways your checkout flow was never designed to handle. Without explicit governance rules, merchants face two bad options: block agents entirely and miss the opportunity, or allow everything and accept uncontrolled risk.

The KYAI Policy Engine evaluates every agent action against a chain of rules and assigns one of four decision levels. Each level represents a different balance between speed and safety.

KYAI evaluates rules in a defined order, and the most restrictive matching rule wins. The rule chain includes five standard rules that every merchant starts with: amount limit check (blocks transactions above the merchant's configured maximum), velocity check (adds friction when an agent exceeds a threshold of actions per time window), trust score check (requires review for agents below a minimum trust level), category restriction (blocks purchases of prohibited product categories), and protocol validation (ensures the payment protocol meets the merchant's requirements). Merchants can customize thresholds, add custom rules, and override defaults for specific agents or agent classes.

Every merchant has different risk tolerance and operational capacity. A small boutique might set a low REVIEW threshold at $100 and BLOCK at $500. A large marketplace might ALLOW up to $1,000 and only REVIEW above $5,000. The configuration is declarative — merchants define rules in their dashboard or via API, and KYAI applies them consistently to every agent interaction. The key principle is that merchants own their governance policy. The platform provides the engine, the defaults, and the tooling, but the merchant decides what is allowed, what needs friction, what requires review, and what is blocked.

Trust scores and governance are deeply connected. An agent's trust score is a dynamic value that reflects its history: how many successful transactions it has completed, whether it has triggered chargebacks or disputes, how consistently it provides accurate user information, and whether it follows stated policies. Higher trust scores can unlock more permissive governance rules. A brand-new agent might face FRICTION on a $50 purchase, while a well-established agent with a high trust score might get ALLOW on a $500 purchase from the same merchant. This creates a natural incentive for agents to behave reliably.