EMPLOYEE PORTAL 00:00:00 TIER: … GENERAL
Cockpit
PREEXEC™ GOVERNANCE COCKPIT · LIVE
0
TOTAL
0
EXECUTE
0
HOLD
0
BLOCK
0
DRIFT
0
UNGROUNDED
0
SOCIAL
HEALTH
🔒Engine Key
locked
Downloads
System Status
Organisation
Licence
Engine● ML-Enhanced
Version
Model
Providers
Policies15 · 220 rules
LanguagesEN DE FR ES
Operators
Evaluations
Loading health...
Quick Actions
⚙ Detection Layers
Tier-1 Safety 🔒 ON
v2 System
v3 Graph
Custom
Policy
Pending Reviews
Loading...
Active Users
Loading...
Recent Audit
Loading...
Quick Scoring
Analytics
0
TOTAL
0
EXECUTE
0
HOLD
0
BLOCK
0
DRIFT
0
UNGROUNDED
0
SOCIAL
Verdict Distribution
Average Scores
Loading...
ClarityScore Timeline
Policy Breakdown
Loading...
Recent Policy Violations
Loading...
Predictive Governance
Analyzes audit trends: compares first half vs second half of records. Detects rising BLOCK/HOLD rates, score degradation. Risk Score 0–100.
Policy Manager iPolicy Manager
Configure governance policies. Each policy defines: scope, allowed/forbidden content, rule_checks (machine-readable enforcement rules), thresholds, and governance rules. Meta-Policy v2.0 runs before all domain policies. Click a policy button to view details, edit thresholds, or delete custom policies.
9 built-in policies · 86 rule_checks · 37 regulatory references
⬡ META-POLICY v2.0
GOVERNANCE ARCHITECTURE · RUNS BEFORE ALL DOMAIN POLICIES
▼ expand
ENFORCEMENT TIERS
TIER 1 — BLOCK
TIER 2 — HOLD
TIER 3 — FLAG
None
FOUNDATIONAL FRAMEWORKS & REFERENCES
⬡ POLICY ONTOLOGY v3 · GRAPH ENGINE
checksum …
Loading…
Select Policy Domain
GENERAL
All domains
FINANCE
MiFID II · MAR
BANKING
Enterprise Ops
INSURANCE
Solvency II · IDD
MEDICAL
MDR · GDPR Art.9
HEALTH
Wellness
DEFENSE
IHL · NIS2
INFRA
NIS2 · SCADA
LEGAL
Law · IP
MEDIATION
ADR · ICC
PUBLIC
Gov · Admin
HR / RECRUIT
EU AI Act III.4
EDUCATION
EU AI Act III.3
AUDIT
ISO · SOC2
CHAT
Informal
Thresholds — GENERAL
The ClarityScore threshold is the single verdict driver (Decision Spec v1.7): inputs whose ClarityScore = (Syntactic + Semantic + Affective) / 3 falls below it receive HOLD. Policy conformance is handled separately by the Red/Yellow severity model below — not by a threshold. Click Apply & Save to persist.
CLARITYSCORE THRESHOLD (τ_review) 50%
0% permissive100% strict
ClarityScore = (Syntactic + Semantic + Affective) / 3. Inputs below this threshold receive HOLD (ClarityFeedback). This is the single verdict-driving threshold.
POLICY CONFORMANCE — RED / YELLOW (v1.7)
Policy conformance (spol) is no longer a graded threshold — it is a state with two severities:
🔴 Red (hard)BLOCK, regardless of ClarityScore. Engine-fixed floor (Tier-1 safety, confirmed injection, mass-harm) plus any customer rule declared hard.
🟡 Yellow (soft) → logged policy_flag, never blocks; a stack of ≥ 3 Yellow flags demotes EXECUTE → HOLD (policy Rückfrage).
Per-rule severity is declared in the policy's rule_checks via an ID:hard / ID:soft suffix (edit under Policy → Edit). Rules with no suffix use the engine default: absolute/critical safety rules = Red, all others = Yellow. Live Red/Yellow output appears per evaluation in the Tester panel.
