Cockpit
PREEXEC™ GOVERNANCE COCKPIT · LIVE
0
TOTAL
0
EXECUTE
0
HOLD
0
BLOCK
0
DRIFT
0
UNGROUNDED
SOCIAL
●
HEALTH
🔒Engine Key
locked
Downloads
System Status
Organisation—
Licence—
Engine● ML-Enhanced
Version…
Model—
Providers—
Policies15 · 220 rules
LanguagesEN DE FR ES
Operators—
Evaluations—
Loading health...
Quick Actions
⚙ Detection Layers
Tier-1 Safety
🔒 ON
v2 System
v3 Graph
Custom
Policy
…
Pending Reviews
Loading...
Active Users
Loading...
Recent Audit
Loading...
Quick Scoring
Analytics
0
TOTAL
0
EXECUTE
0
HOLD
0
BLOCK
0
DRIFT
0
UNGROUNDED
SOCIAL
Verdict Distribution
Average Scores
Loading...
ClarityScore Timeline
Policy Breakdown
Loading...
Recent Policy Violations
Loading...
Predictive Governance
Analyzes audit trends: compares first half vs second half of records. Detects rising BLOCK/HOLD rates, score degradation. Risk Score 0–100.
Policy Manager iPolicy Manager
Configure governance policies. Each policy defines: scope, allowed/forbidden content, rule_checks (machine-readable enforcement rules), thresholds, and governance rules. Meta-Policy v2.0 runs before all domain policies. Click a policy button to view details, edit thresholds, or delete custom policies.
Configure governance policies. Each policy defines: scope, allowed/forbidden content, rule_checks (machine-readable enforcement rules), thresholds, and governance rules. Meta-Policy v2.0 runs before all domain policies. Click a policy button to view details, edit thresholds, or delete custom policies.
9 built-in policies · 86 rule_checks · 37 regulatory references
⬡ META-POLICY v2.0
GOVERNANCE ARCHITECTURE · RUNS BEFORE ALL DOMAIN POLICIES
⬡ POLICY ONTOLOGY v3 · GRAPH ENGINE
…
Loading…
Select Policy Domain
GENERAL
All domains
FINANCE
MiFID II · MAR
BANKING
Enterprise Ops
INSURANCE
Solvency II · IDD
MEDICAL
MDR · GDPR Art.9
HEALTH
Wellness
DEFENSE
IHL · NIS2
INFRA
NIS2 · SCADA
LEGAL
Law · IP
MEDIATION
ADR · ICC
PUBLIC
Gov · Admin
HR / RECRUIT
EU AI Act III.4
EDUCATION
EU AI Act III.3
AUDIT
ISO · SOC2
CHAT
Informal
Thresholds — GENERAL
The ClarityScore threshold is the single verdict driver (Decision Spec v1.7): inputs whose ClarityScore = (Syntactic + Semantic + Affective) / 3 falls below it receive HOLD. Policy conformance is handled separately by the Red/Yellow severity model below — not by a threshold. Click Apply & Save to persist.
CLARITYSCORE THRESHOLD (τ_review)
50%
0% permissive100% strict
ClarityScore = (Syntactic + Semantic + Affective) / 3. Inputs below this threshold receive HOLD (ClarityFeedback). This is the single verdict-driving threshold.
POLICY CONFORMANCE — RED / YELLOW (v1.7)
Policy conformance (
spol) is no longer a graded threshold — it is a state with two severities:
🔴 Red (hard) → BLOCK, regardless of ClarityScore. Engine-fixed floor (Tier-1 safety, confirmed injection, mass-harm) plus any customer rule declared
🟡 Yellow (soft) → logged
Per-rule severity is declared in the policy's hard.🟡 Yellow (soft) → logged
policy_flag, never blocks; a stack of ≥ 3 Yellow flags demotes EXECUTE → HOLD (policy Rückfrage).
rule_checks via an ID:hard / ID:soft suffix (edit under Policy → Edit). Rules with no suffix use the engine default: absolute/critical safety rules = Red, all others = Yellow. Live Red/Yellow output appears per evaluation in the Tester panel.
