Use cases

These scenarios show how DARE applies deterministic governance at the tool and memory boundaries. Each example includes a high-risk action, applicable controls, and the minimum evidence expected for audit and replay.

Read the Spec Browse Controls
Tool risk category
Read-only · Reversible write · Irreversible write · Financial · Infrastructure
Autonomy tier
Sandbox · Bounded · High-privilege
Evidence baseline
Decision record · Invocation record · Ledger commit · Replay trace · Semantic trace
1
Use case
Financial Operations & Treasury Agents
Tool category: Financial · Tier: High-privilege
Signed actions HITL gates Hard limits

Agents authorized to move money or modify financial records require the highest level of deterministic control to prevent fraud, misrouting, and costly hallucinations. DARE constrains these actions with policy, approvals, and non-repudiation, and produces evidence suitable for audit.

Scenario
An Invoice Reconciliation Agent matches supplier invoices against purchase orders and creates dispute cases for discrepancies.
High-risk action
Calling transfer_funds or issue_refund, which creates irreversible financial side effects.

DARE application (controls + constraints)

  • Control 12 (Signed Actions): every transaction request is signed and verifiable for non-repudiation.
  • Policy constraints (Tool Gateway): hard limits such as amount_usd <= 1000, and required assertions such as destination_verified == true.
  • HITL Decision Record: automatically block transactions above a threshold (e.g., > 500) until a human signs an approval record.

Minimum expected evidence

  • Policy Decision Record with obligations (limits + HITL requirement) and policy bundle hash.
  • Tool Invocation Record with request/response hashes, timing, and result status.
  • Ledger Commit (tamper-evident) including hash chain pointer and signature.
  • HITL Decision Record linked to the run and the tool request hash.
  • Replay Trace step referencing tool snapshots and pinned bundle hashes.
2
Use case
DevOps & Infrastructure Automation
Tool category: Infrastructure · Tier: High-privilege (often), Bounded (limited scopes)
Workload identity Replayable change sets Macro backpressure

Agents used to manage cloud environments can trigger outages or weaken security if they hallucinate configuration changes or apply overly broad permissions. DARE reduces blast radius by enforcing identity, policy, and evidence around each tool call, and by shaping workflow execution at the orchestration layer.

Scenario
An infrastructure agent tasked with deploying a service, rotating secrets, or modifying IAM permissions in response to a change request.
High-risk action
Changing firewall rules, modifying IAM bindings, or scaling clusters—actions with high blast radius and difficult rollback.

DARE application (controls)

  • Control 01 (Identity): short-lived SPIFFE/OIDC identities ensure no permanent credentials exist to leak.
  • Control 10 (Replay): captures tool/memory boundary steps for deterministic post-mortem analysis and regression.
  • Control 15 (Orchestration): governs workflow concurrency/queue depth and global backpressure (macro system health) to prevent runaway changes.

Minimum expected evidence

  • Verified workload identity claims on each privileged request.
  • Decision records showing policy allow/deny and any required obligations (e.g., approvals, verification steps).
  • Replay trace with tool snapshots sufficient to reproduce the run at the governed boundary.
  • Ledger events that link every high-impact change to a unique run and an accountable agent instance.
3
Use case
Enterprise Customer Support (Safe RAG)
Tool category: Read-only + Reversible write · Tier: Bounded
Injection defense Retrieval ACLs Provenance + TTL

Customer-facing agents that use Retrieval-Augmented Generation (RAG) are vulnerable to indirect prompt injection from tickets, emails, and web content. DARE treats retrieved content as untrusted and enforces retrieval-time authorization to prevent cross-tenant leakage.

Scenario
A support agent reads internal knowledge bases and ticket systems to answer questions and optionally drafts responses or updates cases.
High-risk action
Indirect prompt injection embedded in retrieved content causing unsafe tool calls (e.g., unauthorized refunds, data exfiltration).

DARE application (controls)

  • Control 08 (Injection Defense): treat retrieved content as untrusted; normalize and validate inputs against strict contracts before model use.
  • Memory Firewall (retrieval-time controls): enforce ACLs at retrieval time and apply provenance checks and TTL to reduce poisoning persistence.

Minimum expected evidence

  • Memory read/write records including ACL decision, provenance metadata, and TTL enforcement outcome.
  • Normalized content hashes and schema validation results for retrieved inputs.
  • Policy decision records for any tool calls triggered from RAG flows.
4
Use case
Autonomous Content & Communication
Tool category: Irreversible write · Tier: Bounded (with approvals), High-privilege (rare)
Allowlists Circuit breakers Approvals

Agents that can send external communications create reputational and legal risk. These are “irreversible write” actions: once an email is sent or content is published, it leaves the organization’s control. DARE enforces allowlists and breakers, and optionally gates publication through HITL approvals.

Scenario
An agent authorized to send external email or publish content to a CMS as part of customer communications or marketing workflows.
High-risk action
Publishing or sending messages outside the organization, where mistakes are difficult or impossible to fully reverse.

DARE application (controls)

  • Control 05 (Tool Gateway): enforce strict allowlists (e.g., approved domains, approved channels, approved templates).
  • Control 06 (Circuit Breakers): halt runaway loops (e.g., thousands of emails in minutes) and require operator reset.
  • Optional HITL gates: require signed approval for communications above risk thresholds or outside known templates.

Minimum expected evidence

  • Decision record proving domain/template allowlist evaluation and any obligations (e.g., HITL).
  • Breaker events with trigger conditions and enforcement outcomes.
  • Signed action evidence for the final send/publish operation (when high-impact).
5
Use case
Compliance & Data Management (Deletion and Retention)
Tool category: Irreversible write · Tier: High-privilege (with strict constraints)
Crypto-shredding Evidence safe-by-design Verification

Automating deletion and retention tasks requires proving that sensitive data was actually purged while maintaining a defensible audit trail. A common hazard is writing personal data into immutable evidence stores (“toxic immutable data”), which conflicts with deletion requirements. DARE addresses this by constraining what is written, and by encrypting sensitive payloads such that deletion can be enacted without breaking the integrity of the audit chain.

Scenario
An agent executes delete_record or purge_data requests to satisfy privacy and retention policies.
High-risk action
Deleting data while ensuring immutable logs do not permanently retain the sensitive payload (the “toxic immutable data” problem).

DARE application (controls + pattern)

  • Crypto-shredding pattern: sensitive payloads written to the ledger are encrypted with ephemeral keys. Deletion is enacted by destroying keys, rendering payloads unreadable without breaking the audit chain.
  • Control 16 (High-assurance verification): recommended for deletion tools to prove plan-level safety invariants before execution.

Minimum expected evidence

  • Decision record proving authorization and constraints for deletion scope.
  • Ledger entries that avoid storing plaintext PII and reference encrypted payload pointers.
  • Key destruction record (or KMS evidence) linked to the ledger event and deletion request.
  • Replay trace confirming the governed boundary steps and outcomes.
Implementation note: These examples assume DARE’s core invariant: agent runtimes do not call tools or memory directly. All tool and memory operations traverse enforcement points that produce evidence suitable for conformance checks and incident replay.
Contents
1) Financial Ops 2) DevOps & Infra 3) Safe RAG Support 4) External Comms 5) Deletion & Retention Implementation note