Policy Details — GENERAL
Select a policy to view details
⟳ Policy Autotuning iPolicy Autotuning
Analyzes audit data per policy: EXECUTE/HOLD/BLOCK rates, score distributions, and threshold calibration. Suggests adjustments with explanations. Must be explicitly enabled — changes are logged in Data Lineage.
OFF
Enable autotuning to analyze policy performance
⟳ Policy Refactoring Analysis
Click Analyze to check for redundancies, conflicts, and anomalies
⬡ Governance Simulation
Test input for simulation. Results are NOT recorded in the audit chain.
Simulate Score: Score the input with optional threshold overrides — no audit entry. Impact Analysis: Test how threshold changes would affect the last 20 real evaluations for the selected policy.
⚛ AI Generate Policy
uses configured LLM adapter
Describe your industry and use-case in plain language. The generator builds a draft policy by selecting from PREEXEC's 77 deterministic rule_check IDs. Customer requirements that map to no deterministic rule are reported under ML-Similarity-only coverage — so you know upfront what's covered hard versus soft.
Min 20 characters. The more concrete, the better the result.
⬇ Import Competitor Policy
Guardrails · NeMo · Lakera
Convert an existing Guardrails.ai .rail, NVIDIA NeMo Guardrails .co, or Lakera-config file into a PREEXEC policy. Best-effort parser — review the conversion warnings carefully before saving. See docs/migration-guardrails.md and docs/migration-nemo.md.
⊳ Test Policy with Custom Corpus
OOD-visibility tool
Upload a JSON or JSONL corpus of test prompts and evaluate them against ANY policy (your custom one or any vendor policy). Returns verdict distribution, latency, plus catch rate and FP rate if you supply expected_verdict per item — making out-of-distribution gaps visible BEFORE you put a policy into production. Max items per run is gated by your tier (currently ).
Pick the customer policy or vendor policy to evaluate against.
⬆ Drop corpus JSON/JSONL here or click to browse
Format: [{"id": "p001", "text": "...", "expected_verdict": "BLOCK"|"EXECUTE"|null}] (JSON array) or one JSON object per line (JSONL). expected_verdict is optional but enables catch/FP metrics.
⚖ Auto-Calibrate Policy Thresholds
grid-search 343 candidates
Upload a labeled corpus (input_text + expected_verdict) and let the auto-calibrator scan 343 threshold combinations (spol × clarity_threshold × block_threshold) to find the F1- or accuracy-optimal setting for this policy. Includes rule-gap analysis: surfaces n-grams from mis-classified prompts as candidates for new rule_check patterns. Requires admin key.
Calibrates existing thresholds in this policy's current live state.
⬆ Drop labeled corpus JSON/JSONL here or click to browse
Format: [{"input_text": "...", "expected_verdict": "BLOCK"|"HOLD"|"EXECUTE"}]. Min 10, max 500 samples. expected_verdict is required (vs. test corpus, where it's optional).
Upload Custom Policy
⬆ Drop policy JSON here or click to browse
Must follow PREEXEC™ Policy Schema

          
Scoring Tester iScoring Tester
Enter any text and select a policy domain. PREEXEC™ evaluates the input across three clarity dimensions (Syntactic, Semantic, Affective) — with policy conformance as a separate Red/Yellow gate — and returns a ClarityScore with verdict (EXECUTE/HOLD/BLOCK).
ClarityScore — PREEXEC™ Governance Engine
Input
Select the governance domain. DPR may auto-detect or stack additional policies based on input content.
The text to evaluate. PREEXEC™ scores it across three clarity dimensions (policy conformance is a separate gate) and returns a verdict (EXECUTE/HOLD/BLOCK) without calling the AI model.
When filled, calls /api/evaluate/pair with both texts. Verdict can be EXECUTE · HOLD · BLOCK · INTENT_DRIFT · UNGROUNDED_OUTPUT.