Policy Details — GENERAL
Select a policy to view details
⟳ Policy Autotuning iPolicy Autotuning
Analyzes audit data per policy: EXECUTE/HOLD/BLOCK rates, score distributions, and threshold calibration. Suggests adjustments with explanations. Must be explicitly enabled — changes are logged in Data Lineage.
Analyzes audit data per policy: EXECUTE/HOLD/BLOCK rates, score distributions, and threshold calibration. Suggests adjustments with explanations. Must be explicitly enabled — changes are logged in Data Lineage.
OFF
Enable autotuning to analyze policy performance
⟳ Policy Refactoring Analysis
Click Analyze to check for redundancies, conflicts, and anomalies
⬡ Governance Simulation
Test input for simulation. Results are NOT recorded in the audit chain.
Simulate Score: Score the input with optional threshold overrides — no audit entry. Impact Analysis: Test how threshold changes would affect the last 20 real evaluations for the selected policy.
⚛ AI Generate Policy
uses configured LLM adapter
Describe your industry and use-case in plain language. The generator builds a draft policy by
selecting from PREEXEC's 77 deterministic rule_check IDs. Customer requirements
that map to no deterministic rule are reported under ML-Similarity-only coverage — so you
know upfront what's covered hard versus soft.
Min 20 characters. The more concrete, the better the result.
⬇ Import Competitor Policy
Guardrails · NeMo · Lakera
Convert an existing Guardrails.ai
.rail, NVIDIA NeMo Guardrails .co, or Lakera-config file into a PREEXEC policy. Best-effort parser — review the conversion warnings carefully before saving. See docs/migration-guardrails.md and docs/migration-nemo.md.
⊳ Test Policy with Custom Corpus
OOD-visibility tool
Upload a JSON or JSONL corpus of test prompts and evaluate them against ANY policy
(your custom one or any vendor policy). Returns verdict distribution, latency,
plus catch rate and FP rate if you supply
expected_verdict per item — making out-of-distribution gaps visible
BEFORE you put a policy into production. Max items per run is gated by your tier
(currently …).
Pick the customer policy or vendor policy to evaluate against.
⬆ Drop corpus JSON/JSONL here or click to browse
Format:
[{"id": "p001", "text": "...", "expected_verdict": "BLOCK"|"EXECUTE"|null}] (JSON array)
or one JSON object per line (JSONL). expected_verdict is optional but enables catch/FP metrics.
⚖ Auto-Calibrate Policy Thresholds
grid-search 343 candidates
Upload a labeled corpus (
input_text + expected_verdict) and let the auto-calibrator scan
343 threshold combinations (spol × clarity_threshold × block_threshold) to find the F1- or
accuracy-optimal setting for this policy. Includes rule-gap analysis: surfaces n-grams from
mis-classified prompts as candidates for new rule_check patterns. Requires admin key.
Calibrates existing thresholds in this policy's current live state.
⬆ Drop labeled corpus JSON/JSONL here or click to browse
Format:
[{"input_text": "...", "expected_verdict": "BLOCK"|"HOLD"|"EXECUTE"}].
Min 10, max 500 samples. expected_verdict is required (vs. test corpus, where it's optional).
Upload Custom Policy
⬆ Drop policy JSON here or click to browse
Must follow PREEXEC™ Policy Schema
—
Scoring Tester iScoring Tester
Enter any text and select a policy domain. PREEXEC™ evaluates the input across three clarity dimensions (Syntactic, Semantic, Affective) — with policy conformance as a separate Red/Yellow gate — and returns a ClarityScore with verdict (EXECUTE/HOLD/BLOCK).
