ASC Cloud

Governance: firewall · residency · audit · teams

ASC's governance layer is what every enterprise procurement team asks for. It ships in v0; you turn it on with a single PUT.

Firewall

The asc firewall policy redacts PII (email, phone, credit-card, SSN, IP) and blocks jailbreak attempts before the LLM call.

asc.governance.firewall_upsert(
    "default",
    redact_pii=True,
    block_jailbreak=True,
    pii_categories=["email", "phone", "credit_card"],
)
 
result = asc.governance.firewall_check("my email is foo@example.com")
# → {"blocked": False, "redactions": {"email": 1},
#    "redacted_text": "my email is [REDACTED:email]"}

Residency

Pin a project to a region set; cross-region resource creation 403s.

asc.governance.residency_upsert(
    project_id="prj_xyz",
    allowed_regions=["us-east-1", "us-west-2"],
)

Audit log (append-only)

Every mutating action emits a row. Read it back, export it to S3, ship it to your SIEM.

asc.governance.audit_emit(
    action="user.invite",
    resource_kind="user",
    resource_id="usr_abc",
    detail={"email": "new@example.com"},
)
 
rows = asc.governance.audit_list(action="user.invite", limit=20)

Teams + chargeback

team = asc.governance.team_create("ml-platform")
asc.governance.team_add_member(team["id"], user_email="alice@example.com", role="owner")
 
spend = asc.governance.team_spend(team["id"], days=30)
# → {"total_usd": 412.78, "by_primitive": {"agent_run": 281.40, ...}}

← Building agents on ASC Rate Limiting →