How It Works
Intutic is a transparent governance layer that sits between your AI agents and the LLM providers they call. It enforces policies, detects anomalies, tracks costs, and records every decision — without adding meaningful latency.
Architecture Overview
┌──────────────┐ ┌──────────────────────────────────────────┐
│ Claude Code │ │ Intutic Control Plane │
│ Cursor │────▶│ │
│ Aider │ │ ┌──────────┐ ┌──────┐ ┌───────────┐ │
│ Windsurf │ │ │ Proxy │──│ PCAS │──│ Circuit │ │
│ Antigravity │ │ │ Gateway │ │ │ │ Breaker │ │
│ Codex │ │ └────┬─────┘ └──────┘ └─────┬─────┘ │
│ OpenHands │ │ │ │ │
│ n8n │ │ ┌────▼─────┐ ┌──────┐ ┌─────▼─────┐ │
└──────────────┘ │ │ FinOps │ │ ARE │ │ SOP │ │
│ │ Ledger │ │ │ │ Registry │ │
│ └──────────┘ └──────┘ └───────────┘ │
└──────────────────────────────────────────┘
│
┌───────▼───────┐
│ LLM Provider │
│ (Anthropic, │
│ OpenAI, …) │
└───────────────┘The Proxy Gateway
Every LLM request from your agents flows through the Intutic proxy. The proxy is transparent — agents don't need to change their code. The CLI's init command configures each harness to route through the proxy by setting the appropriate base URL or config variable.
How routing works per harness:
| Harness | Config File | Mechanism |
|---|---|---|
| Cursor | .cursorrules | Markdown rules injected with proxy URL |
| Claude Code | CLAUDE.md | Markdown rules injected with proxy URL |
| Windsurf | .windsurfrules | Markdown rules injected with proxy URL |
| Aider | .aider.conf.yml | extra-instructions YAML field |
| Antigravity | .gemini/settings.json | customInstructions JSON field |
| Codex | .env.intutic | ANTHROPIC_BASE_URL / OPENAI_BASE_URL env vars |
| OpenHands | config.toml | [intutic] TOML section with proxy_url |
| n8n | (API-based) | Workflow parameters via n8n REST API (Phase 2) |
Enforcement Actions (PCAS)
The Policy Compliance and Action System evaluates every request against your SOPs and applies one of four enforcement actions:
| Action | What happens | When it's used |
|---|---|---|
| BYPASS | Request passes through unmodified | Compliant with all SOPs |
| ENHANCE | Request is modified (prompt enrichment, model upgrade) | SOP suggests improvements |
| HIJACK | Request is rerouted to a different model or modified substantially | Cost optimization, capability routing |
| KILL | Request is blocked entirely | Policy violation, budget breach, anomaly detected |
The Circuit Breaker
The circuit breaker is the runtime enforcement mechanism. It evaluates each request against:
- SOP rules — Does this request comply with active SOPs?
- Budget limits — Is the user/workspace within budget tier limits?
- Anomaly scores — Has the ARE flagged this session?
- Trust scores — What's the trust level of this agent session?
If any check fails, the circuit breaker applies the appropriate enforcement action.
SOP Lifecycle
SOPs (Standard Operating Procedures) are the policy documents that define governance rules. They follow a 7-state lifecycle:
DRAFT → PENDING_REVIEW → GENERATED → HYPOTHESIZED → REFINED → VALIDATED
↓
INVALIDATED| State | Meaning |
|---|---|
DRAFT | Initial authoring, not yet active |
PENDING_REVIEW | Submitted for team review |
GENERATED | Auto-generated from observed patterns |
HYPOTHESIZED | Proposed rule being tested |
REFINED | Iteratively improved based on feedback |
VALIDATED | Active and enforced |
INVALIDATED | Retired or superseded |
SOPs include:
- Risk tier —
LOW,MEDIUM,HIGH,CRITICAL - Complexity tier — task complexity classification
- Dependencies — other SOPs this one depends on
- Markdown content — the actual policy rules
Changes to SOPs are classified as STRENGTHEN, CLARIFY, NARROW, or WEAKEN for audit trail.
Anomaly Detection (ARE)
The Autonomous Reasoning Engine detects 12 categories of runtime anomalies:
| Anomaly Type | Description |
|---|---|
TOOL_ABUSE | Excessive or inappropriate tool calls |
TOKEN_WASTE | Inefficient token usage patterns |
LOOP_DETECTED | Agent stuck in a retry/repeat loop |
UNAUTHORIZED_TOOL | Calling tools outside allowed set |
DATA_EXFILTRATION | Attempting to leak sensitive data |
PROMPT_INJECTION | Malicious prompt manipulation detected |
HALLUCINATION | Model generating fabricated information |
SCOPE_VIOLATION | Operating outside defined task scope |
BUDGET_BREACH | Exceeding allocated budget |
SPAWN_BUDGET_BREACH | Sub-agent spawning over limits |
WORKFLOW_BUDGET_BREACH | Multi-step workflow over budget |
WORKFLOW_GOAL_DRIFT | Workflow deviating from stated objective |
FinOps Ledger
Every execution trace records:
- Input/output token counts
- Model used and actual cost in USD
- Enforcement action applied
- Token utility classification (
USEFULorWASTED)
Budget tiers control spending limits per developer level:
| Tier | Role |
|---|---|
JUNIOR | Junior developers — lowest budget ceiling |
SENIOR | Senior developers |
STAFF | Staff engineers |
PRINCIPAL | Principal engineers — highest budget ceiling |
Sync Daemon
The intutic connect command starts a long-lived sync daemon that:
- Polls the control plane for SOP updates (default: every 30 seconds)
- Detects which harnesses are present in the workspace
- Writes updated governance config to each harness's config file
- Reports sync state back to the control plane
- Uses atomic writes (tmp file + rename) to prevent file corruption
The daemon supports all 8 harness adapters and handles each one's config format natively.