Tester Console
0
Result
Run scoring to see results
⬡ NODEGRAPH · Module 160
■ NOUN ■ VERB ■ ADJ ■ PROPN
0
NODES
0
EDGES
0
AVG DEG
0
DENSITY
0
CLUSTER
0
COHERENCE
↺ CLARITYFEEDBACK
Multi-Model Arbitration
Advanced Tools
DPR · Policy Detection
Detect relevant policies for an input without scoring. See the policy stack for a decision.
Reproducibility Check
Challenge-response: cosine similarity between original and a rephrase. Score ≥ 0.70 = reproducible.
Audit Chain iAudit Chain
Append-only, cryptographically signed record of every evaluation. Each entry has a SHA-256 hash. The chain is verified via Merkle Tree. Click any row for Expert Analysis with full scoring breakdown. Export as CSV (17 fields) or WORM-compatible JSON.
Immutable · Tamper-evident · Merkle-verifiable
⬢ Commitment Signing-Key
ECDSA-P256-SHA256
ECDSA signing key for external Merkle-root commitments (V3-B Stufe 2). Rotation creates a new key and archives the current one with full retired-key history — old commitments remain verifiable because the verifier picks the pubkey by per-commitment fingerprint. Recommended rotation cadence: 90 days for production deployments. After rotation, customers who pre-fetched the public key must call /api/chain/commitments/signing_keys to discover the new fingerprint.
⬇ Auth-Chain Evidence Export
CSV / PDF · Merkle-self-certifying
Exports the unified audit chain's auth events (LOGIN_SUCCESS / LOGIN_FAIL / LOCK / PIN_CHANGED / USER_CREATED / etc.) as either CSV or PDF evidence documents. Each export carries the chain's Merkle-Root + block-count + integrity status as a header — auditor can verify the export against the live chain at any later point.
COMPLIANCE-MAPPED:
DEEP SEARCH
ID Time Source Policy Input Clarity Syntactic Semantic Affective Policy Verdict Operator
Loading...
Compliance Summary iCompliance Summary
Aggregated compliance rate per framework (based on audit evaluations). Rate = 1 - violations/total_evals.
Click Refresh to load compliance KPIs
Compliance Control Mappings
Click Load to display compliance frameworks
Lineage Explorer iData Lineage
Tracks which entity (policy, review, autotuning run) was changed by whom, when, and why. Supports SOC2 change-management + ISO 42001 9.2.
Click Load to view lineage events
Incidents
DOCUMENTED AUDIT-CHAIN EVENTS · READ-ONLY
⊗ Documented Incidents
Click Refresh to load
⊗ Incident Detail
Select an incident above to view details.
Review Queue iReview Queue
Human-in-the-loop oversight for governance decisions. HOLD and BLOCK verdicts are queued automatically. Reviewers decide: Approve (→ EXECUTE), Reject (→ permanent BLOCK), or Escalate (→ higher authority). All decisions are cryptographically logged in the audit chain.
EU AI Act Art. 14 · Human Oversight Requirement
▸ WORKFLOW REFERENCE
WORKFLOW
HOLD → Review → Approve / Reject / Escalate
APPROVE
→ EXECUTE
REJECT
→ Permanent BLOCK
ESCALATE
→ Higher authority
Loading...
Governance v4
Calibration Bundles iCalibration Bundles
Content-addressed (sha256) snapshots of all policy thresholds, rule_checks, weights, and engine constants. Immutable. Required for TS-4.2 Determinism and replay reproducibility.
Active calibration_id:
All bundles:
Clarity Ontology iClarity Ontology
5 Kernknoten + 4 Relationen. Each rule is mapped to 1-2 core nodes. Activations contribute to Ontological.
Activation statistics (last 1000 evals):
Rule → Core-Node mapping:
VersModul · Trend & Effectiveness iVersModul Trend
Shows how often each UI-component type triggered a verse, and the average Response Clarity (clarity improvement) of user responses. "Significant" = Response Clarity > 0.3.
Loading...
VersModul · Verse Library iVersModul
Reflection interface. When a HOLD verdict has a dominant underspecification component, a verse prompts the operator to clarify. User response is re-scored.
