Security posture
● all controls passingEncryption at rest
AES-256 · KMS-managed
Encryption in transit
TLS 1.3 · mTLS internal
BYOK
AWS KMS · GCP KMS
SSO enforced
SAML · SCIM · 4 IdPs
IP allowlist
12 CIDR ranges
Audit log streaming
Splunk · Datadog
// enterprise_governance · live
Permissions, audit, compliance, deploys, teams & approvals
The control surface auditors actually want: who can do what, what they did, what was compliant, what shipped, and what still needs sign-off — all from one plane.
| Role | agents | workflows | models | prompts | integrations | secrets |
|---|---|---|---|---|---|---|
| admin | ||||||
| operator | ||||||
| developer | ||||||
| viewer |
legend:·noneRreadWwriteAapprove// click cell to cycle
// policies · 6
prod-model-promote
models · env=prod
promote.requires_approvers(2) AND signer.verified
ali.k3d ago
secrets-readonly-dev
secrets · env=dev
role IN (developer, viewer)
platform-team1w ago
pii-redaction
*.prompts.inbound
contains(pii) → redact(strict)
sec.guardrail5h ago
budget-cap-team
spend · team=*
spend.daily > cap.daily * 0.95
finops2d ago
model-allowlist-eu
models · region=eu
model IN allowlist.eu
compliance6h ago
deploy-prod-window
deploys · env=prod
now() IN window(Mon–Thu, 09:00–16:00 UTC)
platform-team11d ago