Skip to main content

Overview

Enforce is the strictest enforcement mode in Cascade. It actively prevents agents from executing actions that violate safety or security policies. Enforce mode evaluates policies and security frameworks in real time against agent behavior. When a violation is detected, executions are blocked or modified before the unsafe action completes. This mode is designed for high-risk agents and production-critical workflows where incorrect or malicious behavior is damaging.

When to Use Enforce Mode

Enforce mode is recommended for:
  • Production agents with access to sensitive data or systems
  • Financial, infrastructure, or irreversible actions
  • Regulated or compliance-sensitive environments
  • Mature deployments with well-tested policies
  • High-confidence safety and security requirements
Teams typically enable Enforce mode only after validating policies in Observe and Detect.

How Enforce Mode Works

Enforce mode operates as an active control layer on top of Cascade’s DeepStream system. As agents execute, DeepStream captures LLM calls, tool usage, and reasoning steps. Policies and security frameworks are evaluated synchronously against this runtime context. If a violation is detected, Cascade intervenes before execution completes. Depending on the policy and configuration, Cascade may block a tool call, prevent a response from being returned, or halt the workflow entirely.

SDK Integration

Enforce mode builds directly on the existing observability integration and does not require changes to tracing or instrumentation. Because Enforce mode actively intervenes in execution, it must be explicitly enabled.

Global Configuration

Python
from cascade import init_tracing

init_tracing(
    project="my_project",
    enforcement_mode="enforce",
    endpoint="https://api.runcascade.com/v1/traces",
    api_key="your-api-key"
)
Enforce mode is never enabled by default and must be set intentionally.

Workflow-Level Configuration

Enforcement mode can also be specified per workflow or agent run using trace metadata.
Python
from cascade import trace_run

with trace_run(
    "MyAgent",
    metadata={
        "agent_id": "agent-123",
        "enforcement_mode": "enforce"
    }
):
    agent.run("issue_refund")
This allows Enforce mode to be applied selectively to high-risk workflows while other agents operate in other enforcement modes.

Recorded Findings & Visibility

In Enforce mode, DeepStream records all safety and security evaluations, including:
  • Policy violations that triggered enforcement
  • Blocked or prevented actions
  • Severity and classification of violations
  • Context and reasoning at the time of intervention
  • Associated LLM and tool activity
These findings are visible in the Cascade dashboard, where teams can inspect enforcement events, understand why actions were blocked, and audit agent behavior over time.