APort vs prompts-only safety
Prompts influence behavior. Policy decides execution. Compare where each approach helps and where it cannot enforce guarantees.
Prompt engineering and alignment are essential for user experience, but they are probabilistic controls. They shape what the model is likely to do, not what the platform is allowed to execute.
APort enforces pre-action policy at the tool boundary. If a capability is not granted, the call does not run regardless of model persuasion or prompt injection.
| Comparison point | OAP / APort | Prompts & alignment only |
|---|---|---|
| Pre-action enforcementIs every sensitive action gated before execution? | Yes — `before_tool_call` / shell hooks; model cannot bypass the platform layer. | No deterministic gate — relies on the model following instructions. |
| Policy as dataNamed, versioned rules vs ad hoc checks | Versioned policy packs (e.g. `system.command.execute.v1`, `mcp.tool.execute.v1`) with schemas and tests. | Implicit in prompts; changes require prompt edits and redeploy of behavior. |
| Enterprise identity & assuranceTiers that map to real-world trust | Assurance levels L0–L4FIN (self-attested through KYC/financial-grade paths). | Not applicable. |
| Audit & proofWhat can a third party verify? | Signed decisions, passport digest, append-first audit logs; verifier integrates with registry. | Conversation logs only — no cryptographic authorization record per action. |
| Delegation between agentsSub-agents and narrowed scopes | Delegation formalism is a known gap on the roadmap; passport-level suspend is production-ready. | No standard delegation object. |
| MCP & IDE scaleWhere developers actually run agents today | Shipped adapters: OpenClaw, Cursor, LangChain, CrewAI, n8n, etc.; MCP-aware packs. | Universal but non-enforcing. |
| Latency postureTypical evaluation path | Hosted API ~53–65 ms median in published benchmarks; local evaluation supported. | Zero added latency; also zero enforcement guarantee. |
Use Prompts & alignment only when
- You need rapid behavior tuning in non-critical workflows
- You are optimizing assistant tone and instruction-following quality
- You can tolerate occasional policy drift without hard blocking
Use OAP / APort when
- Unauthorized tool calls must be blocked deterministically
- You need signed allow/deny records for each decision
- You want policy changes without retraining or prompt overfitting
Why teams choose OAP / APort
Deterministic gate before execution
Platform hooks evaluate policy before a command or API call executes; model output alone cannot bypass this layer.
Versioned policy packs
Authorization logic is explicit and versioned (e.g., command execution, MCP tools), reducing hidden prompt debt.
Signed audit trail
Each decision can be persisted as verifiable evidence for compliance, incident response, and customer assurance.