How AGA Compares

OPA evaluates policy at decision points using Rego rules. It answers “is this action permitted?” but does not enforce the decision at runtime, does not produce signed proof that enforcement occurred, and does not generate offline-verifiable evidence bundles. AGA complements OPA by adding a mandatory enforcement boundary (the Portal), signed enforcement receipts, and tamper-evident evidence chains. Organizations using OPA for policy evaluation can layer AGA for cryptographic proof that decisions were enforced.

Sigstore provides supply-chain attestation — signing artifacts at build time to prove provenance and integrity before deployment. It answers “was this artifact built correctly?” AGA operates at a different layer: runtime enforcement after deployment. Sigstore proves a model was signed before release. AGA proves the deployed system operated within its governance parameters during execution. They are complementary, not competing — Sigstore for supply chain, AGA for runtime.

Blockchain-based audit trails provide append-only storage with consensus-verified integrity. They solve the immutability problem but introduce latency, cost, and infrastructure dependencies that make them impractical for real-time AI governance. AGA achieves tamper evidence through hash-linked receipt chains and Merkle proofs without requiring distributed consensus, external infrastructure, or network connectivity. Evidence bundles are verifiable offline using standard cryptography.

Trusted Execution Environments provide hardware-isolated computation. They prove code ran in a protected enclave but do not prove the code implemented correct governance policy, do not produce portable evidence bundles, and are tied to specific hardware vendors. AGA is provider-agnostic and produces evidence that can be verified on any system with standard Ed25519 and SHA-256 libraries. TEEs can strengthen AGA deployments by protecting the Portal runtime, but they are not sufficient for governance on their own.

Conventional monitoring systems detect anomalies but produce mutable log entries that can be altered after the fact. AGA generates signed BEHAVIORAL_DRIFT receipts when tool-call patterns shift beyond authorized baselines. Each receipt is hash-linked into the Continuity Chain, creating tamper-evident proof that a drift event occurred, what the deviation was, and what enforcement action followed. The signed receipt is portable and verifiable offline.

When an agent attempts to bypass governance controls, AGA can respond with phantom execution: spoofed tool responses that appear successful to the agent while capturing the full bypass sequence. The agent continues its unauthorized behavior against fabricated results, generating a complete forensic record of the attempted exploit. Every step is recorded in signed receipts. No other governance system captures bypass attempts this way.