Anchor: A Federated Governance Engine for Secure and Compliant Agentic AI Systems

As agentic AI systems transition from closed-loop sandboxes to open-world executionenvironments, the risk of unaligned tool use, data leakage, and regulatory non-complianceincreases substantially. Existing governance tools address either static code quality or narrowruntime monitoring, but none provide a unified, cryptographically verifiable enforcement layer thatspans the full deployment lifecycle of an AI system. We present Anchor, a federated governance engine that enforces multi-lens compliance acrossheterogeneous agentic architectures through two complementary mechanisms. Layer 1 (Anchorv1–v4) performs static analysis of AI-adjacent source code using Tree-sitter abstract syntax tree (AST) parsing against a constitution. anchor rule set — a signed Universal Constitution definingwhat is permitted — and a mitigation. anchor detection catalog defining how violations areidentified. Layer 2 (AnchorRuntime, v4. 3. 5) intercepts live AI inference calls, hashes inputs andoutputs with SHA-256, evaluates outputs against the same constitution at runtime, and writeseach decision into an HMAC-signed, hash-chained append-only audit log: the Decision AuditChain (DAC). Central to Layer 1 enforcement is the Diamond Cage, a WebAssembly (WASM) -based behavioralverification sandbox built on WasmEdge. Governance integrity is maintained through a remotelockfile model (GOVERNANCE. lock) sealing 18 policy files via SHA-256. Layer 2 introduces adual-mode enforcement model — Structured Mode for high-stakes decisions (mandatory JSONwith ReasonCode and FeatureAttribution) and Conversational Mode for general interactions —alongside a deterministic ETH domain that replaces probabilistic bias classifiers with GovernanceInvariants: an Aho-Corasick trie scanning structured attribution fields against a lintable prohibitedproxy taxonomy. Regulatory output methods (cimsₚayload (), adverseₐctionᵣeasons (), euₐrticle12ᵣecord () ) translate a single AuditEntry into jurisdiction-specific dialects withoutseparate implementations. We validate the system against four open-source codebases: FINOS Architecture-as-Code, HuggingFace Hub, Django, and OpenSpiel. We demonstrate that a single constitution. anchor filesimultaneously satisfies Article 12 logging requirements of the EU AI Act (2024/1689), RBI FREEAI Report Recommendations 7 and 14, CFPB Regulation B adverse action obligations, SEC 2026Examination Priorities, and the NIST AI Risk Management Framework — a property we termregulatory polyglottism. Anchor v4. 3. 5 is available at github. com/AnimusLab/anchor and on PyPI as anchor-audit.