Governance Knowledge Graph
Click Load to analyze the governance graph
▸ SVG NODE GRAPH
Governance Roles & Permissions iRBAC/ABAC Matrix
Per-role governance attributes (threshold modifier, policy-override, HOLD-bypass, risk weight) + granular permissions list. Read-only — edit via config file.
Click Load to render the role matrix
Operator Register
EMPLOYEE GOVERNANCE MANAGEMENT
0
TOTAL OPERATORS
0
ACTIVE
0
SUSPENDED
0
OFFBOARDED
0
DEPARTMENTS
STATUS EMPLOYEE ID NAME DEPARTMENT TEAM JOB TITLE EMAIL POLICIES REGISTERED ACTIONS
Loading operators...
User Management
Manage users, roles, and permissions. Click a user to view their full profile with activity stats, risk score, and session history. Configure SMTP in System Config to enable email notifications for BLOCK events, account lockouts, and alerts.
Registered Users
Loading...
User Profile
Click a user to view profile
RBAC Permission Matrix
Click ⟳ to load
Governance
Click ⟳ to load
Live Sessions
Click ⟳ to load
Auth Event Log
Loading…
Session Log
System Configuration
Organisation Profile
Company Identity
Industry & Regulation
Address
Contacts & Officers
Corporate & Board
IT & Security
AI Governance (EU AI Act)
Audit & Certifications
Communication & Scope
Licence
Status● VALID
Organisation
TypeOn-Premise
Expires
AlgorithmECDSA P-256
Scoring Mode
ACTIVATE LICENCE KEY
The licence key is stored securely at /app/data/licence.key and persists across restarts. In demo mode all features are available. Contact licence@noetik.co.uk to obtain an enterprise key. Keys are validated using ECDSA P-256 cryptographic signatures.
Model Integration
The provider's API endpoint. Auto-filled when selecting a provider above.
Your API key or token. Stored securely. Not required for local providers (Ollama, LM Studio).
Select from known models or type a custom model ID. The model is called only for EXECUTE verdicts in the Governed Chat.
Maximum wait time for model response. Increase for slow models or high-latency connections.
Gateway Enabled
When enabled, EXECUTE-verdict inputs in Governed Chat are forwarded to the model. When disabled, PREEXEC™ still scores inputs but does not call the model.
API Key Management
Click Refresh to load API keys
Branding
No logo
Max 512 KB. PNG, SVG, or JPEG. Displayed next to the PREEXEC™ logo in the header.
Displayed next to the logo in the header.
Changes button, link, and chart accent colors globally. Default: #1d4ed8.
Required for branding changes. Click Auto-fill to retrieve it from the server (ADMIN login required).
Dashboard Layout
Visible Tabs
Uncheck to hide tabs from the sidebar. Overview is always visible.
Sidebar Default
Default Policy (Tester)
⬡ enforce_only — Release Acceptance (6 Gates)
Click Reload to load gate status.
Sign-off (admin-key required): POST /api/admin/eo-acceptance/sign-off
Body: {"gate":"EO-1","status":"pass","signed_by":"M.J. Farrell","reason":"T23 corpus 100% catch"}
⬡ Self-Monitoring Diagnostics iSelf-Monitoring
Deep health check of 8 subsystems: Database, ML Models, spaCy, Policy Engine, Audit Chain, Model Adapter, Filesystem, Licence. Reports HEALTHY or DEGRADED with per-component details.
Click Run to check all subsystems
Agent Monitoring · File Integrity
Click Verify to check file integrity against startup baseline
Model Registry
Click Load to display registered models
Observability & Metrics
Click Load to display system metrics
Prometheus: http://localhost:8000/metrics (scrape-ready)
Integrations
Webhooks
SMTP (E-Mail)
ClarityFeedback Configuration
Max iterations:
Dimensions
Guidance Strings
Target Systems
Click ⟳ to load targets
Admin Key (required for cards below)
The admin key is required for OIDC, SIEM, PII, Delegations, Roles, Audit-Retention loaders + the Detection-Layer Cockpit toggles (PUT operations). Click Test & Save to validate against the engine and persist in sessionStorage (survives page-refresh, cleared on browser-close).