Enter any text and select a policy domain. PREEXEC™ evaluates the input across three clarity dimensions (Syntactic, Semantic, Affective) — with policy conformance as a separate Red/Yellow gate — and returns a ClarityScore with verdict (EXECUTE/HOLD/BLOCK).
ClarityScore — PREEXEC™ Governance Engine
Input
Select the governance domain. DPR may auto-detect or stack additional policies based on input content.
The text to evaluate. PREEXEC™ scores it across three clarity dimensions (policy conformance is a separate gate) and returns a verdict (EXECUTE/HOLD/BLOCK) without calling the AI model.
When filled, calls
/api/evaluate/pair with both texts. Verdict can be EXECUTE · HOLD · BLOCK · INTENT_DRIFT · UNGROUNDED_OUTPUT.Tester Console
0
Result
Run scoring to see results
⬡ NODEGRAPH · Module 160
■ NOUN
■ VERB
■ ADJ
■ PROPN
0
NODES
0
EDGES
0
AVG DEG
0
DENSITY
0
CLUSTER
0
COHERENCE
↺ CLARITYFEEDBACK
Multi-Model Arbitration
Advanced Tools
DPR · Policy Detection
Detect relevant policies for an input without scoring. See the policy stack for a decision.
Reproducibility Check
Challenge-response: cosine similarity between original and a rephrase. Score ≥ 0.70 = reproducible.
Audit Chain iAudit Chain
Append-only, cryptographically signed record of every evaluation. Each entry has a SHA-256 hash. The chain is verified via Merkle Tree. Click any row for Expert Analysis with full scoring breakdown. Export as CSV (17 fields) or WORM-compatible JSON.
Append-only, cryptographically signed record of every evaluation. Each entry has a SHA-256 hash. The chain is verified via Merkle Tree. Click any row for Expert Analysis with full scoring breakdown. Export as CSV (17 fields) or WORM-compatible JSON.
Immutable · Tamper-evident · Merkle-verifiable
⬢ Commitment Signing-Key
ECDSA-P256-SHA256
ECDSA signing key for external Merkle-root commitments (V3-B Stufe 2). Rotation creates a new key and archives the current one with full retired-key history — old commitments remain verifiable because the verifier picks the pubkey by per-commitment fingerprint. Recommended rotation cadence: 90 days for production deployments. After rotation, customers who pre-fetched the public key must call
/api/chain/commitments/signing_keys to discover the new fingerprint.
⬇ Auth-Chain Evidence Export
CSV / PDF · Merkle-self-certifying
Exports the unified audit chain's auth events (LOGIN_SUCCESS / LOGIN_FAIL / LOCK / PIN_CHANGED / USER_CREATED / etc.) as either CSV or PDF evidence documents. Each export carries the chain's Merkle-Root + block-count + integrity status as a header — auditor can verify the export against the live chain at any later point.
COMPLIANCE-MAPPED:
DEEP SEARCH
| ID | Time | Source | Policy | Input | Clarity | Syntactic | Semantic | Affective | Policy | Verdict | Operator |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Loading... | |||||||||||
Compliance Summary iCompliance Summary
Aggregated compliance rate per framework (based on audit evaluations). Rate = 1 - violations/total_evals.
Aggregated compliance rate per framework (based on audit evaluations). Rate = 1 - violations/total_evals.
Click Refresh to load compliance KPIs
Compliance Control Mappings
Click Load to display compliance frameworks
Lineage Explorer iData Lineage
Tracks which entity (policy, review, autotuning run) was changed by whom, when, and why. Supports SOC2 change-management + ISO 42001 9.2.
Tracks which entity (policy, review, autotuning run) was changed by whom, when, and why. Supports SOC2 change-management + ISO 42001 9.2.
Click Load to view lineage events
Incidents
DOCUMENTED AUDIT-CHAIN EVENTS · READ-ONLY
⊗ Documented Incidents
Click Refresh to load
⊗ Incident Detail
Select an incident above to view details.
