DataPool audit log
Every schema and data operation logged with user, process_id, step_id, IP.
Governance follows the data your automations create—not a separate MDM product.
Governance monitor
Access review · policy enforcement · audit trail
0 allowed0 blocked0 HITL
Evaluating next request…
Simulated flow — legit access allowed, malicious attempts blocked, risky actions to HITL, full audit logged
Policy as control plane
“Tenant isolation isn’t an afterthought—it’s how every API call, process step, and agent action starts.”
Platform
Governance and Security — built into the automation platform
Tenant isolation, scoped API access, security event logging, process traceability, and data-layer controls—without bolting on a separate compliance product.
Policy is the control plane—not prompts, not hope, and not a bolt-on GRC suite.
Custom automation code, agent execute, and integration sprawl are security risks when guardrails live in tribal knowledge. Tealfabric embeds governance into auth, API keys, process sandboxes, execution logs, and DataPool audit from day one.
See who did what across security events, process runs, connector executions, and operational data writes—with human approval paths where judgment matters.
- Governance built into the automation platform—not bolted on as a separate compliance product
- Tenant isolation, scoped API access, security event logging, and execution traceability by default
- Automations run in a governed sandbox with capability profiles and orchestration guardrails
- Least-privilege API access with scoped keys and per-key rate limits
- Control what AI can touch—MCP query validation, integration opt-in, log redaction
- Data lifecycle governance on DataPool—audit, quality, lineage, retention
- Operations-ready monitoring across security, process, integration, datapool, and LLM events
Hero scenarios
How teams prove governance in sales and security reviews.
From security ops triage to compliance exports and AI opt-in controls—governance shows up in real workflows, not slide decks.
log_type=security
failed_login · ip_blockSecurity ops review
Review failed logins, IP blocks, and admin denials in Ops monitor.
datapool_audit_log
ProcessExecutionLogsCompliance prep
Export DataPool audit and process execution logs for PII-handling workflows.
IntegrationExecutionQueue
artifact JSONIntegration governance
Track every connector run in IntegrationExecutionQueue plus artifact JSON.
MCP SQL validator
executable_by_ai_agentsAI governance
Agents query DataPool read-only; integrations require executable_by_ai_agents opt-in.
document_review JWT
webapp HMAC tokenSupplier intake controls
Document review tokens, webapp execution tokens, and datapool audit on writes.
GeoAccessGuard
country policyGeo-restricted access
Block or redirect access by country policy for regulated deployments.
Policy in action
Review access, block abuse, route judgment to humans, log everything.
A live-style governance monitor: scoped API access is allowed, cross-tenant and brute-force attempts are blocked, integration execute goes to human approval, and the full chain lands in security_logs, execution logs, and DataPool audit.
Governance monitor
Access review · policy enforcement · audit trail
0 allowed0 blocked0 HITL
Evaluating next request…
Simulated flow — legit access allowed, malicious attempts blocked, risky actions to HITL, full audit logged
Platform governance
Shipped controls that differentiate the runtime—not a compliance checkbox.
Tenant isolation, security logging, abuse prevention, execution traceability, sandbox guardrails, tokenized workflows, and AI governance hooks—built in, not bolted on.
tenant context
scoped API keysMulti-tenant isolation and scoped access
Every API call resolves tenant context; cross-tenant access is rejected.
JWT, API key, or scoped hints bind requests to a tenant. Role-based access on tenant users plus granular API key scopes—datapool.read/write, users.read/write, processflow.keystore.*, health.read—with per-key rate limits.
security_logs
severity · statusSecurity event logging
Persistent audit of security-relevant events in security_logs.
Failed logins, IP blocks, blocked access attempts, and admin access denials—with severity, status, request URI/method, and metadata JSON. Queryable via Ops monitor (log_type=security).
IP block · rate limit
password policyAbuse prevention and auth hardening
Failed-login tracking, rate limits, password policy, security headers.
Automatic IP blocking after failed-login thresholds in a 15-minute window. Rate limiting by identifier (API, login, upload, chat) from versioned security.json. Password policy and SecurityOrchestratorGuard headers (CSP, HSTS, X-Frame-Options).
GeoAccessGuard
country allowlistGeolocation access control
Optional country-based restrictions with JSON or redirect block modes.
GeoAccessGuard enforces regional policy; health and public endpoints can be skipped. Session-cached geo lookups limit external API churn.
ProcessStepLogs
IntegrationQueueProcess and integration traceability
Run-level and step-level execution logs plus integration queue records.