Status: empty
OIDC / SAML Single Sign-On
OIDC Discovery + PKCE-S256 + JWKS validation. JIT-Provisioning via email claim. Saving validates the issuer with a discovery probe.
Click "Load" with admin key to fetch current config.
API endpoints
GET  /api/auth/oidc/status — public toggle for login UI
GET  /api/admin/oidc — read config (admin-key)
PUT  /api/admin/oidc — upsert config + discovery probe
GET  /api/auth/oidc/login — initiate flow → IdP
GET  /api/auth/oidc/callback — JIT-provision + session
SIEM Forwarders (Splunk · Sentinel · Elastic)
Native formatters: Splunk HEC (Authorization: Splunk <token>), Azure Sentinel (HTTP Data Collector with HMAC-SHA256), Elastic ECS (ApiKey-auth). Non-blocking thread fan-out, 1s/4s/16s retry.
Click "Load" with admin key to list configured forwarders.
API endpoints
GET    /api/admin/siem — list providers
POST  /api/admin/siem — add (type: splunk|sentinel|elastic)
PUT   /api/admin/siem/{id} — update (secret-preserve)
DEL   /api/admin/siem/{id}
POST  /api/admin/siem/{id}/test — synthetic event fire
PII Redaction (audit chain)
8 regex categories: email, IBAN, credit_card, SSN, German Personalausweis, Steuer-ID, IPv4/v6, phone. Applied before audit chain write — sanitised text only. Env override: PREEXEC_REDACT_PII=yes (forces enabled regardless of this config).
Click "Load" with admin key to see current categories + status.
API endpoints
GET   /api/admin/pii — current config + available categories
PUT   /api/admin/pii — enable + categories list
POST  /api/admin/pii/preview — sample redaction test
Audit Retention & Rotation
Live chain rotation (size: PREEXEC_AUDIT_ROTATE_MB=100, age: PREEXEC_AUDIT_ROTATE_DAYS=0/disabled). Retention default 10 years (PREEXEC_AUDIT_RETENTION_DAYS=3650). Hard-delete only via explicit API call.
API endpoints
GET   /api/admin/audit/segments — list rotated segments + Merkle roots
POST  /api/admin/audit/rotate — manual rotation trigger
GET   /api/admin/retention/preview — dry-run expired list
POST  /api/admin/retention/run — hard-delete expired
POST  /api/admin/key/rotate — admin-key rotation (ADMIN session required)
GET   /api/admin/sla/overdue — overdue ESCALATED items
POST  /api/admin/sla/run — fire SLA reminders
Review Delegations (Vacation-Cover)
Auto-route review assignments during operator absence. When PUT /api/review/{id}/assign targets a user with active delegation window, assignment redirects to delegatee. History preserved for audit.
Click "Load" with admin key to list active + scheduled delegations.
API endpoints
GET   /api/delegations — list (filter: user, active_only)
POST  /api/delegations — create (from_user, to_user, start_at, end_at)
DEL   /api/delegations/{id} — immediate end
GET   /api/delegations/resolve/{user_id} — diagnostic
Custom Roles & Permissions
6 built-in roles seeded (OPERATOR, REVIEWER, GOVERNANCE, COMPLIANCE, ADMIN, SYSTEM). Admins can create custom roles with description + policy_scope (allowlist of policies the role may evaluate).
Click "Load" with admin key to see all roles + permissions.
API endpoints
GET   /api/admin/roles — list with permissions
POST  /api/admin/roles — create custom role
PUT   /api/admin/roles/{name} — update description/scope/perms
DEL   /api/admin/roles/{name} — built-in protected, in-use blocked
Policies — Version History
Per-policy revision trail. Every save snapshots previous row with hash + author + notes — auditor can replay any historical evaluation against the policy state at decision time.
Select a policy from the dropdown to see its version history.
