MESHFLOW_MOCK=1 python3 hands_on/12_compliance_modes.pyBy the end of this lesson, you should be able to:
Estimated time: 40 to 55 minutes.
Most software engineering concerns are about correctness and performance. In regulated industries, a third dimension is mandatory: governance. A healthcare AI that leaks patient identifiers, or a financial AI that lacks an audit trail, can result in regulatory fines, legal liability, and public harm — even if the output was factually correct.
MeshFlow treats compliance as a runtime concern, not an afterthought. You configure it once at the policy level, and the runtime enforces it for every run.
PolicyMode sets the baseline behavior of the governance stack:
| Mode | Guardian | Audit | PHI scrub | Typical use |
|---|---|---|---|---|
DEV | Off | Off | Off | Local development, no API cost |
STANDARD | On | On | Off | General production use |
REGULATED | On | On | On | Audited environments |
LEGAL_CRITICAL | On | On | On | Legal, contract, compliance review |
HIPAA | On | On | On | Healthcare, patient data |
SOX | On | On | On | Public company financial reporting |
from meshflow.core.schemas import Policy, PolicyMode
policy = Policy(mode=PolicyMode.HIPAA, budget_usd=5.0)
Setting a mode is a shortcut. Under the hood it sets several individual flags. You can always override individual flags after setting the mode.
The compliance= keyword activates a full regulatory profile from a string:
policy = Policy(compliance="hipaa", budget_usd=5.0)
policy = Policy(compliance="sox", budget_usd=5.0)
policy = Policy(compliance="gdpr", budget_usd=5.0)
policy = Policy(compliance="pci", budget_usd=5.0)
This is useful when the compliance mode is determined at runtime from configuration or environment variables rather than hardcoded.
Protected Health Information (PHI) includes names, dates of birth, social security numbers, medical record numbers, phone numbers, and email addresses. HIPAA requires that PHI not be stored or transmitted unnecessarily.
policy = Policy(scrub_phi=True)
With scrub_phi=True, the MeshFlow runtime scans every output for known PHI patterns and replaces them with redaction markers before the artifact is stored in the ledger:
Patient John Doe (SSN: 123-45-6789) → Patient John Doe (SSN: [SSN_REDACTED])
Important caveats:
Use de-identification at ingestion, not only at output.
policy = Policy(immutable_audit=True)
When immutable_audit=True, the ledger refuses delete_run and similar mutation operations. Attempts to delete or modify a completed run raise a PolicyViolationError. This is a defense against accidental or malicious deletion of compliance records.
Combine with verify_chain on a schedule to detect any tampering that bypasses the application layer (for example, direct database edits).
policy = Policy(require_human_review=True)
Every run must include at least one human approval record in the ledger. If the workflow completes without a HITL gate having been reached, the ledger records a compliance warning. Use this for regulated workflows where a human must be in the loop on every decision.
In multi-agent workflows, one agent may influence another inappropriately — for example, a researcher embedding instructions in its output that change the writer's behavior. This is called collusion.
policy = Policy(enable_collusion_audit=True)
When enabled, MeshFlow monitors agent outputs for instruction-injection patterns. The run result contains a collusion_alerts list. In standard mode this list is empty. If a pattern is detected, it contains a description of the suspicious output and which agents were involved.
A SOX-regulated financial analysis workflow requires:
policy = Policy(
mode=PolicyMode.SOX,
immutable_audit=True,
require_human_review=True,
enable_collusion_audit=True,
budget_usd=10.0,
)
The ledger will record every step, the human approval event, and the chain hash. The compliance team can verify the chain at any time.
A HIPAA-compliant patient-data workflow requires:
policy = Policy(
compliance="hipaa",
scrub_phi=True,
immutable_audit=True,
require_human_review=True,
)
Additionally: do not send raw PHI to a third-party LLM provider without a Business Associate Agreement (BAA) in place.
stored.
upstream de-identification.
MESHFLOW_MOCK=1 python3 hands_on/12_compliance_modes.py
Observe the output table showing which controls are active per mode, the PHI scrubbing demo, the SOX workflow trace, and the LEGAL_CRITICAL contract review output. Compare the ledger entry counts across modes.