ProcessExecutionLogs, ProcessStepLogs, and IntegrationExecutionQueue capture inputs, outputs, timing, status, and payloads. Workflow artifact JSON on shared storage; Ops monitor surfaces process, integration, and connector log types.
sandbox profile
connector allowlistSandbox and runtime guardrails
Capability-based process sandbox with profiles and orchestration caps.
Explicit allowlists for context, logging, file, connector, keystore, API, and LLM. Profiles like minimal-readonly and integration-bridge. orchestrator_guardrails.json caps processes, execution time, API calls, and MCP resources. Worker tenant cooldown pauses noisy tenants.
review JWT
webapp HMACTokenized access for sensitive workflows
Time-limited document review JWTs, HMAC webapp tokens, execution auth keys.
Document review and webapp execution use scoped, TTL-bound tokens with rate-limit context. Internal process HTTP uses execution auth keys—geo/auth bypass only where explicitly intended.
SQL validator
log redactionAI and LLM governance hooks
MCP SQL validator, integration AI opt-in, log redaction, chat rate limits.
Read-only MCP datapool queries pass SQL validation (forbidden keywords, injection patterns, schema allowlist). executable_by_ai_agents flag on integrations. LOG_REDACTION_MODE for prompts, tool args, and MCP payloads.
security checklist
release guidelinesPublished security guidance
User-facing checklists and internal release hardening guidelines.
Pre-deploy, monthly, quarterly, and incident checklists for operators. API key best practices and RELEASE_SECURITY_GUIDELINES for production JWT, admin allowlist, and webapp secrets.
Data governance
Governance follows the data your automations create.
DataPool audit, access rules, quality scoring, lineage, and retention—API-strong today. No unified tenant “compliance center” UI yet; monitor and APIs are the operator surfaces.
Access rules
Per-role schema permissions and field-level read restrictions.
API-strong today; full tenant GRC UI for rules is not the headline.
Quality and lineage
Validation rules, quality scores, and source metadata on writes.
Lineage graph and path APIs for records your processes and agents touch.
Retention policies
Time-, size-, and event-based policies with execute endpoint.
Data lifecycle built into the platform layer your workflows already use.
Security pack for prospects
Evaluation checklist for security, compliance, and platform owners—aligned to how we run design partner pilots. Request a PDF summary for your procurement or InfoSec review.
Tenant isolation & operator access
Production workloads run in isolated tenants with role-based access and MFA for operators.
Demo proof: Separate sandbox and production tenants; scoped operator permissions per environment.
MCP guardrails & tenant overrides
Agent tools are allow-listed via guardrails JSON—with tenant-level overrides, not prompt hope.
Demo proof: Deny a tool in guardrails and show the agent cannot call it; audit the policy change.
Human-in-the-loop approval
Agents propose actions; humans approve before governed integration execute runs in production.
Demo proof: Trace AI skill → describe action → request_human_input → execute_tenant_integration.
ProcessFlow keystore
Integration credentials live in the keystore—referenced from process steps, not env secrets in scripts.
Demo proof: Process step references keystore credential instead of hard-coded API keys.
API keys with scopes
Programmatic access uses scoped API keys tied to tenant boundaries and approved surfaces.
Demo proof: Issue a scoped key for a single integration or process trigger—not blanket admin access.
Sandbox capability profiles
Step code runs under capability profiles that block risky primitives in production paths.
Demo proof: Contrast integration-bridge profile vs blocked primitives in a JavaScript step.
Audit trails & Monitor
Integration runs, process steps, and agent tool calls leave execution history in Monitor.
Demo proof: Failed sync visible in Monitor → governed retry under policy instead of silent scripts.
Pilots include a security pack review: guardrails, MFA, API key scopes, tenant isolation, and HITL paths—not platform login alone.
Request security pack (PDF)See HITL workflowWho it is for
Security, compliance, and platform owners who must approve production integration and agent execute changes—and need audit trails across security events, process runs, and operational data writes.
Related workflow: Ops exception handling with human approval. Platform depth: AI agents, Datapools, Integrations, Process Automation.
Monitor and admin logs exist today; there is no single unified tenant compliance center. GDPR, SOC2, and ISO27001 certifications are not claimed—the platform has controls, not badges.
Audit-ready operations
Walk through guardrails, HITL, and audit with your security team.
We demo tenant isolation, scoped API keys, security_logs, process traceability, sandbox profiles, and DataPool audit—on the same runtime as your integrations and agents.