Review Queue iReview Queue
Human-in-the-loop oversight for governance decisions. HOLD and BLOCK verdicts are queued automatically. Reviewers decide: Approve (→ EXECUTE), Reject (→ permanent BLOCK), or Escalate (→ higher authority). All decisions are cryptographically logged in the audit chain.
Human-in-the-loop oversight for governance decisions. HOLD and BLOCK verdicts are queued automatically. Reviewers decide: Approve (→ EXECUTE), Reject (→ permanent BLOCK), or Escalate (→ higher authority). All decisions are cryptographically logged in the audit chain.
EU AI Act Art. 14 · Human Oversight Requirement
▸ WORKFLOW REFERENCE
WORKFLOW
HOLD → Review → Approve / Reject / Escalate
APPROVE
→ EXECUTE
REJECT
→ Permanent BLOCK
ESCALATE
→ Higher authority
Loading...
Governance v4
Calibration Bundles iCalibration Bundles
Content-addressed (sha256) snapshots of all policy thresholds, rule_checks, weights, and engine constants. Immutable. Required for TS-4.2 Determinism and replay reproducibility.
Content-addressed (sha256) snapshots of all policy thresholds, rule_checks, weights, and engine constants. Immutable. Required for TS-4.2 Determinism and replay reproducibility.
Active calibration_id:
—
All bundles:
Clarity Ontology iClarity Ontology
5 Kernknoten + 4 Relationen. Each rule is mapped to 1-2 core nodes. Activations contribute to Ontological.
5 Kernknoten + 4 Relationen. Each rule is mapped to 1-2 core nodes. Activations contribute to Ontological.
Activation statistics (last 1000 evals):
Rule → Core-Node mapping:
VersModul · Trend & Effectiveness iVersModul Trend
Shows how often each UI-component type triggered a verse, and the average Response Clarity (clarity improvement) of user responses. "Significant" = Response Clarity > 0.3.
Shows how often each UI-component type triggered a verse, and the average Response Clarity (clarity improvement) of user responses. "Significant" = Response Clarity > 0.3.
Loading...
VersModul · Verse Library iVersModul
Reflection interface. When a HOLD verdict has a dominant underspecification component, a verse prompts the operator to clarify. User response is re-scored.
Reflection interface. When a HOLD verdict has a dominant underspecification component, a verse prompts the operator to clarify. User response is re-scored.
Governance Knowledge Graph
Click Load to analyze the governance graph
▸ SVG NODE GRAPH
Governance Roles & Permissions iRBAC/ABAC Matrix
Per-role governance attributes (threshold modifier, policy-override, HOLD-bypass, risk weight) + granular permissions list. Read-only — edit via config file.
Per-role governance attributes (threshold modifier, policy-override, HOLD-bypass, risk weight) + granular permissions list. Read-only — edit via config file.
Click Load to render the role matrix
Operator Register
EMPLOYEE GOVERNANCE MANAGEMENT
0
TOTAL OPERATORS
0
ACTIVE
0
SUSPENDED
0
OFFBOARDED
0
DEPARTMENTS
User Management
Manage users, roles, and permissions. Click a user to view their full profile with activity stats, risk score, and session history. Configure SMTP in System Config to enable email notifications for BLOCK events, account lockouts, and alerts.
Registered Users
Loading...
User Profile
Click a user to view profile
RBAC Permission Matrix
Click ⟳ to load
Governance
Click ⟳ to load
Live Sessions
Click ⟳ to load
Auth Event Log
Loading…
Session Log
System Configuration
Organisation Profile
Company Identity
Industry & Regulation
Address
Contacts & Officers
Corporate & Board
IT & Security
AI Governance (EU AI Act)
Audit & Certifications
Communication & Scope
Licence
Status● VALID
Organisation—
TypeOn-Premise
Expires—
AlgorithmECDSA P-256
Scoring Mode—
ACTIVATE LICENCE KEY
The licence key is stored securely at
/app/data/licence.key and persists across restarts.
