Start here
Architecture
A single product boundary around configuration, enforcement, human decisions, and evidence. The overview below matches the product graphic used on the homepage.
POST /api/mcp) for tool-shaped evaluate calls and trace metadata. See OpenAPI for REST contracts.Trust boundaries
Clients never send a workspace id: the API key resolves tenancy server-side. Policies and keys are edited in the dashboard (or rulesets synced from GitHub per policy); dashboard operators sign in with email and password or, when enabled, enterprise SAML / OAuth (see Enterprise SSO). Enforcement happens on POST /api/v1/evaluate.
When a rule requires humans, notifications go out on the channels you configure; approvers act via secure links (and OTP on critical tiers). Policies may define approval deadlines (auto-reject or escalate to the next stage); a cron job with CRON_SECRET calls POST /api/cron/approval-timeouts (see Approval timeouts). If you pass webhook_url on evaluate, we also POST to your integrator with event: approval_required when a human stage is waiting (including the next stage after a mid-flow approve), and event: terminal_outcome when the evaluation is final. The audit trail records the full timeline for dashboard review; Governance analytics aggregates approval rates, human decision latency, and rejection reasons by workspace (see Governance analytics). Cost attribution rolls up attributed cents per agent_id on evaluate (see Cost attribution). Workspace members can download a compliance evidence ZIP (narrative plus CSV samples; see Compliance reports). Rulesets can also be synced from GitHub per policy (Policy-as-Code).
For integration patterns, see Framework integrations and Production readiness.