How AGA Compares

OPA evaluates policy at decision points using Rego rules. It answers “is this action permitted?” but does not enforce the decision at runtime, does not produce signed proof that enforcement occurred, and does not generate offline-verifiable evidence bundles. AGA complements OPA by adding a mandatory enforcement boundary (the Portal), signed enforcement receipts, and tamper-evident evidence chains. Organizations using OPA for policy evaluation can layer AGA for cryptographic proof that decisions were enforced.

Sigstore provides supply-chain attestation — signing artifacts at build time to prove provenance and integrity before deployment. It answers “was this artifact built correctly?” AGA operates at a different layer: runtime enforcement after deployment. Sigstore proves a model was signed before release. AGA proves the deployed system operated within its governance parameters during execution. They are complementary, not competing — Sigstore for supply chain, AGA for runtime.

Blockchain-based audit trails provide append-only storage with consensus-verified integrity. They solve the immutability problem but introduce latency, cost, and infrastructure dependencies that make them impractical for real-time AI governance. AGA achieves tamper evidence through hash-linked receipt chains and Merkle proofs without requiring distributed consensus, external infrastructure, or network connectivity. Evidence bundles are verifiable offline using standard cryptography.

Trusted Execution Environments provide hardware-isolated computation. They prove code ran in a protected enclave but do not prove the code implemented correct governance policy, do not produce portable evidence bundles, and are tied to specific hardware vendors. AGA is provider-agnostic and produces evidence that can be verified on any system with standard Ed25519 and SHA-256 libraries. TEEs can strengthen AGA deployments by protecting the Portal runtime, but they are not sufficient for governance on their own.