In demo mode all features are available. Contact licence@noetik.co.uk to obtain an enterprise key. Keys are validated using ECDSA P-256 cryptographic signatures.
Model Integration
The provider's API endpoint. Auto-filled when selecting a provider above.
Your API key or token. Stored securely. Not required for local providers (Ollama, LM Studio).
Select from known models or type a custom model ID. The model is called only for EXECUTE verdicts in the Governed Chat.
Maximum wait time for model response. Increase for slow models or high-latency connections.
Gateway Enabled
When enabled, EXECUTE-verdict inputs in Governed Chat are forwarded to the model. When disabled, PREEXEC™ still scores inputs but does not call the model.
API Key Management
Click Refresh to load API keys
Branding
No logo
Max 512 KB. PNG, SVG, or JPEG. Displayed next to the PREEXEC™ logo in the header.
Displayed next to the logo in the header.
Changes button, link, and chart accent colors globally. Default: #1d4ed8.
Required for branding changes. Click Auto-fill to retrieve it from the server (ADMIN login required).
Dashboard Layout
Visible Tabs
Uncheck to hide tabs from the sidebar. Overview is always visible.
Sidebar Default
Default Policy (Tester)
⬡ enforce_only — Release Acceptance (6 Gates)
Click Reload to load gate status.
Sign-off (admin-key required):
Body:
POST /api/admin/eo-acceptance/sign-offBody:
{"gate":"EO-1","status":"pass","signed_by":"M.J. Farrell","reason":"T23 corpus 100% catch"}
⬡ Self-Monitoring Diagnostics iSelf-Monitoring
Deep health check of 8 subsystems: Database, ML Models, spaCy, Policy Engine, Audit Chain, Model Adapter, Filesystem, Licence. Reports HEALTHY or DEGRADED with per-component details.
Deep health check of 8 subsystems: Database, ML Models, spaCy, Policy Engine, Audit Chain, Model Adapter, Filesystem, Licence. Reports HEALTHY or DEGRADED with per-component details.
Click Run to check all subsystems
Agent Monitoring · File Integrity
Click Verify to check file integrity against startup baseline
Model Registry
Click Load to display registered models
Observability & Metrics
Click Load to display system metrics
Prometheus: http://localhost:8000/metrics (scrape-ready)
Integrations
Webhooks
SMTP (E-Mail)
ClarityFeedback Configuration
Max iterations:
Dimensions
Guidance Strings
Target Systems
Click ⟳ to load targets
Admin Key (required for cards below)
The admin key is required for OIDC, SIEM, PII, Delegations, Roles, Audit-Retention loaders + the Detection-Layer Cockpit toggles (PUT operations).
Click Test & Save to validate against the engine and persist in sessionStorage (survives page-refresh, cleared on browser-close).
Status: empty
OIDC / SAML Single Sign-On
OIDC Discovery + PKCE-S256 + JWKS validation. JIT-Provisioning via email claim. Saving validates the issuer with a discovery probe.
Click "Load" with admin key to fetch current config.
API endpoints
GET
/api/auth/oidc/status — public toggle for login UIGET
/api/admin/oidc — read config (admin-key)PUT
/api/admin/oidc — upsert config + discovery probeGET
/api/auth/oidc/login — initiate flow → IdPGET
/api/auth/oidc/callback — JIT-provision + sessionSIEM Forwarders (Splunk · Sentinel · Elastic)
Native formatters: Splunk HEC (Authorization: Splunk <token>), Azure Sentinel (HTTP Data Collector with HMAC-SHA256), Elastic ECS (ApiKey-auth). Non-blocking thread fan-out, 1s/4s/16s retry.
Click "Load" with admin key to list configured forwarders.
