Federation Command — Governance You Can Talk To
Inspiration
"Who governs the AI governors?" Organizations are running AI agents across AWS, Azure, OpenAI, and LangChain — thousands of autonomous actions per hour — with no real oversight. A single rogue agent can exfiltrate HIPAA data, blow past spending limits, or operate outside approved regions without anyone noticing.
We were inspired to build governance you can actually talk to: a command center that doesn't just log actions but lets operators speak to the system, get AI-powered analysis, and enforce policies in real time — so the "federation" of agents stays under human control.
What It Does
Federation Command (SriKavach Nova AI) is a real-time AI governance platform that:
- Enforces a 9-rule policy engine — Jurisdiction, data classification, FOUR_EYES dual approval, trust gates, daily caps, business hours, and cross-domain rules. First-deny-wins; first-escalate-wins; then allow.
- Voice-first command — Operators talk to the Commander via Amazon Nova 2 Sonic for hands-free governance, interrupt cascades, and overrides.
- AI-powered analysis — Nova 2 Lite generates incident reports, threat assessments, and governance summaries from violations.
- Trust-adaptive autonomy — Agents gain or lose trust from behavior; low-trust agents are denied or quarantined automatically.
- Tamper-evident audit — SHA-256 hash-chained governance ledger with cryptographic verification.
- 3D agent network — Interactive Three.js view of all monitored agents across ecosystems.
- Multi-agent hierarchy — Commander delegates to Governance, Billing, and Org specialist agents.
- DEFCON 1 global purge — One command quarantines all agents across the federation.
Demo flows include rogue agent detection (deny + trust drop + Nova incident report), FOUR_EYES approval (CTO + CFO), cross-border compliance (e.g. EU→US blocked), and voice override halting all agents.
How We Built It
- Backend — FastAPI (Python 3.11), 9-rule policy engine, Pydantic models, 40+ REST endpoints, SSE for real-time events. DynamoDB Local (or DynamoDB) for agents, policies, decisions, ledger, billing, org.
- Voice Gateway — FastAPI + WebSocket bridge to Nova 2 Sonic for speech-to-speech; supports interrupt cascade and override.
- Frontend — React 18, TypeScript, Vite, Three.js (React Three Fiber) for the 3D agent graph, TailwindCSS, Recharts. Nginx in Docker for static + proxy.
- AI — Nova 2 Lite (Bedrock) for policy reasoning, incident analysis, threat assessment; Titan Embeddings for semantic policy matching.
- Deployment — Docker Compose: app, gateway, frontend, DynamoDB Local. Healthchecks, mock mode (no AWS creds needed for judges).
Built for the Amazon Nova AI Hackathon (#AmazonNova).
Challenges We Ran Into
- Policy semantics — Making first-deny-wins and first-escalate-wins consistent across nine rules and keeping the chain understandable for audits.
- FOUR_EYES enforcement — Ensuring two distinct approvers (e.g. CTO then CFO) with no way for the same identity to approve twice.
- Voice + real-time UX — Wiring Nova 2 Sonic so operators could interrupt and override without lag, and reflecting "override detected" clearly on the dashboard.
- Judge-friendly demo — One-command Docker setup, mock Nova/DB so judges can run everything without AWS keys, plus scripted scenarios (dispatch, rogue agent, DEFCON 1, ledger verify) that tell a clear story in a few minutes.
Accomplishments That We're Proud Of
- Full governance loop — From agent action → 9-rule evaluation → allow/deny/escalate → ledger → trust update → Nova incident report when needed.
- Voice-first governance — Real speech-to-speech with Nova 2 Sonic and interrupt cascade so operators can say "stop" and halt the federation.
- Cryptographic audit trail — SHA-256 hash-chained ledger with a "Verify Chain" check so regulators can trust ordering and integrity.
- Cross-ecosystem view — One dashboard over agents across AWS, Azure, OpenAI, LangChain with a 3D network and DEFCON 1 purge across all of them.
- Zero-friction judging —
docker compose up --buildand openhttp://localhost:10013; no AWS account required in mock mode.
What We Learned
- Governance has to be observable and interruptible — Logs alone aren't enough; operators need real-time visibility and a voice channel to override.
- Policy engines need a clear evaluation model — First-deny-wins and first-escalate-wins made the 9-rule engine predictable and explainable for both engineers and compliance.
- Trust as a score works — Letting agents earn/lose trust and gating autonomy on it gave a simple lever for "governance you can tune" without turning everything off.
- Nova Lite + Sonic fit governance well — Lite for structured reasoning (incidents, threats); Sonic for natural, hands-free command and response.
What's Next for Federation Command
| Timeline | Milestones |
|---|---|
| Q2 2026 | Federated multi-tenant (cross-org policy gating), automated compliance reports (SOX/HIPAA/GDPR from the ledger), policy DSL editor, full Nova Sonic voice-to-voice in production |
| Q3 2026 | Predictive trust decay, semantic policy search ("actions like last Thursday's HIPAA violation"), anomaly detection, trust marketplace / autonomy tiers |
| Q4 2026 | Scale to 100+ agents per node, cross-cloud federation (AWS + Azure + GCP), regulator read-only API, agent SDK (Python/TS/Go) for self-registration |
| 2027 | Governance marketplace (rule packs), agent certification pipeline, regulatory auto-compliance (e.g. EU AI Act → rules), zero-trust agent mesh with attestation |
The goal: provable trust — every decision auditable, every override accountable, every policy enforceable, with cryptographic proof.
Built With
- amazon
- amazon-dynamodb
- bedrock
- docker
- fastapi
- nginx
- pydantic
- python
- react
- recharts
- rest-api
- tailwindcss
- three.js
- typescript
- vite
- websocket

Log in or sign up for Devpost to join the conversation.