API endpoints
GET   /api/policies/{name}/versions — version history
GET   /api/policies/{name}/versions/{version} — full data at version
POST  /api/policies/{name}/versions/{version}/restore — restore as new HEAD
⚙ Detection Layers — Cockpit
Detection pipeline control. Tier-1 (Universal Safety) is not disablable — product guarantee. v2 / v3 / Custom-Policies are individually toggleable; Custom-Policies have additional per-policy granularity. Every toggle generates an audit event in the hash chain (LAYER_CONFIG_CHANGED).
Tier-1 Safety
always-on
6 categories × 4 languages — Layer 1 (Hardblock) + 1b (Protocol v9 operators) + 2 (Multilingual toxicity) + Mass-Harm Regex.
Component of product guarantee (GDPR Art. 22, EU AI Act Art. 5). Not disablable.
🔒 ON
v2 System-Policy

Regex-based, deterministic. Layer 1.5 (hard_block) + 1.9 (advisory). EU AI Act Art. 5 + IASR 2026.
v3 Graph-Engine

typed Ontology, Subgraph-Matcher. Generalises beyond pattern boundaries. Recommended active.
Custom Policies

Per-policy rule_checks (Layer 3) + forbidden_patterns (Layer 4) + ML semantic forbidden/risk_zones (Layer 5). Customer compliance definitions. ▸ Expand per-policy list
Policy Selection

multi: PREEXEC auto-detects the domain and stacks policies (DPR). strict: only the pinned policy is used — no auto-route, no stacking. Tier-1 universal safety stays on in both modes.
ACTIVE DETECTION PIPELINE
API Reference (92 Endpoints)
MethodEndpointDescription
Core Scoring
POST/api/evaluateClarityScore evaluation with policy detection, explainability, diagnostics
POST/api/chatGoverned AI gateway (score + forward to model)
POST/v1/chat/completionsOpenAI-compatible proxy with governance
GET/v1/modelsOpenAI-compatible models list
POST/api/proxyTransparent middleware proxy
POST/api/reproducibilityS5 reproducibility challenge-response
Intelligence
POST/api/training/explainTraining Mode: human-readable verdict explanation
POST/api/justifyDecision Justification (rule-based + AI-enhanced)
POST/api/debug/scoreDeveloper Mode: full pipeline debug output
POST/api/assistantPREEXEC™ Assistant: LLM-powered governance expert
POST/api/simulate/scoreSimulate scoring without audit entry
POST/api/simulate/policy-changeImpact analysis of threshold changes
Policies
GET/api/policiesList all policies
GET/api/policies/dbList custom (DB) policies
GET/api/policies/{name}Read single policy
POST/api/policies/saveCreate/save custom policy
PUT/api/policies/{name}Update policy
DELETE/api/policies/{name}Delete custom policy
GET/api/meta-policyMeta-Policy v2.0 definition
POST/api/dpr/detectDPR: auto-detect relevant policies
POST/api/dpr/stackDPR: show policy stack
GET/api/autotuning/statusAutotuning on/off status
POST/api/autotuning/toggleEnable/disable autotuning
GET/api/autotuning/analyzeAnalyze all policies
GET/api/autotuning/analyze/{name}Analyze specific policy
POST/api/autotuning/apply/{name}Apply threshold suggestions
GET/api/refactoring/analyzePolicy refactoring analysis
Audit & Compliance
GET/api/auditAudit chain records
GET/api/audit/integrityMerkle tree verification
GET/api/audit/exportWORM-compatible export
GET/api/statsAggregate statistics
GET/api/lineageData lineage events
GET/api/lineage/entitiesLineage entity types
GET/api/compliance/mappingsAll compliance framework mappings
GET/api/compliance/mappings/{fw}Single framework controls
POST/api/compliance/reportGenerate compliance report
GET/api/compliance/summaryCompliance summary all frameworks
GET/api/predictive/trendsGovernance trend analysis
Review
GET/api/reviewReview queue items
POST/api/reviewAdd to review queue
PUT/api/review/{id}Decide review (approve/reject/escalate)
POST/api/review/bulkBulk approve/reject/escalate
DELETE/api/review/purgePurge all decided items
