Prism: Adaptive Runtime Enforcement

1. The Closed-Loop Training Pipeline

The heart of Prism is the **Flywheel Effect**. While traditional solutions rely on static rules, Prism uses a feedback loop that allows your safety layer to learn the specific nuances of your proprietary APIs and workflows.

The Four-Phase Flywheel

  1. **Observe (Telemetry & Drift)**: Deploy policies in dry_run mode. Prism captures agent intents and calculates "Semantic Drift" against a known baseline, flagging deviations before they become risks.
  2. **Review (Human-in-the-Loop)**: Use the Prism UI to inspect decisions. Domain experts review the "evidence chain" and provide feedback (Correct/Incorrect) on whether an action should have been allowed or blocked.
  3. **Export (Dataset Generation)**: Validated feedback is exported as a high-quality JSONL dataset. This turns your production traffic into a specialized training set for agent safety.
  4. **Evolve (Model Fine-Tuning)**: The dataset is used to fine-tune the semantic encoder. The updated model is then hot-swapped back into the Prism stack, resulting in higher precision and lower latency for future decisions.

Or deploy as a server:

Docker Run the full stack with a single `docker compose up` Get started → Kubernetes Deploy to any Kubernetes cluster using the official Helm chart Get started →

Quickstart: The Local Stack

Run one command to install Prism, and start the full stack locally:

curl -fsSL https://fencio.dev/install.sh | bash

Or install manually:

# Clone and enter repo
git clone https://github.com/fencio-dev/prism && cd prism

# Start the Intelligence Layer (Data Plane + Management Plane + MCP)
make run-all

# Launch the Control Plane (Web UI)
cd ui && npm install && npm run dev

2. Runtime: Autonomous Action Runtime Enforcement (AARM)

Prism implements the [AARM](https://aarm.dev) standard to execute the decisions generated by its intelligence layer. This ensures that every intent is governed by a consistent lifecycle:

  • **ALLOW**: The intent is verified as safe and proceeds to execution.
  • **DENY**: The intent is blocked; the agent is notified of the boundary violation.
  • **MODIFY**: Parameters are dynamically rewritten (e.g., masking PII or capping a high-risk budget) before the tool is called.
  • **STEP_UP**: High-risk actions trigger an authentication or human-approval request.
  • **DEFER**: The decision is offloaded to an external organizational governor.

3. Intelligence Layer: Semantic Understanding

Prism doesn't rely on brittle regex. It understands **Intent**.

  • **Semantic Slices**: We map your "Design Boundaries" into a **128-dimensional vector space**. Policies are enforced based on semantic proximity to these clusters.
  • **Drift Detection**: Prism computes a "baseline" for every session. If an agent's behavior shifts away from its intended purpose (often due to prompt injection or model hallucination), Prism detects the "Semantic Drift" in real-time.
  • **Default Encoder**: Powered by [redis/langcache-embed-v3-small](https://huggingface.co/redis/langcache-embed-v3-small) (384d), optimized for high-speed local inference.

For implementation details, see [API →](/docs/implementation/api) and [CLI →](/docs/implementation/cli)