Decision Engine
The Decision Engine is the central orchestrator of Synentra's governance logic. It combines policy evaluation, risk scoring, and semantic analysis into a single, ordered pipeline that produces an Allow, Deny, or Hitl decision for every proxied request.
Evaluation Pipeline
flowchart TD
A[RequestContext] --> B[Policy Evaluation]
B -->|"Deny / HITL (short-circuit)"| X[End: Deny / HITL]
B -->|No match or Allow| C[Risk Scoring]
C -->|Score > threshold → HITL| Y[End: HITL]
C -->|Score ≤ threshold| D[Semantic Analysis]
D -->|Negative verdict → Deny / HITL| Z[End: Deny / HITL]
D -->|No concern| E["Allow (with risk score as trust)"]
Each stage short-circuits — if a stage produces a Deny or Hitl, subsequent stages are skipped.
Stage 1: Policy Evaluation
Runs only if Policy.Enabled = true.
- Builds an input from the
RequestContext. - Evaluate
RequestContext. - If the provider returns
Deny→ engine returnsDeny(reason). - If the provider returns
Hitl→ engine returnsHitl(reason). - Otherwise, evaluation continues.
If no policy is assigned to the agent, this stage is effectively a no-op and returns null (continue).
Stage 2: Risk Scoring
- Compute RiskScore for
RequestContext. - Compares score against
HumanInTheLoop.Threshold(default:0.8). - If score exceeds threshold →
Hitl("High risk score: ..."). - Otherwise, the score is passed to the final Allow result.
Stage 3: Semantic Analysis
Runs only if Semantic.Enabled = true.
- Converts the request to intent text and classifies it.
- If the classification returns a negative / malicious verdict with confidence ≥
ConfidenceThreshold→ Deny or Hitl. - If confidence is below threshold and
AllowLowConfidence = false→ Deny.
Audit Trail
Every decision (Allow, Deny, Hitl) is persisted as an AuditTrail record containing:
- Agent ID
- Decision type and reason
- Target URL, method, path
- Risk score
- Timestamp