Maps Memory Shadow Mode Widget Governance Actions About Blog Developers Contact Book a Demo
Governance

Execution governed
by policy, not hope.

Every integration verb carries a risk classification. Every action is checked before it executes. Approval gates, verb-level policies, and an immutable audit trail — built into the runtime, not bolted on after.

The LLM decides.
It does not execute.
Governance does.
100%
of actions governed at verb level
3-tier
Risk classification: LOW · MEDIUM · HIGH
0-config
Required to start — governance is always on
Book a Demo See the full platform →
Risk classification

Every verb has
a risk level.

Before a Cerebral can call any action, the governance engine checks the verb's risk classification against your policy. You configure the thresholds. The runtime enforces them.

Policies don't guide execution. They control it. Every action is checked before it runs. If it violates policy, it never executes.
LOW Risk
Executes automatically
Read operations, lookups, data fetches. No side effects. Always logged, never blocked.
shopify:get_order
reamaze:get_conversation
stripe:retrieve_customer
MEDIUM Risk
Notify on execute
State-changing but reversible. Executes with notification. Configurable for approval.
reamaze:send_reply
shopify:update_order
klaviyo:tag_customer
HIGH Risk
Requires approval gate
Irreversible or high-value actions. Blocked at registry level until an explicit approval gate is configured.
stripe:create_refund
shopify:cancel_order
tool:email_contact
Five pillars

The full
governance stack.

Verb-level risk controls
Every integration action and platform tool is classified LOW, MEDIUM, or HIGH. Risk is enforced at the action level — not per conversation.
Approval gates & policies
Define what's allowed. The system enforces it on every execution — tenant-wide or per Cerebral. Match on verb name, risk level, provider, or conditions like amount or recipient.
Shadow Mode & dry run
Run every operation without executing it. Approve behavior before it ever touches production. Both are built into the same execution path as live mode — not separate systems.
Immutable audit trail
Every action, approval decision, and escalation logged with tool name, inputs, outputs, duration, and execution ID. Always on. Not configurable off. Built for compliance teams.
Idempotent execution
Every write operation is assigned a unique execution signature before it leaves the platform. If a retry fires — from a timeout, a restart, or a concurrent duplicate request — the fence catches it at the constraint level and returns the cached result. The third-party API is never called twice. Enforced at the infrastructure layer across all 2,800+ providers, regardless of whether they natively support idempotency keys.
Example policy
// Require approval for large refunds
{
  "verbMatchers": [{
    "type": "verb",
    "value": "stripe:create_refund"
  }],
  "conditions": [{
    "field": "args.amount",
    "operator": "greater",
    "value": 100
  }],
  "action": {
    "type": "require_approval"
  }
}
Compliance ready
SOC2-aligned architecture
HIPAA-ready workflows
GDPR data controls
Field-level encryption
Sensitive field masking before logging

Governed from
day one.

Governance is not a feature you configure. It is the runtime. Every Cerebral is governed before you touch a single policy setting.

Book a Demo See the full platform →