Use cases

Approve the risky
actions. Block the rest.

consensus.tools handles the decisions where being wrong is expensive: gatekeeping, approval, and classification for the actions that ship a bug, send the wrong email, or break prod.

Agentic Workflow Decision Gates

A brake pedal for autonomous systems: it stops irreversible actions before they run.

Action Approval Gate

High Risk

Should the agent proceed with an irreversible action (send email, push code, execute trade)?

PolicySUPERMAJORITY
Guardagent-action
On BlockPage oncall + block action

Tool Selection Arbitration

Medium Risk

Which tool should be used next? API vs scraper vs human escalation.

PolicyMAJORITY_VOTE
Guardagent-action
On BlockFallback to safe default tool

Plan Selection Consensus

High Risk

When multiple agents propose plans, pick the one that is safest and most efficient.

PolicySUPERMAJORITY
Guardagent-action
On BlockQueue for human review

Risk-Weighted Communication

Deciding how careful an agent should be whenever it talks to a real person.

Outbound Email Approval

Medium Risk

Should this email be sent as-is, softened, or withheld?

PolicyMAJORITY_VOTE
Guardsend-email
On BlockHold in draft queue

Legal / Compliance Check

High Risk

Does this wording introduce legal or contractual risk?

PolicyHUMAN_IN_THE_LOOP
Guardpublish
On BlockBlock + escalate to legal

Negotiation Posture Selection

High Risk

Push back, concede, delay, or counter?

PolicySUPERMAJORITY
Guardagent-action
On BlockQueue for human review

Change Management

Catch config and API changes that quietly break backward compatibility.

Config Change Approval

High Risk

Is this infrastructure or configuration change safe to apply now?

PolicySUPERMAJORITY
Guarddeployment
On BlockRevert and notify team

Feature Flag Arbitration

Medium Risk

Should this experimental feature be enabled, disabled, or rolled back?

PolicyMAJORITY_VOTE
Guarddeployment
On BlockHold change pending review

API Version Deprecation

High Risk

Is it the right time to sunset this version based on usage and stability?

PolicyHUMAN_IN_THE_LOOP
Guarddeployment
On BlockBlock + require explicit approval

Escalation & Acceptance

Defining the human handoff line and what becomes "source of truth".

Acceptance Gates

High Risk

Gate agent output: accept or reject, publish or sandbox.

PolicySUPERMAJORITY
Guardcode-merge
On BlockBlock merge + page reviewer

Escalation Thresholds

Medium Risk

Does this issue warrant immediate human intervention or further automation?

PolicyVETO_BASED
Guardagent-action
On BlockEscalate to senior oncall

Verification & Validation

Low Risk

Did the calculation or test actually pass the bar you set?

PolicyMAJORITY_VOTE
Guardagent-action
On BlockLog warning + continue

OWASP Top 10 Security Risks

Every OWASP Top 10:2021 risk mapped to a guard type, consensus policy, and block resolution.

A01:2021

Broken Access Control

High Risk

Agent attempts privilege escalation or accesses resources outside its authorization scope.

PolicyVETO_BASED
Guardpermission-escalation
On BlockBlock + append audit trail
A02:2021

Cryptographic Failures

High Risk

Code change introduces plaintext secrets, weak ciphers, or unencrypted data in transit.

PolicySUPERMAJORITY
Guardcode-merge
On BlockBlock merge + trigger security review
A03:2021

Injection

High Risk

Agent-generated tool call contains SQL, command, or prompt injection patterns.

PolicyVETO_BASED
Guardagent-action
On BlockBlock all injection-flagged calls
A04:2021

Insecure Design

High Risk

Proposed architecture lacks threat modeling or skips required security controls.

PolicyHUMAN_IN_THE_LOOP
Guardcode-merge
On BlockBlock + route to security design review
A05:2021

Security Misconfiguration

High Risk

Deployment config exposes debug endpoints, default credentials, or permissive CORS.

PolicySUPERMAJORITY
Guarddeployment
On BlockRevert deploy + page oncall
A06:2021

Vulnerable & Outdated Components

Medium Risk

Merge introduces a dependency with a known CVE or CVSS score above threshold.

PolicyMAJORITY_VOTE
Guardcode-merge
On BlockHold PR + trigger dependency scan
A07:2021

Identification & Auth Failures

High Risk

Auth bypass, weak session management, or brute-force path detected in agent action.

PolicyVETO_BASED
Guardpermission-escalation
On BlockBlock + force re-authentication
A08:2021

Software & Data Integrity Failures

High Risk

Release pipeline includes unverified artifacts, tampered builds, or unsigned packages.

PolicySUPERMAJORITY
Guarddeployment
On BlockBlock release + integrity alert
A09:2021

Security Logging & Monitoring Failures

Medium Risk

Deployment would disable or misconfigure audit logging, alerting, or anomaly detection.

PolicyMAJORITY_VOTE
Guarddeployment
On BlockHold + inject required audit hooks
A10:2021

Server-Side Request Forgery

High Risk

Agent initiates an outbound request to an internal or metadata endpoint.

PolicyVETO_BASED
Guardagent-action
On BlockBlock + log full request context

The consensus.tools pattern

Most agent failures come from acting when they shouldn't. consensus.tools makes them ask first.

GatekeepingApprovalClassificationVerificationSecurity