API endpoints
GET
/api/admin/siem — list providersPOST
/api/admin/siem — add (type: splunk|sentinel|elastic)PUT
/api/admin/siem/{id} — update (secret-preserve)DEL
/api/admin/siem/{id}POST
/api/admin/siem/{id}/test — synthetic event firePII Redaction (audit chain)
8 regex categories: email, IBAN, credit_card, SSN, German Personalausweis, Steuer-ID, IPv4/v6, phone. Applied before audit chain write — sanitised text only. Env override:
PREEXEC_REDACT_PII=yes (forces enabled regardless of this config).
Click "Load" with admin key to see current categories + status.
API endpoints
GET
/api/admin/pii — current config + available categoriesPUT
/api/admin/pii — enable + categories listPOST
/api/admin/pii/preview — sample redaction testAudit Retention & Rotation
Live chain rotation (size:
PREEXEC_AUDIT_ROTATE_MB=100, age: PREEXEC_AUDIT_ROTATE_DAYS=0/disabled). Retention default 10 years (PREEXEC_AUDIT_RETENTION_DAYS=3650). Hard-delete only via explicit API call.
API endpoints
GET
/api/admin/audit/segments — list rotated segments + Merkle rootsPOST
/api/admin/audit/rotate — manual rotation triggerGET
/api/admin/retention/preview — dry-run expired listPOST
/api/admin/retention/run — hard-delete expiredPOST
/api/admin/key/rotate — admin-key rotation (ADMIN session required)GET
/api/admin/sla/overdue — overdue ESCALATED itemsPOST
/api/admin/sla/run — fire SLA remindersReview Delegations (Vacation-Cover)
Auto-route review assignments during operator absence. When PUT /api/review/{id}/assign targets a user with active delegation window, assignment redirects to delegatee. History preserved for audit.
Click "Load" with admin key to list active + scheduled delegations.
API endpoints
GET
/api/delegations — list (filter: user, active_only)POST
/api/delegations — create (from_user, to_user, start_at, end_at)DEL
/api/delegations/{id} — immediate endGET
/api/delegations/resolve/{user_id} — diagnosticCustom Roles & Permissions
6 built-in roles seeded (OPERATOR, REVIEWER, GOVERNANCE, COMPLIANCE, ADMIN, SYSTEM). Admins can create custom roles with description + policy_scope (allowlist of policies the role may evaluate).
Click "Load" with admin key to see all roles + permissions.
API endpoints
GET
/api/admin/roles — list with permissionsPOST
/api/admin/roles — create custom rolePUT
/api/admin/roles/{name} — update description/scope/permsDEL
/api/admin/roles/{name} — built-in protected, in-use blockedPolicies — Version History
Per-policy revision trail. Every save snapshots previous row with hash + author + notes — auditor can replay any historical evaluation against the policy state at decision time.
Select a policy from the dropdown to see its version history.
API endpoints
GET
/api/policies/{name}/versions — version historyGET
/api/policies/{name}/versions/{version} — full data at versionPOST
/api/policies/{name}/versions/{version}/restore — restore as new HEAD⚙ Detection Layers — Cockpit
Detection pipeline control. Tier-1 (Universal Safety) is not disablable — product guarantee. v2 / v3 / Custom-Policies are individually toggleable; Custom-Policies have additional per-policy granularity. Every toggle generates an audit event in the hash chain (LAYER_CONFIG_CHANGED).
Tier-1 Safety
always-on
6 categories × 4 languages — Layer 1 (Hardblock) + 1b (Protocol v9 operators) + 2 (Multilingual toxicity) + Mass-Harm Regex.
Component of product guarantee (GDPR Art. 22, EU AI Act Art. 5). Not disablable.
Component of product guarantee (GDPR Art. 22, EU AI Act Art. 5). Not disablable.
🔒 ON
v2 System-Policy
…
…
Regex-based, deterministic. Layer 1.5 (hard_block) + 1.9 (advisory). EU AI Act Art. 5 + IASR 2026.
