console/Enterprise governance
⌘K
AC

Security posture

● all controls passing
Encryption at rest
AES-256 · KMS-managed
Encryption in transit
TLS 1.3 · mTLS internal
BYOK
AWS KMS · GCP KMS
SSO enforced
SAML · SCIM · 4 IdPs
IP allowlist
12 CIDR ranges
Audit log streaming
Splunk · Datadog
// enterprise_governance · live

Permissions, audit, compliance, deploys, teams & approvals

The control surface auditors actually want: who can do what, what they did, what was compliant, what shipped, and what still needs sign-off — all from one plane.

Roleagentsworkflowsmodelspromptsintegrationssecrets
admin
operator
developer
viewer
legend:·noneRreadWwriteAapprove// click cell to cycle
// policies · 6
prod-model-promote
models · env=prod
require-approval
promote.requires_approvers(2) AND signer.verified
ali.k3d ago
secrets-readonly-dev
secrets · env=dev
deny
role IN (developer, viewer)
platform-team1w ago
pii-redaction
*.prompts.inbound
allow
contains(pii) → redact(strict)
sec.guardrail5h ago
budget-cap-team
spend · team=*
require-approval
spend.daily > cap.daily * 0.95
finops2d ago
model-allowlist-eu
models · region=eu
allow
model IN allowlist.eu
compliance6h ago
deploy-prod-window
deploys · env=prod
require-approval
now() IN window(Mon–Thu, 09:00–16:00 UTC)
platform-team11d ago