A Compass agent run moves through four explicit states — Reading workspace, Attaching citations, Waiting for review, and Accept proposal — each visible, every claim cited to its source, nothing final without a human decision.
The Four Run States
Every interaction with a Compass agent follows the same sequence inside a compliance harness — guardrails that catch hallucinations, block fabrication, and enforce grounding in the user's own documents.
| State | What happens | Human role |
|---|---|---|
| Reading workspace | The agent surveys documents, evidence files, grids (risk registers, evidence trackers, SoA), and pre-loaded framework knowledge | None — automatic |
| Attaching citations | The agent drafts the requested artifact and links every claim to its source — document title, evidence ID, or control number | None — automatic |
| Waiting for review | Proposed changes appear as pending entries, each citation checkable | Review, edit, or reject |
| Accept proposal | Approved changes are written to the artifact and logged | Accept or reject per change |
The sequence is not skippable. The agent never moves from drafting to approval without a human decision in between.
What a Citation Carries
When the agent proposes a policy, fills a questionnaire answer, or drafts a control narrative, every substantive claim carries a visible reference. A citation may point to:
- A document in the workspace — a policy PDF, an evidence folder, a previous audit memo
- An evidence ID linked to a specific control
- A control number from a pre-loaded framework — SOC 2 CC6.1, ISO 27001 A.9, NIST CSF ID.AM
If the agent finds no source to support a required answer, it marks that answer as "Not Provided / no source found" rather than inventing a plausible-sounding one. The gap stays visible in the proposal. This is the most testable difference between a compliance harness and a general chatbot: a chatbot guesses; Compass shows you the hole.
What "Accept Proposal" Actually Commits
Accepting a proposal writes the change into the artifact — a control narrative enters the policy document, a questionnaire answer is recorded in the answer library grid, a risk treatment appears in the risk register.
What it does not do:
- It does not deploy the change to any external system. Compass is local-first; there is no cloud endpoint that auto-syncs accepted changes to a shared dashboard, a ticketing system, or an auditor portal.
- It does not send the output to anyone. Export is a separate, manual action — MD, HTML, CSV, DOCX, PDF, XLSX.
- It does not bypass future review. Every new run starts fresh. Accepted changes become part of the workspace record, but the next proposal still goes through the same four-state sequence.
The Operation Log — What Is Left Behind
Every agent run produces an immutable operation log that records:
- What the agent read: which documents, evidence IDs, and controls were consulted
- What the agent wrote: the text of every proposed change
- What the human decided: which proposals were accepted and which rejected
- A timestamp and run ID for every event
The log is not editable by the user or the agent. It is the chain of custody from instruction to published artifact. An auditor can review it to see exactly what evidence was consulted, what was proposed, and what was accepted — no need to trust a claim that "the AI did it correctly."
Before and After: How the Review Changes
Before an agent run, reviewing a draft meant reading for plausibility — does this control sound right? Does this date match our records? The reviewer reconstructed the source behind every statement mentally.
After an agent run, the reviewer gets a proposal where every claim is already linked to its source. Review shifts from source archaeology to judgment: given this evidence, is this the right answer? Gaps surface as "Not Provided" markers instead of hiding behind fluent text.
The difference is small in a five-question review and significant in a two-hundred-question security questionnaire or a sixty-framework control mapping.
Compass by Truvara
Every Compass agent run produces a cited proposal, waits for human review, and leaves an uneditable log of what was read, written, and decided. The run does not act on accepted changes outside the workspace — your output is yours to export, share, and defend. The agent is not infallible; the design is that every mistake is catchable because every claim is traceable. Compass by Truvara is in preview — join the waitlist.
FAQ
What happens if the agent cannot find evidence for a control?
The agent answers "Not Provided / no source found" and moves on. The gap stays visible in the proposal. You can add your own evidence and re-run, or answer manually. The agent does not fill gaps with plausible text. See the section on citations for how this behavior differs from general chatbots.
Can I accept some changes and reject others in the same run?
Yes. Each pending change is reviewed individually. You can approve one questionnaire answer and reject another, or accept a policy change while sending a control narrative back for revision.
Does the operation log survive export?
The log stays with the workspace. Exported files (MD, HTML, DOCX, PDF) contain the artifact content plus citation references but are not themselves the chain-of-custody record. The full log — including rejected proposals and evidence-read events — lives in the workspace SQLite database and can be reviewed there.
Can the operation log be tampered with?
The log is stored in the local workspace database and is not editable through the Compass UI. Because Compass is local-first, physical access to the machine is the boundary condition. Truvara is building toward a signed artifact format that would make tampering detectable across transfers, but the current local log already prevents accidental or UI-based editing.