PolicyMode and the compliance= keyword activate graduated levels of governance. As you move from DEV → STANDARD → REGULATED → HIPAA, more controls become mandatory. Individual flags like scrub_phi, immutable_audit, and require_human_review let you customize beyond the preset levels. Compliance configuration belongs at the policy layer, not scattered through application code.
Goal: See how different PolicyMode values change the behavior and output of an identical workflow.
Instructions:
python hands_on/12_compliance_modes.py
- Was an audit ledger entry created? (yes/no) - Was PHI scrubbing applied? (yes/no) - Was a human review gate inserted? (yes/no) - Did the workflow complete in "fast path" (no gates) or "gated path"?
Expected output: Six labeled output blocks, each showing mode name, step results, and any policy-triggered events (scrubbing, gates, citation blocks). DEV mode should be the fastest; LEGAL_CRITICAL and HIPAA should show the most intervention.
Goal: Understand exactly which patterns scrub_phi detects and replaces.
Instructions:
from meshflow.compliance import scrub_phi
scrub_phi on strings containing each of the following PHI categories: - A person's full name: "Patient: Jane Doe" - A date of birth: "DOB: 04/12/1983" - An email address: "Contact: jane.doe@hospital.org" - A US Social Security Number: "SSN: 123-45-6789" - A phone number: "Phone: (555) 867-5309" - A diagnosis code combined with a name: "Jane Doe diagnosed with ICD-10 E11.9"
[PHI:NAME], [PHI:DATE], etc.).Expected output: Each PHI-containing string returns with the sensitive portion replaced by a tagged placeholder. The no-PHI string is returned verbatim.
Goal: Confirm that immutable_audit prevents run deletion.
Instructions:
12_compliance_modes.py and note the run_id of the REGULATED mode run (printed in the output). from meshflow.ledger import ReplayLedger
ledger = ReplayLedger()
run_id = "<the_regulated_run_id>"
try:
ledger.delete_run(run_id)
print("Deleted (unexpected!)")
except Exception as e:
print(f"Blocked: {e}")
Expected output: delete_run on the REGULATED run raises an ImmutableAuditError (or similar). The DEV run deletion succeeds silently.
Goal: Implement a human-in-the-loop gate and observe the workflow pause.
Instructions:
my_hipaa_test.py) that defines a two-step workflow with HIPAA compliance: from meshflow import MeshFlow, PolicyMode
app = MeshFlow(compliance=PolicyMode.HIPAA)
@app.agent("data_ingestion")
def ingest(input):
return {"patient_count": 42, "raw_data": "..."}
@app.agent("report_generator", require_human_review=True)
def generate_report(input):
return {"report": "Summary of 42 patients..."}
result = app.run({"query": "monthly summary"})
print(result)
report_generator — it should pause and either prompt you (interactive) or log a human review request (non-interactive/test mode).approve or reject and observe the outcome.compliance=PolicyMode.DEV and require_human_review=True still set. Does the gate still activate? Record your finding.Expected output: In HIPAA mode, the workflow pauses at the human review gate. In DEV mode, the gate is typically bypassed or logged-only, not blocking.
Goal: Understand what collusion detection flags and how to read its output.
Instructions:
12_compliance_modes.py and look for any lines in the output labeled [COLLUSION_ALERT] or similar. from meshflow import MeshFlow, PolicyMode
from meshflow.compliance import get_collusion_log
app = MeshFlow(compliance=PolicyMode.LEGAL_CRITICAL)
# (run your workflow here or use the one from the hands-on script)
log = get_collusion_log(app.last_run_id)
for entry in log:
print(entry)
- Which agents were flagged. - What behavioral pattern triggered the flag (e.g., shared data access, correlated outputs, circular referencing). - The severity level assigned.
Expected output: A list of collusion log entries (may be empty if no collusion patterns were triggered). If the script's demo does trigger an alert, you will see at least one entry with agent_a, agent_b, pattern, and severity fields.