Regex-based, deterministic. Layer 1.5 (hard_block) + 1.9 (advisory). EU AI Act Art. 5 + IASR 2026.
v3 Graph-Engine
…
…
typed Ontology, Subgraph-Matcher. Generalises beyond pattern boundaries. Recommended active.
typed Ontology, Subgraph-Matcher. Generalises beyond pattern boundaries. Recommended active.
Custom Policies
…
…
Per-policy rule_checks (Layer 3) + forbidden_patterns (Layer 4) + ML semantic forbidden/risk_zones (Layer 5). Customer compliance definitions. ▸ Expand per-policy list
Per-policy rule_checks (Layer 3) + forbidden_patterns (Layer 4) + ML semantic forbidden/risk_zones (Layer 5). Customer compliance definitions. ▸ Expand per-policy list
Policy Selection
…
…
multi: PREEXEC auto-detects the domain and stacks policies (DPR). strict: only the pinned policy is used — no auto-route, no stacking. Tier-1 universal safety stays on in both modes.
multi: PREEXEC auto-detects the domain and stacks policies (DPR). strict: only the pinned policy is used — no auto-route, no stacking. Tier-1 universal safety stays on in both modes.
ACTIVE DETECTION PIPELINE
…
API Reference (92 Endpoints)
| Method | Endpoint | Description |
|---|---|---|
| Core Scoring | ||
| POST | /api/evaluate | ClarityScore evaluation with policy detection, explainability, diagnostics |
| POST | /api/chat | Governed AI gateway (score + forward to model) |
| POST | /v1/chat/completions | OpenAI-compatible proxy with governance |
| GET | /v1/models | OpenAI-compatible models list |
| POST | /api/proxy | Transparent middleware proxy |
| POST | /api/reproducibility | S5 reproducibility challenge-response |
| Intelligence | ||
| POST | /api/training/explain | Training Mode: human-readable verdict explanation |
| POST | /api/justify | Decision Justification (rule-based + AI-enhanced) |
| POST | /api/debug/score | Developer Mode: full pipeline debug output |
| POST | /api/assistant | PREEXEC™ Assistant: LLM-powered governance expert |
| POST | /api/simulate/score | Simulate scoring without audit entry |
| POST | /api/simulate/policy-change | Impact analysis of threshold changes |
| Policies | ||
| GET | /api/policies | List all policies |
| GET | /api/policies/db | List custom (DB) policies |
| GET | /api/policies/{name} | Read single policy |
| POST | /api/policies/save | Create/save custom policy |
| PUT | /api/policies/{name} | Update policy |
| DELETE | /api/policies/{name} | Delete custom policy |
| GET | /api/meta-policy | Meta-Policy v2.0 definition |
| POST | /api/dpr/detect | DPR: auto-detect relevant policies |
| POST | /api/dpr/stack | DPR: show policy stack |
| GET | /api/autotuning/status | Autotuning on/off status |
| POST | /api/autotuning/toggle | Enable/disable autotuning |
| GET | /api/autotuning/analyze | Analyze all policies |
| GET | /api/autotuning/analyze/{name} | Analyze specific policy |
| POST | /api/autotuning/apply/{name} | Apply threshold suggestions |
| GET | /api/refactoring/analyze | Policy refactoring analysis |
| Audit & Compliance | ||
| GET | /api/audit | Audit chain records |
| GET | /api/audit/integrity | Merkle tree verification |
| GET | /api/audit/export | WORM-compatible export |
| GET | /api/stats | Aggregate statistics |
| GET | /api/lineage | Data lineage events |
| GET | /api/lineage/entities | Lineage entity types |
| GET | /api/compliance/mappings | All compliance framework mappings |
| GET | /api/compliance/mappings/{fw} | Single framework controls |
| POST | /api/compliance/report | Generate compliance report |
| GET | /api/compliance/summary | Compliance summary all frameworks |
| GET | /api/predictive/trends | Governance trend analysis |
| Review | ||
| GET | /api/review | Review queue items |