DELETE/api/review/{id}Remove review item
Users & Auth
POST/api/auth/loginAuthenticate user
POST/api/auth/validateValidate session token
POST/api/auth/logoutEnd session
GET/api/usersList all users
POST/api/usersCreate user
PUT/api/users/{id}Update user
DELETE/api/users/{id}Deactivate user
GET/api/users/{id}/riskUser risk score
GET/api/users/{id}/analyticsUser analytics
GET/api/users/{id}/anomaliesUser anomaly detection
GET/api/users/governanceAll users governance overview
GET/api/sessions/liveActive sessions
DELETE/api/sessions/{token}Terminate session
GET/api/session/{id}Session records
Governance & RBAC
GET/api/governance/permissionsRBAC permission matrix
GET/api/governance/permissions/{role}Role permissions
POST/api/governance/checkCheck permission
GET/api/governance/rolesRole profiles
Knowledge Graph
GET/api/knowledge-graphBuild governance graph
GET/api/knowledge-graph/queryQuery by node type/relation
POST/api/knowledge-graph/searchNatural language graph search
GET/api/knowledge-graph/risk-propagationRisk propagation analysis
Models
GET/api/modelsModel health check
GET/api/models/configCurrent model config
PUT/api/models/configUpdate model config
POST/api/models/testTest model connection
GET/api/models/providersList 22 providers + models
GET/api/models/adaptersAdapter types
GET/api/models/registryModel registry
POST/api/models/registryRegister model
PUT/api/models/registry/{id}Update model status
POST/api/arbitrateMulti-model arbitration
System
GET/healthzSystem health check
GET/metricsPrometheus metrics
GET/api/metricsJSON metrics
GET/api/diagnosticsSelf-monitoring diagnostics
GET/api/licenceLicence info
POST/api/licenceActivate licence key
GET/api/agent/integrityFile integrity check
GET/api/agent/checksumsCurrent file checksums
GET/api/agent/baselineStartup baseline checksums
GET/api/feedback/configClarityFeedback config
PUT/api/feedback/configUpdate feedback config
GET/api/webhooks/configWebhook configuration
PUT/api/webhooks/configUpdate webhook config
POST/api/webhooks/testSend test webhook
GET/eulaEULA text (v2.0)
GET/legalLegal notices (Impressum, Privacy, AI Act, OSS)
Integrations
External system connectivity · LLM providers · SIEM · webhooks · observability
Settings
Personalisation · branding · dashboard layout
⬢ Tenants — Multi-Tenant Administration
Each tenant is fully isolated — separate users, policies, audit chain, branding. Postgres deployments enforce isolation via RLS; SQLite uses app-side filtering. The currently active tenant is shown in the sidebar footer. Switch tenants below; the choice is stored in this browser session and sent as X-Tenant-ID on every request. See docs/multi-tenant-architecture.md.
ACTIVE TENANT
TENANTS REGISTERED
RESOLUTION SOURCE
Tenant Users Policies Audit Records Audit-Chain Size Last Eval Action
Click ⟳ Refresh to load tenant stats

PREEXEC™ — Help & Reference

On-Premise v4.8.1 · Installer / Implementer / Analyst manual · © 2026 Noetik Governance Ltd.
LOADING HELP CONTENT…
ON-PREMISE AI GOVERNANCE
System Online | v4.8.1
FIRST-LOGIN BOOTSTRAP CREDENTIAL
ADMIN-001 | PIN
Auto-generated. Change it immediately after login — this banner disappears as soon as you do.
⚠ ADMINISTRATOR KEY · STORE SECURELY · ONE-TIME REVEAL
X-Admin-Key
Important: save this key now in a password manager or encrypted vault. The administrator key authorizes branding changes, backups, audit-key rotation and API-key management. It will not be re-displayed on this banner — after your first PIN change the banner disappears; the key remains retrievable inside the dashboard (System tab → Admin Key card) only when logged in as ADMIN. Treat it like a root credential. Never share by chat / email / unencrypted file.
Noetik Governance Ltd.
EULA Legal Privacy
Governance Assurance Report