Today we shipped an important milestone for Substr8 Labs.

A working governance plane for AI agents that integrates with multiple frameworks using MCP. Not a pitch deck. Not a design doc. Actual code running with full integration tests.

We validated the architecture with LangGraph and PydanticAI agents, both interacting with Substr8 governance services.

The Problem

Modern AI agent frameworks are incredibly powerful. They allow agents to:

  • Call tools
  • Query data sources
  • Orchestrate workflows
  • Spawn sub-agents

But they rarely answer the most important operational questions:

  • What version of the agent ran?
  • Was it allowed to perform that action?
  • What data did it access?
  • Can we verify the record later?

Most systems rely on logs. Logs can be modified. Logs can disappear. Logs are not proofs.

Our Approach: A Governance Plane

Instead of replacing agent frameworks, Substr8 sits above them as a governance layer.

Frameworks handle execution. Substr8 handles verification.

The system enforces four core guarantees:

LayerResponsibility
RILRuntime lifecycle orchestration
ACCPolicy enforcement
DCTTamper-evident audit ledger
GAMMemory provenance

Together they form a governance plane for agent actions.

The Integration Strategy: MCP

To make Substr8 usable across frameworks, we expose the platform through an MCP server.

This allows agents to interact with Substr8 using standard tool calls:

Agent Framework
      │
      ▼
  MCP Tools
      │
      ▼
Substr8 Governance Plane

If a framework can call tools, it can use Substr8.

Framework Validation

We validated the architecture with two independent frameworks:

FrameworkAgent RefResult
LangGraphlanggraph:researcher✅ Chain verified
PydanticAIpydantic-ai:researcher✅ Chain verified

Both frameworks successfully executed governed tool calls through MCP. Each action was:

  1. Policy-checked
  2. Logged in the audit ledger
  3. Hash-chained to the previous entry

Example audit chain:

seq 0 → policy_check
seq 1 → tool_call
  prev_hash → sha256:903a858c...
chain_valid → true

This makes the execution record tamper-evident. Modify one entry, and the chain breaks.

Conversation Integrity Assurance (CIA)

We also shipped CIA, a runtime middleware that validates LLM conversations.

CIA ensures tool interactions follow correct structure and can repair malformed sequences.

Importantly: CIA is not called by the agent. It operates automatically inside the runtime.

To make it observable, we exposed a CIA audit surface through MCP:

  • cia.status — Is CIA enabled? What mode?
  • cia.report — How many conversations validated/repaired?
  • cia.repairs — List of repairs with hashes
  • cia.receipts — LLM call receipts (hashes only)

Example receipt:

{
  "request_sha256": "sha256:59427f52...",
  "response_sha256": "sha256:59427f52...",
  "model": "claude-opus-4-5",
  "entry_hash": "88886828f108..."
}

Only hashes and metadata are recorded — no raw prompts.

The MCP Surface

Substr8 currently exposes 12 MCP tools:

RIL (Runtime)

  • run.start
  • run.end
  • tool.invoke

ACC (Policy)

  • policy.check

DCT (Audit)

  • audit.timeline
  • verify.run

GAM (Memory)

  • memory.write
  • memory.search

CIA (Conversation Integrity)

  • cia.status
  • cia.report
  • cia.repairs
  • cia.receipts

What This Means

Any agent framework that supports tool calling can integrate with Substr8 and gain:

  • ✅ Policy enforcement
  • ✅ Tamper-evident audit logs
  • ✅ Memory provenance
  • ✅ Runtime integrity verification

Without replacing its runtime.

The Bigger Picture

Agent frameworks are becoming execution engines.

What’s missing is a governance layer.

Substr8 provides that layer.

Frameworks run agents. Substr8 proves what they did.

What’s Next

  • Validating AutoGen integration
  • Publishing developer examples
  • Packaging the CLI for PyPI
  • Expanding the governance surface

Closing

AI agents are rapidly becoming operational systems.

Operational systems require verifiable accountability.

Substr8 is building the infrastructure to make that possible.

Agents with receipts.