Governance console

Access review · policy enforcement · run history

0 allowed0 blocked0 approval
Evaluating next request…
Simulated flow — legit access allowed, malicious attempts blocked, risky actions to human approval, full history logged

Rules built into the platform

“Account isolation isn’t an afterthought—it’s how every API call, workflow step, and AI action starts.”

Platform

Governance and Security — built into the automation platform

When automation and AI must run inside policy—not on trust alone—governance covers account isolation, scoped API keys, sandbox limits, and human approval before risky runs on one platform.

Adoption context

You need this when
Custom automation, AI tool calls, or connection runs must follow policy—secrets store, sandbox, and human approval—not trust in prompts alone.
Often bundled with
Integrations for live workflows on one platform.
Not required if
You are exploring read-only connections first—but production runs should plan for safety rules from day one.

Rules apply by default—not prompts, not hope, and not a bolt-on compliance suite.

Custom automation code, AI runs, and too many uncontrolled connections are security risks when safety rules live in informal knowledge. Tealfabric embeds governance into sign-in, API keys, workflow sandboxes, execution logs, and Datapool change logs from day one.

See who did what across security events, workflow runs, connection executions, and operational data writes—with human approval where judgment matters.

  • Safety rules built into the automation platform—not added as a separate compliance product
  • Account isolation, scoped API access, security event logging, and run history by default
  • Automations run in a controlled sandbox with capability profiles and workflow safety limits
  • Minimum-access API keys with scopes and per-key rate limits
  • Control what AI can touch—query validation, connection opt-in, log redaction
  • Data lifecycle rules on Datapools—change log, quality, lineage, retention
  • Operations-ready monitoring across security, workflow, connection, Datapool, and AI events

Example scenarios

How teams show governance in sales and security reviews.

From security ops triage to compliance exports and AI opt-in controls—governance shows up in real workflows, not slide decks.

Governance control flowAPI accessSign-in / geoAI actionPolicy layersandbox · scopes · HITLSecurity logsHuman approvalAudit trail

Policy in action

Review access, block abuse, route judgment to humans, log everything.

A live-style governance console: scoped API access is allowed, cross-account and brute-force attempts are blocked, connection runs go to human approval, and the full chain lands in security logs, execution logs, and Datapool change log.

Governance console

Access review · policy enforcement · run history

0 allowed0 blocked0 approval
Evaluating next request…
Simulated flow — legit access allowed, malicious attempts blocked, risky actions to human approval, full history logged

03 · Platform governance

Built-in controls—not a compliance sticker.

Account isolation, security logging, abuse prevention, run traceability, sandbox limits, time-limited tokens, and AI safety controls—built in, not bolted on.

Login tokens and API keys bind requests to an account. Role-based access on users plus granular API key scopes—for Datapool reads and writes, user management, workflow secrets, health checks—with per-key rate limits.

account context
scoped API keys
per-key rate limits

Every API call is tied to an account; cross-account access is rejected.

04 · Data governance

Governance follows the data your automations create.

Datapool change log, access rules, quality scoring, lineage, and retention—strong via API today. No unified account compliance center UI yet; operations console and APIs are the operator surfaces.

  • 01

    Datapool change log

    Every schema and data change logged with user, workflow, step, and IP.

    Safety rules follow the data your automations create—not a separate master-data product.

  • 02

    Access rules

    Per-role schema permissions and field-level read restrictions.

    Strong via API today; a full compliance UI for rules is not the headline.

  • 03

    Quality and lineage

    Validation rules, quality scores, and source metadata on writes.

    Lineage graph and path APIs for records your workflows and AI touch.

  • 04

    Retention policies

    Time-, size-, and event-based policies with a run endpoint.

    Data lifecycle built into the platform layer your workflows already use.

Data governance trail

change log · access · lineage · retention

DatapoolAccessQualityRetention

Datapool change log

schema: supplier_evidence · last 7d

[INSERT] 12 rows · workflow nightly_sync

user: ops@acme.fi · step-4

[SCHEMA] field tax_id required

auto_merge_schema · IP 10.0.1.42

Simulated — governance follows the data your automations create

05 · Platform connections

Fits the platform

Governance is not a separate product—it is how workflows, connections, Datapools, AI, and operations logging work together. Security events, run history, and data change logs are searchable in the same operational layer.

Security pack for prospects

Evaluation checklist for security, compliance, and platform owners—aligned to how we run design partner pilots. Request a PDF summary for your procurement or InfoSec review.

Account isolation and operator access

Production workloads run in isolated accounts with role-based access and MFA for operators.

Demo proof: Separate sandbox and production accounts; scoped operator permissions per environment.

AI tool rules and account overrides

AI tools are allow-listed via safety config—with account-level overrides, not prompt hope.

Demo proof: Deny a tool in config and show the AI cannot call it; log the policy change.

Human approval

AI proposes actions; humans approve before controlled connection runs in production.

Demo proof: Trace AI skill → describe action → request human input → run connection.

ProcessFlow secrets store

Connection credentials live in the secrets store—referenced from workflow steps, not hard-coded in scripts.

Demo proof: Workflow step references a stored credential instead of a hard-coded API key.

API keys with scopes

Programmatic access uses scoped API keys tied to account boundaries and approved surfaces.

Demo proof: Issue a scoped key for a single connection or workflow trigger—not blanket admin access.

Sandbox capability profiles

Step code runs under capability profiles that block risky operations in production paths.

Demo proof: Contrast integration-bridge profile vs blocked operations in a JavaScript step.

Run history and operations console

Connection runs, workflow steps, and AI tool calls leave execution history in the operations console.

Demo proof: Failed sync visible in operations → controlled retry under policy instead of silent scripts.

Pilots include a security pack review: safety rules, MFA, API key scopes, account isolation, and human approval paths—not platform login alone.

Request security pack (PDF)See human approval workflow

Who it is for

Security, compliance, and platform owners who must approve production connection and AI run changes—and need reviewable history across security events, workflow runs, and operational data writes.

Related workflow: Ops exception handling with human approval. Platform depth: AI agents, Datapools, Integrations, Process Automation.

Operations and admin logs exist today; there is no single unified account compliance center. GDPR, SOC2, and ISO27001 certifications are not claimed—the platform has controls, not badges.

Review-ready operations

Walk through safety rules, human approval, and run history with your security team.

We demo account isolation, scoped API keys, security logs, workflow traceability, sandbox profiles, and Datapool change log—on the same platform as your connections and AI.