Permissions, privacy, and proof — built in
Identity, sensitive data, behavioral threats, change control, and regulatory frameworks, governed together.
Mantle, Shroud, Vigil, Saga, and Oath give IT a single trust layer underneath everything Neuraforge does. Define who can do what with ReBAC and ABAC — for people and AI agents alike. Redact PII before it leaves the platform, catch prompt injection and exfiltration in real time, govern every change, and map your controls to the frameworks auditors expect to see.
Mantle
AvailableThe ReBAC and ABAC identity layer under everything
Mantle is the identity layer underneath every Product — a Zanzibar-style ReBAC engine plus ABAC conditional policies governing multi-tenant organization hierarchies, users, teams, and roles. One permission model decides what every person and every AI agent can access, so nothing on the platform — human or machine — gets a path you didn't grant.
- Zanzibar-style ReBAC permission engine with ABAC conditional policies
- Multi-tenant organization hierarchy with full inheritance support
- Eleven built-in roles with optional support for custom roles with granular scope
- Organization policies with conditional access based on attributes like time, IP, location, and mobile/device attributes
- Event subscriptions, full activity log, and audit trails for every permission change and access event
Shroud
BetaDetect and redact PII before it leaves the platform
Shroud is a privacy engine that intercepts sensitive data before it reaches an external model or third party. It covers 40-plus entity types across chat, documents, images, and device data with configurable operators — replace, redact, mask, hash, encrypt, tokenize, or generate synthetic stand-ins.
- Forty-plus PII entity types detected across text, documents, and images
- Anonymization operators including redact, mask, hash, encrypt, and tokenize
- Policy-driven scoping by org, team, role, and user
- Coverage for chat messages, file uploads, image content, and device data
- Live scanner, redaction log, and encrypted access request workflow
Vigil
BetaBehavioral threat detection for AI and endpoints
Vigil watches user behavior and AI source health to surface threats in real time. It catches prompt injection, jailbreak attempts, data exfiltration patterns, PII bypass attempts, and provider anomalies — complementing Shroud's redaction layer with behavioral intelligence across every AI interaction on the platform.
- Prompt injection and jailbreak detection across every chat and agent
- Data exfiltration pattern recognition and PII bypass alerting
- AI provider anomaly detection and source health monitoring
- User risk scoring with configurable behavioral policies
- Active incident queue, response workflows, and historical trend analysis
Saga
BetaVersion, diff, and roll back any platform resource
Saga is built-in change management for the entire platform. Version history, optimistic conflict detection, and approval workflows apply to every configurable resource, providing versioning, rollback, diff, and audit without any product-specific tooling - with a consortium of your own Envoy AI Agents to help review changes, detect risks, and recommend approvers.
- Version history, diff, and rollback on every configurable resource
- Content hash locking with optimistic conflict detection and resolution
- Approval workflows with change windows, risk categories, and reviewers
- Full audit trail covering changes, conflicts, and post-implementation review
- Envoy's AI Agents can be assigned as reviewers to detect risks and recommend approvers
Oath
BetaMap every control once across ten compliance frameworks
Oath centralizes regulatory compliance. Map your infrastructure and operations against HIPAA, SOC 2, ISO 27001, GDPR, FedRAMP, CMMC, StateRAMP, PCI DSS, NIST CSF, and FIPS 140-3 in one place — track control status, manage evidence, identify gaps, and generate framework-specific reports without re-collecting the same data ten times.
- Ten built-in frameworks including HIPAA, SOC 2, ISO 27001, and FedRAMP
- Control inventory and cross-framework mapping in a single source of truth
- Implementation status tracking and automated gap analysis
- Evidence library, audit schedules, and framework-specific reports
- Findings and remediation workflow with owner assignment and due dates
Ledger
BetaEvery key. Every environment. Always controlled.
Ledger is Neuraforge's platform-wide managed parameter and secrets store — a centralized key-value system for configuration values and secrets, scoped to the organization hierarchy with inheritance. Every Product in the platform consumes it: automation scripts, AI source configs, webhook templates, Workshop components. One rotation point; many consumers.
- Org-hierarchy scoped with inheritance: closest-wins by default, with a locked flag for governance escape hatches that prevent child overrides.
- Three sensitivity tiers — public, private, and secret — controlling visibility, encryption (AES-256-GCM with per-org KMS-backed DEKs), and audit behavior in one unified store.
- Secret referencing: parameter values can reference other parameters via a placeholder syntax, resolved after inheritance with cycle detection.
- No parallel access control: rides Neuraforge's existing ReBAC engine. No custom permission model to learn or maintain.
- Versioning through Saga, sync integrations with GitHub Actions and more, and a connector-side placeholder reference syntax for AI, function, storage, and API source credentials.
Govern AI and IT from one trust layer
Get early access to Mantle, Shroud, Vigil, Saga, and Oath.