Developers

A compact API for governed execution decisions.

Integrate PFC in front of actions that require policy checks, authorization verification, and deterministic evidence. The public API is intentionally narrow so teams can adopt it quickly.

Request API Key

Request API Key opens the hosted API access flow where you can start onboarding and receive credentials.

PFC Integrations

Installable Python packages for execution-boundary integrations

PFC is the execution-boundary control plane. The ecosystem access layer now includes installable Python packages for teams looking for a PFC Python package, an execution-boundary Python package, or a practical LangChain governance adapter without replacing the hosted runtime.

Explore PFC integrations for developers to install pfc-core and pfc-langchain, copy working snippets, and understand how framework proposals are intercepted before execution.

Quick Start (60 seconds)

New: Verify receipts offline without an API key.

1. Install the Python SDK

pip install pfc-client

2. Run your first governed decision

from pfc_client import PFCClient

client = PFCClient(api_key="YOUR_API_KEY")

result = client.evaluate(
    action="wire_transfer",
    amount=50000
)

print(result)

3. Example response

{
  "decision": {
    "allow": true,
    "reason": "Authorized"
  },
  "decision_hash": "8e9d1a04ee3d0febacbb91c58c7eb7db9b1c7b621e24e23cfb608f89fcdc7628",
  "signature": "jB/+oJK0uGvP2W0i4kJzSD2qm8iRFsOKAq8accmlavCh..."
}

Every request through Prime Form Calculus generates a deterministic governance record including a decision hash and cryptographic signature.

Use this integration path when you need to reduce AI execution risk before a workflow reaches the execution boundary.

Need measured evidence for the same hosted route you are integrating? View live proof for governed load, mixed allow and deny traffic, stale-timestamp freshness enforcement, and recovery behavior.

Teams explaining where policy ends and runtime enforcement begins can also use AI execution risk to frame why execution-time control matters.

All requests are secured with execution-time authorization. Learn more → Security

Need the explored-to-executed chain? Open the end-to-end decision traceability example to see exploration artifacts, execution receipts, and SDK resolution in one flow.

Installable Packages

PFC Integrations

PFC now has installable Python packages for teams that want to install a PFC package without changing PFC's core positioning as the execution-boundary control plane. These packages are the ecosystem access layer for governed execution, not a replacement for the hosted runtime or API.

pfc-core

Shared client and enforcement primitives for PFC integrations.

pip install pfc-core

pfc-langchain

Thin execution-boundary wrapper for LangChain tool invocation.

pip install pfc-langchain

How the package architecture works

Framework or tool proposes, the wrapper intercepts, PFC evaluates, and the action is allowed or blocked before execution. That keeps PFC as the execution-boundary control plane while making install PFC package workflows practical for developers.

Minimal pfc-langchain usage

from pfc_langchain import GovernedTool


class DummyTool:
    name = "write_summary"
    description = "Write a governed summary"

    def __call__(self, value):
        return {"value": value}


tool = GovernedTool(
    DummyTool(),
    policy_id="policy-123",
    pfc_api_key="YOUR_API_KEY",
)

Use this path when you want a credible execution-boundary Python package for governed tools while the hosted API remains the runtime source of truth.

Direct API Example

curl https://pfc-api.fly.dev/v1/evaluate \
  -H "x-api-key: YOUR_API_KEY" \
  -H "x-pfc-nonce: 5d8473d6-9cfe-4f3d-8b7f-bb3c1b6787c2" \
  -H "x-pfc-timestamp: 2026-03-12T18:00:00Z" \
  -H "Content-Type: application/json" \
  -d '{"request_id":"req_demo_001","action":"wire_transfer","subject":{"type":"service","id":"payments"},"resource":{"type":"account","id":"treasury"},"proposed_execution":{"irreversible":true,"amount":50000},"policy":{"policy_id":"demo","rules":{"max_exposure":500000}},"context":{"environment":"production","tenant_id":"acme"}}'

Quickstart

Use PFC when an application or agent needs a governed allow or block decision before execution. This model implements AI decision governance by evaluating actions before execution.

