Architecture
How Regulus extends Google ADK without forking it.
Regulus plugs into ADK's official extension contracts: the
BasePlugin SPI, the SessionService / MemoryService /
ArtifactService interfaces, and the ToolConfirmation primitive for
HITL. When Google ships ADK 1.3, Regulus stays compatible.
8 ADK BasePlugin implementations
Every plugin extends com.google.adk.plugins.BasePlugin
and overrides the callback hooks listed below. Plugins are
composable; the same agent can run all eight without ordering issues
— Regulus pins the priority order so policy decisions land before
audit emissions.
Policy plugin
RegulusPolicyPlugin Pre-tool-call policy evaluation. Decisions are fail-closed and emit a structured audit event with the matched policy clause.
Privacy plugin
RegulusPrivacyPlugin PII redaction on inbound prompts and outbound responses; re-redaction on memory writes; configurable patterns per jurisdiction.
Audit plugin
RegulusAuditPlugin Append-only audit event emission with optional SHA-256 hash chaining; 24-month retention by default; offline verification via the CLI.
Kill switch plugin
RegulusKillSwitchPlugin Identity-backed dual-control kill switch. Two authorised principals collapse the agent's tool surface; events feed the audit chain.
Model risk plugin
RegulusModelRiskPlugin Tier-aware gating that enforces SS1/23 + ISO 42001 model-classification rules; ties model invocations to validation evidence.
Data residency plugin
RegulusDataResidencyPlugin Fail-closed residency enforcement on memory writes and artifact stores; checks the resolved region against the active profile's allowed set.
Governance evidence plugin
RegulusGovernanceEvidencePlugin Routes signed evidence envelopes to ServiceNow IRM, OneTrust, MetricStream, or a generic HMAC webhook with framework citations attached.
Identity expiry guard
RegulusIdentityExpiryGuard Short-lived-token enforcement. Rejects tool calls whose Principal's credentials have expired; logs the rejection with structured cause.
6 ADK service extensions
Service extensions wrap Google-shipped implementations rather than
replacing them. RegulusVertexAiSessionService extends
VertexAiSessionService — the underlying Vertex
session-service contract is intact; Regulus adds residency,
retention, and PII checks at the read/write seams.
RegulusVertexAiSessionService
extends VertexAiSessionService
Adds policy + privacy + residency gating to Vertex-managed session state.
RegulusFirestoreSessionService
extends FirestoreSessionService
Same as Vertex variant, against a Firestore session backend.
RegulusFirestoreMemoryService
extends FirestoreMemoryService
Long-term memory with PII re-redaction on write and TTL by retention policy.
RegulusGcsArtifactService
extends GcsArtifactService
Region-pinned artifact writes with residency enforcement and per-bucket CMEK.
RegulusRetentionEventCompactor
extends EventCompactor
Regulation-aware retention. Strictest profile wins; events older than the resolved retention are compacted.
RegulusComplianceBaseComputer
extends BaseComputer
Computer-use surface with policy-gated screen + keyboard access; redacted screenshots.
A2A — Agent-to-agent envelope
Cross-org agent calls travel over ADK's A2A protocol. Regulus wraps the envelope with RFC 9421 HTTP Message Signatures: the calling agent signs request method + URI + body + timestamp; the receiving agent verifies before invoking. Replay-window protection ships as part of the envelope. Ed25519 signing is wired through the SPI but the signing implementation lands in the next milestone — today the surface enforces structure + replay protection.
10 regulation profiles
A profile is a YAML file. Each profile pins the policy clauses, the audit fields, the retention window, the allowed residency, and the framework citations. Multiple profiles compose; conflicts resolve deterministically (strictest retention wins, intersected residency, union of audit fields).
- EU EU AI Act GPAI Code of Practice enforceable from 2 August 2026
- EU GDPR In force since 25 May 2018
- UK UK GDPR In force; ICO is supervisory authority
- EU DORA Effective since 17 January 2025
- EU NIS2 National transposition deadline 17 October 2024
- UK FCA SYSC Consumer Duty effective 31 July 2023 (new); 31 July 2024 (closed)
- UK PRA SS1/23 Effective 17 May 2024
- UK PRA SS2/21 Effective 31 March 2022
- UK NHS DSPT Annual submission cycle; FY2025-26 standard in force
- EU EHDS Entered into force 26 March 2025; phased application through 2031
6 governance frameworks
Frameworks are voluntary best-practice standards that internal-audit teams adopt to demonstrate maturity. Regulus emits framework-tagged evidence from the audit chain so coverage is provable on demand.
- NIST NIST AI RMF 1.0 Shipped
- NIST NIST AI RMF 600-1 GenAI Profile Shipped
- NIST NIST AI RMF Agent Interop Profile Provisional
- ISO/IEC ISO/IEC 42001:2023 Shipped
- ISO/IEC ISO/IEC 23894:2023 Shipped
- ISO/IEC ISO/IEC 23053:2022 Shipped
4 GRC adapters
Every audit event can be routed to one or more GRC tools via the
RegulusGovernanceEvidencePlugin. Adapters emit a signed
envelope containing the event, the matched policy clause, the
framework citations, and the resolved jurisdiction. Configure the
adapter once in application.yaml; the routing happens
automatically on every event.
ServiceNow IRM
Posts signed evidence envelopes to the ServiceNow Integrated Risk Management module.
OneTrust AI Governance
OneTrust AI Governance asset + activity records, with framework citations attached.
MetricStream
MetricStream Risk Cloud risk events with mapped control catalogue references.
Generic HMAC webhook
Signed POST to any URL. Verify the signature offline with the bundled key.
Where the bytes go
Three places. (1) Cloud Logging for the operational stream — every event written via the standard structured log API. (2) The hash chain — append-only file or object-storage stream, SHA-256-chained, offline-verifiable. (3) Your GRC tool — the configured adapter, signed, with citations. The first two run by default; the third is the audit-evidence loop that makes the rest reconcilable.