How it works
One governed path. Many execution options.
Before any model sees your data, AIGIS maps the user, enforces permissions live, strips inaccessible fields, and records evidence. The interface changes. The control plane does not.
- No model sees data the user cannot access
- Every governed decision is replayable from the ledger
- Permissions enforced live, not cached snapshots
- Works with the AI your teams already chose
How it works
A governed request, start to finish.
Every request runs the same governed path before anything is read, written, or sent to a model. Here's what one looks like.
Live governed request
Enforced before the model
Three enforcement tiers
Permissions run three layers deep.
Object access tells you whether the user can see the record type at all. Record visibility tells you which rows they can read. Field permissions tell you which columns reach the model. AIGIS enforces all three before assembling any prompt.
Tier 1
Object access
Can this user see Accounts, Opportunities, Cases? If the object is off-limits, it is excluded entirely. No fallback, no partial leak.
Tier 2
Record visibility
Live UserRecordAccess check. Which rows can this person see right now? Sharing rules, territories, and manual shares are all respected. Never cached.
Tier 3
Field permissions
Restricted columns (SSN, salary, Amount) are stripped before the prompt is assembled. The model never receives data the user is not cleared to read.
Current enforcement reality
The connectors do not all have the same trust model.
AIGIS is honest about the difference between production enforcement and design-partner co-development. Salesforce is real today; ServiceNow and SAP are active co-development tracks with asymmetric enforcement.
Salesforce
Salesforce is production-grade today
Apex with sharing, object and field checks, live UserRecordAccess, governed reads and writes, and append-only provenance.
ServiceNow
ServiceNow is design-partner co-development
ServiceNow uses a customer-configured impersonation header. Enforcement quality depends on the customer's ServiceNow configuration and rollout scope.
SAP
SAP is design-partner co-development
SAP uses service-account access plus a customer-approved user-context header. We disclose this asymmetry instead of presenting SAP as Salesforce-equivalent.
Control plane
Not every request needs a model.
AIGIS sits between chat surfaces and systems of record. Requests can start in Slack, Claude, Teams, OpenAI, or Salesforce LWC, then pass through the same governed routing layer before anything is read, written, or sent to a model.
Systems of record
AIGIS MCP
Governed router
Chat surfaces
Execution routing after governance
Cache
Known answer, governed data hash matches
Workflow
Registered action or human-approved write
Live query
SOQL, OData, SQL, or system API
Model
Small, frontier, fallback, or customer-hosted LLM
Self-healing where it matters
Fail-closed, not fail-open.
Every governance decision defaults to denial. If the cache is missing, we go live. If the live check is missing, we deny. If a system is unreachable, we exclude it from the response, and we tell you we did.
Scenario
Cache miss
Permission cache lookup fails. We fall back to a live system query. User waits 200ms longer with no policy bypass.
Scenario
Identity mismatch
A system cannot resolve the user, so the system is excluded from this query. The response carries an honest provenance note.
Scenario
LLM outage
Primary model fails. AIGIS can fall back to another approved model or route to a non-model path when the request can be satisfied by cache, API, or workflow.
Scenario
Stale permission window
Delta permission sync runs continuously and record-level access is always live. Cache staleness can never leak record data, only field-level metadata, and even that within minutes.