| POST | /api/review | Add to review queue |
| PUT | /api/review/{id} | Decide review (approve/reject/escalate) |
| POST | /api/review/bulk | Bulk approve/reject/escalate |
| DELETE | /api/review/purge | Purge all decided items |
| DELETE | /api/review/{id} | Remove review item |
| Users & Auth | ||
| POST | /api/auth/login | Authenticate user |
| POST | /api/auth/validate | Validate session token |
| POST | /api/auth/logout | End session |
| GET | /api/users | List all users |
| POST | /api/users | Create user |
| PUT | /api/users/{id} | Update user |
| DELETE | /api/users/{id} | Deactivate user |
| GET | /api/users/{id}/risk | User risk score |
| GET | /api/users/{id}/analytics | User analytics |
| GET | /api/users/{id}/anomalies | User anomaly detection |
| GET | /api/users/governance | All users governance overview |
| GET | /api/sessions/live | Active sessions |
| DELETE | /api/sessions/{token} | Terminate session |
| GET | /api/session/{id} | Session records |
| Governance & RBAC | ||
| GET | /api/governance/permissions | RBAC permission matrix |
| GET | /api/governance/permissions/{role} | Role permissions |
| POST | /api/governance/check | Check permission |
| GET | /api/governance/roles | Role profiles |
| Knowledge Graph | ||
| GET | /api/knowledge-graph | Build governance graph |
| GET | /api/knowledge-graph/query | Query by node type/relation |
| POST | /api/knowledge-graph/search | Natural language graph search |
| GET | /api/knowledge-graph/risk-propagation | Risk propagation analysis |
| Models | ||
| GET | /api/models | Model health check |
| GET | /api/models/config | Current model config |
| PUT | /api/models/config | Update model config |
| POST | /api/models/test | Test model connection |
| GET | /api/models/providers | List 22 providers + models |
| GET | /api/models/adapters | Adapter types |
| GET | /api/models/registry | Model registry |
| POST | /api/models/registry | Register model |
| PUT | /api/models/registry/{id} | Update model status |
| POST | /api/arbitrate | Multi-model arbitration |
| System | ||
| GET | /healthz | System health check |
| GET | /metrics | Prometheus metrics |
| GET | /api/metrics | JSON metrics |
| GET | /api/diagnostics | Self-monitoring diagnostics |
| GET | /api/licence | Licence info |
| POST | /api/licence | Activate licence key |
| GET | /api/agent/integrity | File integrity check |
| GET | /api/agent/checksums | Current file checksums |
| GET | /api/agent/baseline | Startup baseline checksums |
| GET | /api/feedback/config | ClarityFeedback config |
| PUT | /api/feedback/config | Update feedback config |
| GET | /api/webhooks/config | Webhook configuration |
| PUT | /api/webhooks/config | Update webhook config |
| POST | /api/webhooks/test | Send test webhook |
| GET | /eula | EULA text (v2.0) |
| GET | /legal | Legal notices (Impressum, Privacy, AI Act, OSS) |
Integrations
External system connectivity · LLM providers · SIEM · webhooks · observability
Settings
Personalisation · branding · dashboard layout
⬢ Tenants — Multi-Tenant Administration
Each tenant is fully isolated — separate users, policies, audit chain, branding. Postgres deployments enforce isolation via RLS; SQLite uses app-side filtering. The currently active tenant is shown in the sidebar footer. Switch tenants below; the choice is stored in this browser session and sent as
X-Tenant-ID on every request. See docs/multi-tenant-architecture.md.
ACTIVE TENANT
…
TENANTS REGISTERED
…
RESOLUTION SOURCE
…
| Tenant | Users | Policies | Audit Records | Audit-Chain Size | Last Eval | Action |
|---|---|---|---|---|---|---|
| Click ⟳ Refresh to load tenant stats | ||||||