Model Governance
Govern which models an agent may call — not just which APIs. Handle export controls, frontier model restrictions, and emergency suspensions without redeploying.
When you need this
| Scenario | IRIS control |
|---|---|
| Standard models only | Default registry |
| Frontier / cyber-capable models | Tier + export-control + HITL gates |
| Government or provider suspends a model | Directive kill switch + auto-fallback |
| Audit trail required | Evidence Vault |
Cedar model rules
IRIS enforces model governance via Cedar rules evaluated at every inference call:
| Rule | Severity | Trigger |
|---|---|---|
IRIS-MODEL-001 | CRITICAL | Active suspension directive (no fallback) |
IRIS-MODEL-002 | HIGH | Model not in passport allowed_models |
IRIS-MODEL-003 | HIGH | Model tier not in allowed_model_tiers |
IRIS-MODEL-004 | CRITICAL | Export-control: invalid work authorization |
IRIS-MODEL-005 | HIGH | Frontier model requires HITL in staging/production |
Passport allowlists
Set allowed_models and allowed_model_tiers in passport.yaml to restrict which models an agent may call. The registry provides tier metadata; the passport is the per-agent allowlist.
Model registry
Edit governance/models/registry.yaml to declare tiers, export-control status, HITL requirements, and fallback chains.
iris models reload
Directive kill switches
When a model must be suspended org-wide (e.g. government export-control directive), edit governance/directives/active.yaml and merge via PR:
model_id: claude-fable-5
status: suspended
fallback_model: claude-sonnet-4-6
IRIS hot-reloads on the next inference call. No application redeploy.
IrisAnthropic with auto-fallback
client = IrisAnthropic(
passport=passport,
user_work_authorization="us-citizen",
auto_fallback=True,
)
Full guide on GitHub
For the complete reference including passport allowlists and tier definitions: