VIDI · Agent governance
Agents you can audit
DVLP runs AI agents against real drug programs, and an agent that drafts regulatory documents needs receipts, not vibes. VIDI is the registry, the policy gate, and the audit trail around every one of them. Each agent is registered and tiered, every invocation passes a Cerbos policy check before it runs, every execution comes back with a KMS-signed receipt, and all of it lands in a trail you can hand to an auditor. I designed and built the front of both faces: the admin side that governs, and the Guild side where agents are authored and tested.
- Role
- Design engineer
- Years
- 2025–26
- Stack
- Next.js · Go · Cerbos
- Scope
- Admin + Guild, 2 themes

02
Know your agents
Banks have know-your-customer. VIDI has know-your-agent. Nothing runs against a drug program until it has been registered, tiered, and signed, and the tier is not decoration: it caps what the agent may touch and how autonomously it may act. An agent's detail page reads like a passport, its declared tools, its trust posture, its domain, and the exact pipeline it walked to get here.
That pipeline is the spine of the Guild side. An agent moves from draft through QA review to sign and register to live, and each published version is minted immutably, so “which version produced this output” always has one answer. The trust posture meters put autonomy and scope on the same card, because those two numbers are what a reviewer actually weighs.


03
Every run leaves a receipt
The gate itself is Cerbos. Every invocation is checked against policy before it executes, with CEL conditions deciding on the agent's tier, the resource it wants, and the environment it is running in. Writing policy UI is mostly a translation job: the rules stay readable as rules, and the decision feed shows each allow and deny in the same plain grammar, action, resource, reason.
When a run completes, the backend signs the execution record with AWS KMS, so a receipt is not just a log line but a claim someone can verify years later. The invocation log carries those signatures inline, and the audit trail behind it is anchored to a Hyperledger Fabric chain. The design job was keeping all of this legible: an auditor should read the trail like a bank statement, not a stack trace.



04
The playground
Governance without a place to run things would just be paperwork, so Guild ships a playground. Point a formula at an asset and a supervisor agent delegates to clinical, regulatory, and supply-chain experts while a live React Flow graph draws the run as it happens: which agent is thinking, which tool it is calling, what it handed back. The plan checklist ticks off beside the graph, and the full recommendations report lands underneath when the run completes.
Direct invocation is the quieter mode. Pick one agent and the graph shows only its declared tools, the same declaration the policy gate enforces, so what you watch in the playground is exactly what production will permit.


05
Two rooms, one system
The admin side reads like the rest of DVLP, lab paper and one oxidized orange, because governance belongs next to the science it governs. Guild got a dark variant: it is where agents are authored and broken on purpose, and the people living in it asked for a room that feels like a workshop rather than a filing cabinet. Both run from the same tokens, so a kanban card or an environment picker is the same component in either room, just on a different ground.

