Integration Guide
Azure AI Foundry
Connect Azure AI Foundry to OSuite and get your first governed action into /decisions in under 20 minutes.
Instance URL detected: https://readiness.osuite.ai
Governance context
Runtime class
Cloud Agent Platform
A hosted builder or cloud platform where governance depth depends on customer-owned control points around execution.
Recommended surfaces
Control Plane
Run policy, approvals, replay, and evidence management as the operator system of record.
Evidence Import Surface
Import actions, traces, and logs when the external runtime cannot be governed directly.
Typical governance range
Advisory Governance -> Approval-Orchestrated Governance -> Runtime-Enforced Governance
Self-host and future SaaS are deployment model choices for the OSuite control plane. They do not determine governance level by themselves.
Treat Foundry as a managed agent platform
Foundry owns the hosted agent harness. OSuite should not pretend it is an inline runtime.
Use bridge mode with Trust Boundary
Trust Boundary sits at the execution boundary while OSuite remains the workspace, approval, replay, and proof authority.
.env
OSUITE_BASE_URL=https://readiness.osuite.ai OSUITE_API_KEY=<your-workspace-api-key> OSUITE_AGENT_ID=foundry-governed-agent DASHCLAW_POLICY_EVALUATOR_TRUST_BOUNDARY_ENABLED=true TRUST_BOUNDARY_POLICY_REFERENCE=foundry/default TRUST_BOUNDARY_FOUNDRY_PROFILE=customer-prod
Project Foundry runs into the PCAA loop
Guard, action open, and outcome closure still live in OSuite even though execution remains hosted.
foundry-bridge.mjs
import { OSuite } from 'osuite';
const osuite = new OSuite({
baseUrl: process.env.OSUITE_BASE_URL,
apiKey: process.env.OSUITE_API_KEY,
agentId: process.env.OSUITE_AGENT_ID || 'foundry-governed-agent',
});
const decision = await osuite.guard({
action_type: 'azure.foundry.tool_call',
declared_goal: 'Execute a governed Azure AI Foundry action',
runtime_type: 'azure_foundry',
runtime_family: 'managed_agent_platform',
adapter_mode: 'bridge',
governance_engine: 'agt_v1',
protocol_lane: 'trust_boundary_runtime',
external_policy_reference: process.env.TRUST_BOUNDARY_POLICY_REFERENCE,
external_trust_materials: ['trust.identity', 'trust.policy', 'trust.receipt'],
risk_score: 52,
});
const created = await osuite.createAction({
action_type: 'azure.foundry.tool_call',
declared_goal: 'Execute a governed Azure AI Foundry action',
runtime_type: 'azure_foundry',
runtime_family: 'managed_agent_platform',
adapter_mode: 'bridge',
governance_engine: 'agt_v1',
protocol_lane: 'trust_boundary_runtime',
external_policy_reference: process.env.TRUST_BOUNDARY_POLICY_REFERENCE,
external_trust_materials: ['trust.identity', 'trust.policy', 'trust.receipt'],
risk_score: 52,
});
const actionId = created.action?.action_id || created.action_id;
await osuite.updateOutcome(actionId, {
status: decision.decision === 'allow' ? 'completed' : 'pending_approval',
output_summary: 'Foundry action recorded with Trust Boundary receipts',
});Verify runtime family and trust materials
The resulting action should read as managed_agent_platform + bridge, with Trust Boundary materials preserved in the envelope.
What success looks like
Open /replay and confirm the action carries managed_agent_platform, bridge mode, and Trust Boundary receipt material.
Navigate to /decisions in your OSuite instance. Your action should appear in the ledger within seconds of the agent run.
Governance as Code
Drop a guardrails.yml in your project root to enforce policies without code changes. OSuite evaluates these rules at the guard step before any action executes.
guardrails.yml
version: 1
project: foundry-managed-runtime
policies:
- id: bridge_high_assurance_foundry
applies_to:
action_types:
- azure.foundry.tool_call
when:
min_risk_score: 50
rule:
require: approval