§ For platform & security teamsDocument · REG-PLATFORM-2026.07

You never trust the AI. You bound it.

How it’s built, how it’s governed, and how it runs inside your network. Determinism where it counts, judgment where it helps, and a record of everything either one did — deployed on your infrastructure, on your keys.

The authoring surface — a process graph of nodes with agents, tools, and human gates bound to explicit rules.
Where you bound itAgents, tools, and human gates on explicit rules
§ 01Architecture

Bound the agent. Don’t trust it.

An agent is a tool inside a deterministic pipeline — read, reason, write, branch, call a tool. The pipeline is scripted and checkable; the LLM is used for judgment, never for control flow. What an agent may do is set by an autonomy ceiling it has to earn, enforced at the engine, not asked for in a prompt.

Every action lands in an append-only, replayable audit trail. And a case runs on the exact versions of its process, agents, and policies that existed the moment it started — so any decision can be reconstructed as it was actually made, not as the system looks today.

Pipelines
Deterministic · step-checkable
Autonomy ceilings
Engine-level · earned
Audit
Append-only · replayable
Versioning
A case runs on its start-time versions
An agent execution pipeline — read, reason (LLM), write, branch, and call-tool steps in a deterministic, checkable sequence.
A scripted pipelineRead · reason · write · branch · call — the LLM is one step inside it
§ 02Evals & drift

The cheapest model that still passes — and a gate that proves it.

Agents are graded against eval suites before they ship. A multi-model matrix compares quality, latency, and cost per model and recommends the cheapest one that still passes, so you’re not paying frontier prices for a task a smaller model handles.

A drift gate re-runs those suites against a baseline and blocks a deploy on regression — a bad change doesn’t reach production because the numbers moved the wrong way. Judges are calibrated blind so the grader isn’t marking its own work.

Model matrix
Quality × latency × cost
Recommendation
Cheapest passing model
Drift gate
Deploy blocked on regression
Judges
Blind-calibrated
A real three-model eval group — DeepSeek, Claude Haiku, and Nemotron — all passing, with the recommended cheapest-passing model, and a drift panel below flagging two real regressions in red.
Matrix + drift gateThree models compared; the gate flags real regressions in red
§ 03Deployment & day-2

On your network, on your keys — and boring on purpose.

The data plane deploys on-premises or in your private cloud, on your Postgres, inside your network, using your own LLM provider keys. Your data doesn’t detour through us, and your AI spend is your bill at your negotiated rates.

The un-glamorous half of enterprise software is done before you ask: a signed, verifiable offline installer kit; documented and drilled backup and restore; a secret-rotation runbook; a default alerting baseline out of the box; and a TLS / multi-machine network topology guide.

Data plane
On-prem or your private cloud
Your keys
Your provider, your rates
Installer
Signed · verifiable · offline
Day-2
Backup/restore · rotation · alerting
§ 04Integrations

Meet systems where they are.

Modern systems get MCP and REST. Thirty-year-old systems get SFTP and a mailbox. Both are first-class. Named, credentialed connections without code: generic REST APIs (OAuth2, API-key, bearer, or basic), SFTP and flat files (CSV and fixed-width — the format legacy systems actually speak), and monitored mailboxes, where a process starts the moment an email arrives.

MCP + REST
For systems that speak it
SFTP + flat files
CSV / fixed-width
Monitored mailboxes
A process per inbound email
Auth
OAuth2 · API-key · bearer · basic
§ 05Security

Governed, aligned, and questionnaire-ready.

SSO / SAML for identity, PHI masking on by default, careful secret handling, and a route-level authorization model where every action checks the actor’s role — the same checks the UI enforces, never a new path. Practices are SOC 2-aligned and HIPAA-aligned.

The full enterprise write-up — data handling, tenancy, egress guards, shared-responsibility, and an honest, line-by-line compliance status — lives in the security overview.

Identity
SSO / SAML
PHI
Masked by default
Authorization
Route-level · role-checked
Posture
SOC 2-aligned · HIPAA-aligned

Read the full Security & Trust Overview

§ 06 — Where it sits

Scaffolding, not another framework.

ApproachCognitive adaptabilityCausal auditRuntime complianceAutonomy ceilingEmergency brake
Legacy RPANoneLogs onlyOffline policyN/AManual
LLM-on-RPA bolt-onYesOpaquePolicy driftNoNo
Agent frameworkYesTool logsDeveloper effortPrompt-levelNo
RegisseurYesAppend-only · replayableTier 1 · enforcedEngine-level · earnedWorkspace-wide

A framework builds the agent. Regisseur is the production scaffolding required to operate it. See the full comparison

§ Next step

Bring your security questionnaire.

We'll walk the architecture, the audit model, and the deployment topology against your own controls — and hand you the security overview to take back to your team.

Book a walkthrough Read the security overview