Architecture

Five layers of governance, one contract.

Proofpane is the policy, evidence, and audit layer for enterprise AI work. Every AI action moves through the same five boundaries — so what an auditor or risk officer needs to see is structurally guaranteed, not added on after the fact.

01

AI Entry Points

Where AI work originates

Proofpane sits in front of the AI surfaces your team already uses, so governance is uniform across them — not bolted on per integration. MCP-native clients (Claude Desktop, Cursor, Continue, Codex, VS Code Copilot) wire via the daemon; non-MCP automators (Zapier, Make, n8n, UiPath, Power Automate, Copilot Studio, Agentforce, direct LLM API) route their egress through the gateway — same policy gate, same audit chain.

  • ·IDEs and coding agents (MCP-native)
  • ·MCP-compatible hosts and custom MCP servers
  • ·Workflow automators and RPA (via egress gateway)
  • ·Agent builders and enterprise SaaS connectors
  • ·Direct vendor SDKs (set base URL → governed)
02

Policy & Permission

Before any tool fires

Every AI action passes a policy gate that resolves identity, risk tier, allowed tools and data sources, egress destinations, and approval requirements. Decisions are explainable, not opaque.

  • ·User identity and role resolution
  • ·Risk-tier routing
  • ·Tool allow / deny
  • ·Data source and egress controls
  • ·Redaction and DLP
  • ·Human approval gates for sensitive actions
  • ·Runtime intervention — pause, review, and resume mid-stream
03

Evidence & Audit

Every action, attributable forever

What actually happened lands in a tenant-scoped, cryptographically chained record. Exported as a signed Evidence Pack your auditor verifies offline — no Proofpane backend required.

  • ·Cryptographically chained audit log
  • ·Tenant-scoped isolation, structurally detectable
  • ·Signed Evidence Pack export
  • ·Standalone open-source verifier
  • ·Replayable decisions with full lineage
04

Governance & Evaluation

Operational evidence for AI risk reviews

Mapped controls, quality and drift signals, cost gates with anomaly detection, and approval-gated prompt evolution — everything an AI risk programme needs to demonstrate ongoing operational discipline, not a one-off snapshot.

  • ·Control mapping across 5 frameworks — NIST AI RMF, ISO/IEC 42001, EU AI Act, GDPR, SOC 2 (335 controls)
  • ·Quality, hallucination, and drift monitoring
  • ·Cost gates with audited refusal and anomaly detection
  • ·Approval-gated prompt evolution
  • ·Cross-vendor evaluation
05

Enterprise Integration

Plugs into the systems you already operate

Identity, storage, change management, and observability flow through the systems your enterprise already runs. Proofpane is the governance layer, not a parallel platform you have to operate separately.

  • ·Identity providers (SSO and OAuth)
  • ·Customer-controlled storage and retention
  • ·Ticketing and change management
  • ·SIEM and GRC export
  • ·Model providers (Anthropic, OpenAI, Google, DeepSeek, OpenAI-compatible)

A note on scope. Proofpane supports operational evidence and governance workflows for AI risk management. It does not independently certify regulatory compliance — obligations under NIST AI RMF, ISO/IEC 42001, EU AI Act, GDPR, or sector-specific regimes remain with you and your assessor.

Detailed deployment topology, cryptographic envelope, policy schema, control library, and subprocessor information ship to customers during security review — see the security overview for what is public, what is gated, and how to start a review.

Want to see this end-to-end on your own AI work?