Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.velatir.com/llms.txt

Use this file to discover all available pages before exploring further.

What Are Roles?

A role defines how much authority an agent has when it detects something. Every agent is assigned exactly one role, and that role governs what the agent can do in response to its findings.

The Two Roles

The Observer role watches and records. When an agent operating as an Observer detects a risk, it logs the finding but takes no further action. Your team can review these logs at any time.Best for:
  • Initial rollout when you want to understand your risk landscape
  • Low-risk workspaces where visibility is sufficient
  • Gathering data before deciding on stricter enforcement
What happens: Every finding is logged and visible in your dashboard. No notifications are sent. No traces are interrupted.
The Enforcer role gives you the highest level of control. It can block traces outright and escalate flagged traces to your connected channels.Best for:
  • High-risk workspaces handling sensitive data
  • Regulated industries with strict compliance requirements
  • Scenarios where a compliance violation must be prevented
What happens: Blocked traces are stopped immediately. Escalated traces are pushed to the channels you have configured so the right people are notified.

What Are Intents?

An intent is the agent’s evaluation of a specific trace. After analysing a trace against its rules, the agent produces one of three intents.
IntentMeaning
AllowThe trace is compliant and can proceed normally.
BlockThe trace poses a risk and should be stopped.
EscalateThe trace warrants notifying the team.
An intent represents what the agent thinks should happen. The agent’s role determines what actually happens.

Action Resolution

The combination of an agent’s role and its intent determines the final action. Use this matrix as your reference.
AllowBlockEscalate
ObserverLogLogLog
EnforcerLogBlockNotify connected channels
Key takeaways from this matrix:
  • An Observer always logs, regardless of intent. It never interrupts anything.
  • Only an Enforcer can block a trace or fan an escalation out to your connected channels.

Choosing the Right Role

1

Start with Observer

Deploy agents in Observer mode first. This gives you a clear picture of what your agents are detecting without any disruption to your team. Run in this mode for at least one to two weeks.
2

Review your findings

Examine the logs to understand your risk profile. Look at what would have been blocked or escalated. Identify which agents are surfacing the most relevant findings.
3

Promote to Enforcer where needed

For high-risk areas where violations must be prevented, promote agents to Enforcer mode. Reserve this for workspaces and agents where the cost of a violation outweighs the cost of occasional interruption.

Next Steps

Configuring Agents

Set up roles at the organisation and workspace level.

Understanding Agents

Review the available agents and what each one covers.