Regulatory Overlay Map
Authoritative mapping of governance documents to executable node types in the agent execution graph. The demo surfaces this same mapping in its interface, so each node in the agent state machine links to the governance documents relevant to it.
| Node Type | Governance Docs | Relevance Summary |
|---|---|---|
intake | HIPAA readiness, Chile Ley 19.628, CMF Norma 20 | Input handling, PII ingress, jurisdictional compliance |
guardrail_pre | PII redaction, OWASP ATLAS threat model, Voice consent and deepfake | PII detection, adversarial defense, voice consent |
retrieve_context | Data card, Drift detection plan | Data provenance, knowledge base integrity |
generate_response | NIST AI RMF, EU AI Act, Multilingual safety parity | Risk management, regulatory classification, locale safety |
review_response | Audit logging plan, ISO 42001 / SOC 2 | Human-in-the-loop audit, management system controls |
guardrail_post | Data card, Drift detection plan, Audit logging plan | Output verification, citation integrity, audit trail |
closing | ISO 42001 / SOC 2 | Session finalization, management system compliance |
- The mapping is by node type (not instance), so it remains stable across topology changes.
review_responseis only present when the human-in-the-loop review step is enabled; the overlay gracefully handles its absence.- Terminal markers (
start,end) are excluded from governance mapping.