IOF Agents
IOF Agents
Section titled “IOF Agents”IOF Agents are governed AI copilots that operate within the IOF platform boundary. Every agent is scoped to a tenant, auditable via structured events, and approval-gated on every sensitive action. Agents never bypass IOF APIs, ABAC policy enforcement, tenant boundaries, maker-checker, or evidence requirements.
Live catalog: agents.islamicopenfinance.com.
Catalog — 7 governed copilots
Section titled “Catalog — 7 governed copilots”| ID | Name | Focus |
|---|---|---|
evidence-pack | Evidence Pack Agent | Regulator/Shariah board evidence bundles |
reconciliation-investigator | Reconciliation Investigator Agent | Ledger / core / ISO 20022 break analysis |
compliance-governance | Compliance & Governance Agent | Control walkthroughs, gap assessment |
integration-copilot | Integration Copilot | Connector scaffolding, webhook design, SDK snippets |
treasury-alm | Treasury / ALM Agent | Liquidity, FX, profit-rate scenarios |
trade-finance | Trade Finance Agent | LC / guarantee documentation + UCP 600 / ISBP 821 checks |
reporting | Reporting Agent | Internal + regulatory report drafting |
Source of truth: apps/agents/src/app/agents-data.ts (AGENT_CATALOG).
Agent identity
Section titled “Agent identity”Every agent invocation runs under an AgentIdentity principal, a first-class identity type defined alongside Team, SystemAccount, and Workspace in the identity hierarchy. An AgentIdentity is required to have a non-null human supervisor. The Cerbos policy config/cerbos/policies/agent_identity.yaml enforces this on both create and attach_supervisor.
principalType is one of HUMAN, SYSTEM, or AGENT. Agents cannot escalate themselves to HUMAN. Sensitive actions that require human judgement (e.g. approve, sign) are explicitly denied for AGENT principals by the Cerbos policy config/cerbos/policies/agent_invocation.yaml.
Invocation lifecycle
Section titled “Invocation lifecycle”An agent invocation emits the following events in order:
agent.invocation.started— agent accepted the task; inputs capturedagent.invocation.completed|agent.invocation.failed— terminal stateagent.finding.recorded— evidence-tagged output written to the tenant’s data roomagent.approval.requested— when the task reaches an approval-gated actionagent.approval.granted|agent.approval.denied— supervisor decision
Schemas: packages/event-schema-registry/src/schemas/agent-events.ts. Replayable from the audit log.
Governance
Section titled “Governance”| Surface | What it guarantees |
|---|---|
| ABAC (Cerbos) | agent_invocation.yaml requires principalType == "AGENT" and non-null supervisorId to invoke. Only the named supervisor can approve. |
| Approval-gating | approvalGated actions never auto-execute; the agent prepares, the supervisor decides. |
| Audit trail | All events emitted to the webhook stream and persisted in the immutable audit store. |
| Evidence tagging | Every agent output is tagged with source-event IDs so it is reproducible and auditable. |
| Tenant scoping | Every call carries tenant_id; cross-tenant reads are denied at the service PDP. |
See also
Section titled “See also”- Widgets — embeddable UI surfaces that pair with agents
- Trust Center — published attestations for each agent
- Webhook event reference: webhook-explorer