Monitoring & Witness
Watch what runs in real time. IRIS gives you a live attested feed of every policy decision, continuous drift monitoring, and enforcement verification — all local.
iris list — fleet inventory
List every agent IRIS knows about — governed or not — with owner, frameworks, risk, and last review date.
iris list --filter-ungoverned
iris list --filter-risk critical --format json
iris status — compliance at a glance
Single-pane view of every agent: compliance score, next action, and estimated monthly cost.
iris status --agent loan-processor
Think of it as git status for agent governance.
iris witness — live policy feed
Stream every permit, deny, and warn decision as it happens. Alias: iris watch.
iris witness --agent loan-processor --tail 20
Reads from the Evidence Vault (events.jsonl for live decisions; v2 signed log at evidence_events.jsonl). Shows resource, action, rule ID, user context, and cost when available. See Evidence Vault for the full data model.
iris enforce — verify runtime wiring
Confirms drop-in clients (IrisAnthropic, IrisOpenAI, etc.) or @agent.guard() are actually active in your codebase.
iris sentinel — continuous monitoring
Polls governance posture on an interval: agent count, violations, compliance drift, and cost.
iris drift — posture change detection
Snapshot compliance scores and detect when agents degrade or improve. Optional Slack/email alerts.
iris drift check
iris drift report
iris drift watch --interval 300
iris cost — token spend tracking
Track estimated LLM costs per agent from Evidence Vault events.
iris cost report --agent loan-processor
iris cost alert --monthly 500
iris red-team — adversarial policy testing
Run bypass scenarios against your Cedar policy to find gaps before attackers do.
iris hitl — human approval queue
High-risk actions pause until a reviewer approves or rejects. See HITL & Delegation for the full guide.
iris hitl approve <review-id>
iris hitl reject <review-id> --reason "..."