Appearance
Governance
Insight without controls is theatre. The Governance pillar is where you act on what Insights surfaced — triage signals, manage the provider inventory, version the policy, and govern production AI workloads separately from people.
What's here
| Page | Use it to |
|---|---|
| Alerts and signals | Triage the behavioural-signal stream — content safety, brand, budget, operational |
| Providers inventory | See every AI tool registered to your org, who's using it, and when it last sent traffic |
| Policy and enforcement | Read the active policy, draft a new version, audit who changed what |
| Service accounts | Govern production AI workloads with their own identity, scope, and signals |
Where Governance ends and Agent begins
Policy lives in the platform. Enforcement happens at the agent. When a rule turns from observe to enforce, the Flowstate Agent on each developer machine intercepts at request time and returns a 403. See Agent → Enforcement for the rollout sequence — the strong recommendation is two weeks of observe before flipping a single rule.
Permission model
Reading the Governance pages requires the AI_GOVERNANCE_VIEW permission. Drafting and activating policy versions requires AI_POLICY_ADMIN. Managing service accounts and provider integrations requires SETTINGS_INTEGRATIONS_UPDATE. See Roles & Permissions for how those map to your org's role bindings.