OpenScorpion enforcement and routing layer
Try the demo Request a briefing
Adaptive Semantic Routing plus policy enforcement, delivered as a control layer for agents

OpenScorpion puts rules and routing between your agents and reality.

OpenScorpion is an intelligent enforcement point and router for agentic and LLM workloads. It combines Adaptive Semantic Routing, with an Agentic Compliance and Policy Governor, so every request is classified, routed to the best provider, and blocked or redacted when it should be.

ASR, Adaptive Semantic Router
APCG, policy governor
Audit, provenance, and evidence
Cost, latency, and quality optimisation
Run the live demo See the architecture

It sits as a gateway, sidecar, or shared service. It speaks HTTP, and it does not require you to rewrite your agents just to behave.

Decision log, sample traffic
[OpenScorpion] intercept request id=7f3c2, actor=agent, action=write_email [ASR] semantic intent=customer_comms, sensitivity=low, domain=general [APCG] policy verdict=allow, controls=pii_redaction=false, tool_access=limited [Router] selected provider=OpenAI, model=gpt 4o mini, reason=quality over cost [Audit] evidence saved, hash=9c1a, latency=420ms, cost_est=£0.003 [OpenScorpion] intercept request id=01aa9, actor=agent, action=search_internal_docs [ASR] semantic intent=finance_ops, sensitivity=high, domain=internal [APCG] policy verdict=redact, controls=pii_redaction=true, allowlist=finance_team [Router] selected provider=local, model=qwen coder 32b, reason=data locality [Audit] evidence saved, hash=12fe, latency=210ms, cost_est=£0.000 [OpenScorpion] intercept request id=bb9e1, actor=agent, action=export_records [ASR] semantic intent=data_exfil, sensitivity=critical, domain=unknown [APCG] policy verdict=deny, controls=block, escalation=security_queue [Audit] evidence saved, hash=fe88, latency=12ms, cost_est=£0.000

What OpenScorpion does

A single layer that classifies intent, enforces policy, routes to the best model or tool, and logs the evidence you will be asked for later.

Adaptive Semantic Routing

Classifies request intent, sensitivity, and domain, then selects the provider, model, and toolchain that best fits the job, without trusting the agent to behave.

Intent classification Provider selection Latency aware

Policy governance, at the choke point

Enforces policy before model invocation and before tool execution, including deny, allow, redact, sandbox, step up approval, and forced audit.

Allow Redact Deny

Evidence, audit, and provenance

Stores prompts, decisions, citations, tool calls, hashes, and policy traces. When Legal asks, you can answer, instead of sweating quietly.

Immutable trace Hashes Decision rationale

Cost, quality, and risk optimisation

Routes low risk tasks to cheaper models, routes high stakes tasks to stronger models, and keeps regulated data on prem when needed.

Budget caps SLOs Local first options

Tool access control for agents

Applies capability boundaries to tools, connectors, and actions, based on identity, intent, and context, so agents cannot casually discover new ways to misbehave.

Allow lists Scopes Step up approval

How it works

Every request passes through the same pipeline, regardless of which agent framework you use.

Step 1, Intercept

OpenScorpion receives the request as a gateway call, sidecar call, or shared service call, and attaches identity and context.

Step 2, Classify

ASR assigns intent, sensitivity, domain, and risk. It can use heuristics, embeddings, rules, or a classifier model, depending on your appetite for complexity.

Step 3, Enforce

APCG evaluates policy, applies controls, and returns a verdict. The router only proceeds when policy says it can, and only within the authorised constraints.

Step 4, Route and log

OpenScorpion selects provider and model, optionally applies redaction, invokes the model or tool, and writes a complete decision trace with evidence.

Live demo

This is a client side simulation that demonstrates the decision pipeline. It is not a toy, it is simply not wired to your production environment yet.
Request simulate decision

The demo demonstrates enforcement and routing decisions. In production, the same logic runs server side, and writes an audit trail to your chosen store.

Decision id pending
APCG verdict pending
Controls
none
Escalation
none
Reason
waiting
Audit
off
ASR routing decision pending
Intent
unknown
Sensitivity
unknown
Provider
unknown
Model
unknown
Decision JSON ready 

            

          

        

      

    


    

      
Reference architecture

      
OpenScorpion sits between agent frameworks and providers, and it enforces policy before model calls and before tool calls.

    


    

      
        
          
            
            
          
          
            
            
          
          
            
          
        

        

        
          
          Agents and apps
          LangGraph, CrewAI,
          custom code, workflows
        

        
          
          
          OpenScorpion
          enforcement and routing layer

          
          ASR
          intent, sensitivity, provider selection

          
          APCG
          policy, controls, audit, enforcement
        

        
          
          Model providers
          OpenAI, Anthropic,
          Azure, local vLLM,
          llama.cpp, custom
        

        
          
          Tools and systems
          search, files, tickets,
          payments, admin actions
          all capability controlled
        

        
          
          
          
          
          
          
        

        
          
          Audit and evidence
          hashes, prompts,
          tool traces, citations,
          policy decisions
          store anywhere
        

        
          
          
        
      
    


    

      
Trust, safety, and boring but necessary assurances

      
If it can touch data and trigger tools, it needs guardrails that are enforceable, auditable, and explainable.

    


    

      

        
Enforcement before execution

        
Policies evaluate intent, identity, region, data type, and requested tooling. OpenScorpion blocks or constrains requests before any model call and before any tool action.

      

      

        
Audit trail that survives scrutiny

        
Decision traces include policy rationale, selected routes, redaction actions, and hashes. You can replay, investigate, and prove what happened.

      

      

        
Designed for multi provider reality

        
You can run local models for sensitive workloads, and use cloud models for high quality outputs, with consistent enforcement in one place.

      

    


    

      

        
Request a briefing

        
Replace this form with your real contact workflow, or wire it to an email service, a CRM, or whatever enterprise ritual you prefer.

      


      

        

          
What you get

          

            A reference deployment pattern, a policy catalogue starter kit, and an integration approach for your agent framework and tool ecosystem.
            You can also receive a short technical deep dive that covers routing logic, policy evaluation order, audit schema, and operational metrics.
          

          

            Reference deploy
            Policy catalogue
            Audit schema
            SLO metrics
          

        


        

          
Contact