Shadow Mode

See what Decionis would have blocked — before you flip a single switch.

Same install everywhere we ship: GitHub Action, LangChain (Python & JS), Azure API Management, Slack, Shopify. The gate observes, records a signed Decision Dossier, and never changes caller behaviour — until you decide to enforce. One-line change to flip, reversible without uninstalling.

Pick a surface Score my current posture Generate a sample dossier

Pick the surface that touches your most-asked workflow

You don't have to wire every surface — start with the one whose audit you'd be asked about first. Tabs below swap the install snippet to that surface verbatim.

Install LangChain (Python) in shadow

Wraps any LangChain BaseTool. The LLM still picks the tool on the same prompt; Decionis decides if the call fires.

python

# pip install decionis-langchain
from decionis import DecionisClient
from decionis_langchain import DecionisGateTool

client = DecionisClient(api_key="...", base_url="https://api.decionis.com")

gated_refund = DecionisGateTool.wrap(
    inner_tool=send_refund,
    client=client,
    tenant_id="org-uuid",
    workflow_key="refund_execution",
    shadow_mode=True,     # ← every verdict recorded; inner tool always runs
    site_base_url="https://decionis.com",
)
agent.bind_tools([gated_refund])

Open docs →

Watch the would-have-blocked numbers

Every gated call produces a signed Decision Dossier. Nothing changes for callers.

Every wrapped invocation produces a signed Decision Dossier. Watch the verdict mix in your Decionis audit log; on enforce, blocks raise DecionisGateRefusal back to the agent.

Per-dossier
Every call → one verifiable proof artifact at /verify/decision-dossiers/<id>.
Per-week
Verdict distribution and a Decionis Score on /decionis-score — exportable as an executive PDF or AI-Act packet.
Per-decision
Forwardable Decision Dossier links — Slack / Teams / LinkedIn unfurl with the verdict OG card.

Flip LangChain (Python) to enforce

One-line change. Reversible without uninstalling.

python

gated_refund = DecionisGateTool.wrap(
    inner_tool=send_refund,
    client=client,
    tenant_id="org-uuid",
    workflow_key="refund_execution",
-   shadow_mode=True,
+   shadow_mode=False,    # ← enforce: inner tool only runs on an ALLOW verdict;
+                         #   BLOCK / REVIEW / ESCALATE now hold the call
    site_base_url="https://decionis.com",
)

Same dossier id, same verify URL, same audit log — the only difference is that blocked verdicts now actually hold the action. If a real workflow regresses, swap back to shadow: the rollback is the same one-line edit, in reverse.

Once you've been in shadow a few days

The numbers you collected become the case for enforcement.

Every dossier ID you record in shadow opens to a public verification page and unfurls with the OG verdict card in Slack / Teams / LinkedIn. Use them in the rollout review packet — the same signed artifact is the proof your CFO, your security reviewer, and your customer's auditor all want.

Score your readiness

Five-input assessment → executive PDF / AI Act packet.

Run the assessment →

Internal-approvals deep dive

The Slack-thread-to-signed-dossier story walked end-to-end.

Read the use case →

Shadow reports doc

The API shape behind the would-have-blocked numbers.

Open the docs →

Loading…

Shadow Mode

See what Decionis would have blocked — before you flip a single switch.

Pick a surface Score my current posture Generate a sample dossier

Pick the surface that touches your most-asked workflow

You don't have to wire every surface — start with the one whose audit you'd be asked about first. Tabs below swap the install snippet to that surface verbatim.

Install LangChain (Python) in shadow

Wraps any LangChain BaseTool. The LLM still picks the tool on the same prompt; Decionis decides if the call fires.

python

# pip install decionis-langchain
from decionis import DecionisClient
from decionis_langchain import DecionisGateTool

client = DecionisClient(api_key="...", base_url="https://api.decionis.com")

gated_refund = DecionisGateTool.wrap(
    inner_tool=send_refund,
    client=client,
    tenant_id="org-uuid",
    workflow_key="refund_execution",
    shadow_mode=True,     # ← every verdict recorded; inner tool always runs
    site_base_url="https://decionis.com",
)
agent.bind_tools([gated_refund])

Open docs →

Watch the would-have-blocked numbers

Every gated call produces a signed Decision Dossier. Nothing changes for callers.

Every wrapped invocation produces a signed Decision Dossier. Watch the verdict mix in your Decionis audit log; on enforce, blocks raise DecionisGateRefusal back to the agent.

Per-dossier
Every call → one verifiable proof artifact at /verify/decision-dossiers/<id>.
Per-week
Verdict distribution and a Decionis Score on /decionis-score — exportable as an executive PDF or AI-Act packet.
Per-decision
Forwardable Decision Dossier links — Slack / Teams / LinkedIn unfurl with the verdict OG card.

Flip LangChain (Python) to enforce

One-line change. Reversible without uninstalling.

python

gated_refund = DecionisGateTool.wrap(
    inner_tool=send_refund,
    client=client,
    tenant_id="org-uuid",
    workflow_key="refund_execution",
-   shadow_mode=True,
+   shadow_mode=False,    # ← enforce: inner tool only runs on an ALLOW verdict;
+                         #   BLOCK / REVIEW / ESCALATE now hold the call
    site_base_url="https://decionis.com",
)

Once you've been in shadow a few days

The numbers you collected become the case for enforcement.

Score your readiness

Five-input assessment → executive PDF / AI Act packet.

Run the assessment →

Internal-approvals deep dive

The Slack-thread-to-signed-dossier story walked end-to-end.

Read the use case →

Shadow reports doc

The API shape behind the would-have-blocked numbers.

Open the docs →