Governance

Governance enforced at the point of execution, not just at catalog time. When an AI agent queries data through Plexara, access controls, audit trails, and quality signals are enforced by the same platform that executes the query.

The Gap

Catalog-Time vs. Execution-Time Governance

Aspect	Catalog-Time	Execution-Time (Plexara)
PII Classification	Tag exists in catalog. Agent can still query the data through a separate connection.	Persona filtering blocks unauthorized tool access. PII tag surfaces in every enriched response.
Access Control	Policy defined in catalog. Enforcement depends on downstream systems honoring it.	Default-deny posture. No persona means zero tool access. Enforced on every request.
Audit Trail	Catalog logs metadata reads. Query execution logged separately in the database.	Single audit log captures user identity, persona, tool, connection, duration, and outcome.
Deprecation	Deprecation notice in catalog. Agent may never check the catalog before querying.	Deprecation warning included in every query response for the deprecated dataset.

Authentication

Fail-Closed by Default

Missing or invalid credentials deny access. No persona assigned means zero tool access. Misconfiguration results in denied access, never unauthorized access.

OIDC

OpenID Connect with required JWT claims (sub, exp). Integrates with any enterprise identity provider.

Use case: Interactive users through AI clients and web interfaces.

OAuth 2.1

Full OAuth 2.1 with PKCE for public clients and Dynamic Client Registration. Built-in authorization server.

Use case: Third-party integrations and delegated access patterns.

API Keys

Managed API key authentication for service accounts and automation workflows.

Use case: Machine-to-machine communication and CI/CD pipelines.

Audit

Every Tool Call Logged

Comprehensive audit logging with PostgreSQL storage and configurable retention. The audit log captures what happened, who did it, under what authority, and through which data path.

Platform-level logging captures tool calls invisible at the database level. A database log shows a query from a service account. The platform log shows which human initiated the session, which persona they used, and which tool call triggered the query.

Captured per tool call

User IdentityAuthenticated user from IdP

PersonaResolved role-based persona

ToolMCP tool that was invoked

ConnectionTarget data source connection

DurationExecution time in milliseconds

OutcomeSuccess, failure, or denied

Safeguards

Operational Controls

Read-Only Enforcement

Trino and S3 connections can be locked to read-only mode, blocking write operations at the platform level.

S3 Prefix ACLs

Restrict storage access to specific S3 paths. Agents cannot browse or retrieve objects outside allowed prefixes.

Workflow Gating

Session-aware enforcement tracks whether discovery tools were called before query tools, with configurable escalation.

Prompt Safety

Metadata sanitization prevents malicious instructions from reaching the agent through enriched responses.

SLSA Level 3

Supply chain provenance with SAST (Semgrep, CodeQL), race detection, gosec, and OpenSSF Scorecard.

Query Limits

Configurable default and maximum row limits, query timeouts, and connection-level resource controls.

Portal

The workspace where AI-generated analyses become organizational assets.

Continue