Actor Governance
Rivaro governs agents and users (actors) based on their cumulative behavior over time — not just individual requests. Trust scores, automatic escalation, and a tamper-evident audit trail give you continuous control over every actor in your AI estate.
Zero Trust Model
Rivaro starts every actor at a trust score of 0. Trust is never assumed — it must be earned through approved identity and clean behavior. The maximum trust any actor can reach is determined by their identity strength.
Trust Score
Every actor has a trust score between 0 and 100. It is dynamic — it changes in real time as the actor behaves.
How trust is earned
| Event | Trust change |
|---|---|
| Admin approves the agent | Initial grant (default: +50.0) |
| Clean interaction (ALLOW decision) | +0.2 per interaction (configurable) |
| Behavioral stability — stable agent | Normal earn rate |
| Behavioral stability — cold start (<5 interactions) | 0.5× earn rate |
| Attack chain pattern detected | 0× earn rate (no trust gain) |
Trust ceilings by identity strength
| Identity strength | Maximum trust |
|---|---|
| BASIC (unknown/unregistered) | 25 |
| STANDARD (registered, no approved assets) | 50 |
| VERIFIED (registered + approved asset) | 80 |
| STRONG (approved asset + verified user binding) | 95 |
How trust degrades
| Event | Trust change |
|---|---|
| Policy violation detected | −1.0 per violation (configurable) |
| TERMINATE action | −100 (score drops to 0) |
Trust restoration (passive recovery over time) is available but disabled by default. When enabled: +0.5 per day, capped at the actor's maximum trust ceiling.
Risk Score
For each enforcement decision, Rivaro computes a risk score (0–100) from four components:
| Component | Formula | Max contribution |
|---|---|---|
| Signal risk | Based on detection severity (LOW: 10, MEDIUM: 30, HIGH: 60, CRITICAL: 100) | 100 |
| Violation risk | min(effectiveViolations × 2.0, 50.0) | 50 |
| Trust risk | (100 − trustScore) × 0.3 | 30 |
| Session risk | Credentials accessed (+30), sensitive data + outbound (+20), high event volume (+10) | 50 |
The final score is: min((signal + violation + trust + session) × recencyMultiplier, 100). Violations within the last 24 hours apply a recency multiplier (default 1.5×).
Risk levels
| Risk level | Threshold (default) | What triggers it |
|---|---|---|
| MINIMAL | Score < 40 | Normal operation |
| ELEVATED | Score ≥ 40 or violations ≥ warn threshold | Increased monitoring |
| HIGH | Score ≥ 60 or trust < 40 | Rate limiting |
| CRITICAL | Score ≥ 80 or trust < 30 | Quarantine or termination |
Automatic Escalation
When risk levels climb, Rivaro automatically applies progressively stricter actions. Each tier is individually configurable and can be disabled.
| Risk level | Automatic action | What happens |
|---|---|---|
| MINIMAL | — | Normal operation, no action |
| ELEVATED | WARN | Violation logged with elevated visibility in the dashboard |
| HIGH | RATE_LIMIT | Actor throttled to 10–20 requests/minute |
| CRITICAL | QUARANTINE | All requests blocked; actor enters quarantine queue for admin review |
| CRITICAL + repeat | TERMINATE | Actor permanently blocked (requires admin reactivation) |
Quarantine thresholds (defaults)
| Setting | Default |
|---|---|
| Quarantine threshold (violations) | 20 |
| Termination threshold (violations) | 50 |
| Trust score — HIGH risk trigger | < 40 |
| Trust score — CRITICAL trigger | < 30 |
All thresholds are configurable per organization in Settings > Governance Policy.
Governance Presets
Three preset governance configurations are available:
| Preset | Description |
|---|---|
| LENIENT | Higher thresholds, slower escalation — suitable for development environments or low-risk internal tooling |
| DEFAULT | Balanced — the defaults described above |
| STRICT | Lower thresholds, faster escalation — recommended for production agents handling sensitive data |
Quarantine
When an actor is quarantined (automatically or manually):
- All proxy requests return 403 immediately
- The actor appears in the Governance > Quarantine Queue in the dashboard
- An admin must review and either release or terminate the actor
- On release: violation count resets to the clock since release (not lifetime total), and trust score begins recovering
Time-aware violation counting
When an admin releases a quarantined actor, the violation clock resets. Subsequent escalation triggers are based on violations since the last reactivation, not lifetime totals — preventing reactivated actors from being immediately re-quarantined.
Termination
When an actor is terminated:
- All proxy requests are permanently blocked
- Trust score drops to 0
- The actor cannot be reactivated through normal flows — requires explicit admin reactivation
- This is reserved for severe, repeated, or malicious policy violations
Manual Actions
Administrators can manually quarantine, terminate, or reactivate any actor regardless of their current risk level:
| Action | Where |
|---|---|
| Quarantine | Dashboard: Agents > [Agent] > Quarantine, or POST /api/governance/actors/{actorId}/quarantine |
| Terminate | Dashboard: Agents > [Agent] > Terminate, or POST /api/governance/actors/{actorId}/terminate |
| Reactivate | Dashboard: Governance > Quarantine Queue > Release, or POST /api/governance/actors/{actorId}/reactivate |
Governance History
Every governance decision — automatic or manual — is recorded in a tamper-evident audit trail. Each record is cryptographically chained to the previous one (using content hashes) so the history cannot be altered retroactively.
What's recorded
| Field | Description |
|---|---|
action | ALLOW, WARN, RATE_LIMIT, QUARANTINE, TERMINATE, or OBSERVE |
reason | Human-readable decision rationale |
riskLevel / riskScore | Risk assessment at time of decision |
actorTrustBefore | Trust score before this decision |
actorViolationsBefore | Violation count before this decision |
actorStatusBefore / actorStatusAfter | Status change |
decidedAt | Exact timestamp of decision |
signalType / signalSeverity | The detection that triggered this decision |
overridden | Whether an admin manually overrode this decision |
contentHash / previousRecordHash | Cryptographic chain-of-custody hashes |
Access governance history in the dashboard at Governance > History or via GET /api/governance/history/{actorId}.
Disabling Automatic Actions
Automatic quarantine and termination can be disabled per organization. When disabled, Rivaro still calculates risk scores and trust scores and surfaces warnings in the dashboard — but takes no automatic blocking action. Useful during initial rollout or for non-production environments.
Next steps
- Agent Management — Agent profiles, ownership, and identity strength
- Sessions — How session context feeds into risk scoring
- Enforcement & Policies — Per-request policy enforcement
- Compliance Reporting — Use governance history in compliance reports