EndpointPOST https://pfc-api.fly.dev/v1/evaluate
Auth Headerx-api-key: YOUR_API_KEY
Replay Headersx-pfc-nonce + x-pfc-timestamp
Content Typeapplication/json

Onboarding

  • Request an API key through the hosted signup flow.
  • Store the one-time revealed API key immediately because the hosted signup flow does not show it again.
  • Send a decision request with your request ID, replay-protection headers, subject, resource, policy ID, and context.
  • Store the returned decision ID, artifact URL, and governance receipt, then verify the receipt before protected downstream execution.
  • Use hosted active policy versions when configured; draft and pending approval versions are not used for live evaluation, and activation can require approval quorum.
Prefer a guided activation path? Get Started See creative lineage demo

Example Request

curl -X POST https://pfc-api.fly.dev/v1/evaluate \
  -H "x-api-key: pfc_live_your_api_key" \
  -H "x-pfc-nonce: 5d8473d6-9cfe-4f3d-8b7f-bb3c1b6787c2" \
  -H "x-pfc-timestamp: 2026-03-12T18:00:00Z" \
  -H "Content-Type: application/json" \
  -d '{
    "request_id": "req_prod_001",
    "action": "execute_wire",
    "subject": {"type": "service", "id": "payments-orchestrator"},
    "resource": {"type": "account", "id": "treasury-usd"},
    "proposed_execution": {"irreversible": true, "amount": 250000, "currency": "USD"},
    "policy": {"policy_id": "treasury-wire-policy", "rules": {"max_exposure": 500000}},
    "context": {"environment": "production", "tenant_id": "acme"}
  }'

Example Response

{
  "decision_id": "9e2d1a2e-6b2a-4a11-83c5-0a7b2b6f15c1",
  "status": "allow",
  "allow": true,
  "reason_code": "OK",
  "reason": "Authorized",
  "artifact_url": "/v1/evidence/9e2d1a2e-6b2a-4a11-83c5-0a7b2b6f15c1",
  "governance_receipt": {
    "payload": {
      "receipt_id": "9e2d1a2e-6b2a-4a11-83c5-0a7b2b6f15c1",
      "decision_status": "allow"
    }
  },
  "receipt": {
    "payload": {
      "v": 1,
      "receipt_id": "rct_...",
      "decision_id": "9e2d1a2e-6b2a-4a11-83c5-0a7b2b6f15c1",
      "request_id": "req_prod_001",
      "payload_hash": "sha256-of-canonical-action-payload",
      "decision_status": "allow",
      "allow": true,
      "reason_code": "OK",
      "policy_id": "treasury-wire-policy",
      "policy_version": 1,
      "policy_hash": "sha256-of-policy",
      "issued_at": "2026-04-01T12:00:00Z",
      "expires_at": "2026-04-01T12:10:00Z",
      "key_id": "pfc-api-ed25519-example",
      "runtime_version": "pfc-runtime-1",
      "engine_version": "pfc-engine-1"
    },
    "payload_hash": "sha256-of-canonical-receipt-payload",
    "signature": "base64-ed25519-signature-over-canonical-payload"
  }
}

Every governed decision returns the legacy governance_receipt plus a portable receipt that downstream systems can verify offline.

Verifier First

Receipt Verifier Quickstart

A PFC receipt is portable proof that PFC signed an allow or deny decision for one exact action payload. Downstream services can verify the receipt offline with a pinned public key before executing the protected action.

from pfc.verifier import verify_receipt

result = verify_receipt(
    receipt=decision["receipt"],
    payload=action_payload,
    public_key=pinned_pfc_public_key_pem,
)

if not result.valid:
    raise PermissionError(result.reason_code)

No valid receipt, no action. The protected service should reject missing receipts, invalid signatures, expired receipts, and receipts that do not match the exact payload about to execute.

Learn the full verifier and key discovery path on the public receipt verifier page.

Decision Outcomes

The system returns a deterministic allow or deny decision before any action is committed.

Allow Decision

Evidence pointer (verifiable)

{
  "decision_id": "4ce2e203-a1f4-41a8-9db6-42431cf4a6b1",
  "status": "allow",
  "allow": true,
  "reason": "Authorized",
  "artifact_url": "/v1/evidence/4ce2e203-a1f4-41a8-9db6-42431cf4a6b1"
}

Action proceeds with verified authority.

Deny Decision

Evidence pointer (verifiable)

{
  "decision_id": "8a3d770d-d0b1-4ec6-8531-a3d67b1765be",
  "status": "deny",
  "allow": false,
  "reason": "Amount exceeds delegated threshold",
  "artifact_url": "/v1/evidence/8a3d770d-d0b1-4ec6-8531-a3d67b1765be"
}

Action is blocked before execution.

Python SDK

Install:

pip install pfc-client

Example usage:

from pfc_client import PFCClient

client = PFCClient(api_key="YOUR_API_KEY")

client.evaluate(
    action="wire_transfer",
    amount=50000
)

View package on PyPI