Live demo · Intelligent data governance

Policy, classification, sealed text & RLS — in one runway

Use the tabs below to walk a crisp story: health → OPA rules & access → POST /evaluate → seal / unseal → AI-generated RLS. Set the Admin API in Settings.

Step 1

Status

Confirm OPA and optional audit DB from health.

Step 2

Policies

Edit CSV-driven rules or run banking access-check presets.

Step 3

Classify

Run LLM-assisted evaluate with identity headers.

Step 4

Protect

Seal sensitive text; unseal to prove round-trip.

Step 5

RLS

AI-generate PostgreSQL RLS policies from OPA rules.

OpenAPI docs

Tip: host/port should match your Admin API (e.g. /data-governance/docs).

Service status

One glance: OPA gate, audit store, and crypto. Raw JSON is optional.

Open Policy Agent — POST /evaluate

Enforcement OFF

When ON, requests hit OPA before the LLM. Deny → 403; OPA unavailable → 503.

Policy paths & files

Input bundles user, action, and resource. Example Rego: governance_evaluate.rego. Dashboard exports: output/governance_evaluate_from_dashboard.rego.

Audit trail

Not configured

Successful evaluate / seal / unseal can log to Postgres when CURATED_DATABASE_URL is set.

Cryptography

Seal / unseal uses HKDF-SHA256 + AES-256-GCM.

AES-256-GCMKyber: not on API

PQC notes

Optional Kyber KEM via liboqs can add pq_kem_hint on envelopes; baseline seal remains AES.

Developer: raw health & crypto JSON