Security & Governance

Enterprise-safe by design

Security is architectural — fail-closed defaults, deterministic execution, and complete traceability across tenants, agents, and data access.

Security philosophy

  • Fail-closed when policy or validation is ambiguous
  • Deterministic, reproducible request handling
  • Governed execution — no hidden prompt paths
  • Full auditability for compliance and incident response

Enterprise controls

Multi-tenant isolation

Strict tenant boundaries across sessions, configuration, retrieval, and data execution.

RBAC

Role-based access for admin, agent management, and conversation inspection.

Immutable lifecycle

Live agent versions are immutable; changes flow through draft and candidate with audit events.

OIDC & IdP MFA

Enterprise identity via OIDC; MFA enforced through your identity provider.

Data governance

Link executes read-only, allow-listed queries with tenant isolation. No ad-hoc SQL, no write paths, and no model-driven data access decisions.

Auditability

Lifecycle logging, LLM call audit records, context expansion payloads, and admin visibility into assembled context per assistant message.

Request Evaluation →