Demo environment — metrics shown are simulated to illustrate production monitoring patterns.

Governance Dashboard

Platform safety, cost controls, and eval quality

Safety

Active

Guardrails, prompt injection detection, XSS sanitization

Eval Quality

Active

CI-gated eval suites, hallucination heuristics, drift monitoring

Cost Control

Active

Rate limiting, token-cost tracking, per-route spend gates

Human Oversight

Active

HITL checkpoints on high-stakes multi-agent transitions

Auditability

Active

Trace IDs, structured logs, immutable audit trail

Portfolio Telemetry

Real-time signals where instrumented; representative baselines elsewhere. All controls are implemented in code and verified in CI.

Live signalRepresentative baseline

AI Governance & Trust Model

Automated Outcome Grading: LLM-as-Judge grader agents score every response against ground-truth eval cases. CI blocks any merge where quality regresses below threshold — the same pattern as Anthropic's Outcomes primitive.

Guardrail Boundary: Prompt-injection checks and output sanitization are enforced centrally at API trust boundaries.

Human Oversight: High-stakes multi-agent transitions require explicit HITL checkpoint approval before strategist output continues.

Traceable Operations: Structured logs plus trace IDs make request, model, and policy decisions auditable end-to-end.

Security & Agent Sandbox

Production-style security controls with documented residual risks.

Agent sandbox rules, threat model, and machine-readable posture are versioned with the repo.

SECURITY.md Security Threat Model security-posture.json

CSP note: The Content Security Policy intentionally permits unsafe-inline, unsafe-eval, and WASM execution. These exceptions exist solely to support the four browser-native AI demos (RAG Pipeline, Vector Search, Multimodal, Quantization) which run ONNX/Transformers.js models via WebAssembly and WebGPU directly in the browser — no server inference. All other routes operate under a strict baseline policy.

Secrets posture: No production secrets are stored in the repository. API keys, Redis tokens, and service credentials are managed exclusively via Vercel environment variables and are never committed to source control or exposed to client-side code.

Trust Control Flow

Human approval required before strategist execution

Execution paused for review at HITL checkpoint

Policy check passed before response release

Decision trace logged with request and trace IDs

Guardrail-triggered outputs are blocked or redacted

Telemetry Snapshot

Policy Controls

Control	Status	Implementation
Content Security Policy	✓ Active	next.config.ts + proxy.ts
Rate Limiting (Upstash Redis)	✓ Active	10 req / 60s per IP, SHA-256 hash
Prompt Injection Detection	✓ Active	src/lib/guardrails.ts — centralized signatures
Competitor Mention Filter	✓ Active	Redacts 8 competitor names
Hallucination Heuristic	✓ Active	Key-fact presence check on long outputs
XSS Sanitization (DOMPurify)	✓ Active	All LLM output before render
IP SHA-256 Hashing	✓ Active	Never raw IPs in storage
npm audit (CI-enforced)	✓ Active	0 high/critical CVEs
Eval Regression Gate	✓ Active	fidelity ≥ 0.85, halluc. ≤ 0.10
HITL Checkpoint (Multi-Agent)	✓ Active	Human approval before Strategist runs

Recent Audit Events

Time	Event	Detail	Policy	Severity
14:07:58	guardrail.blocked	Prompt injection detected — IP redacted	prompt-injection-policy	warn
14:05:03	guardrail.redacted	Competitor mention filtered from output	competitor-mention-policy	info
14:03:12	eval.regression	Fidelity Δ +0.02 vs baseline — within gate	—	ok
14:01:44	rate_limit.triggered	429 issued to IP hash a93aa730	—	warn
13:58:31	deploy.passed	CI gate passed — fidelity 0.94, halluc. 0.02	—	ok
13:55:09	guardrail.blocked	Template injection {{}} in query body	prompt-injection-policy	warn
13:51:22	eval.completed	Snapshot run — eval posture recorded	—	ok

Token Latency vs. Cost (24h)

Illustrative

vs. cost/request (24h)

Hover to inspect hourly values · Blue = latency · Teal dashed = cost/request

Business hours show higher latency with lower cost/request due to increased cache hit rates. Simulated data — production would stream from OTEL collector via /api/enterprise-sim.

Spatial AI Health

● Live

Reconstruction Drift Score

0.12(< 0.25)✓

HITL Approval Rate

94%(> 80%)✓

Agent Spatial Queries / min

3.4(< 10)✓

Mesh Consistency (10k frames)

98.7%(> 95%)✓

HITL Rejections (last 24h)

1(< 5)✓

Last trace: spatial-demo-seed-001 · 2026-04-20T09:14:33Z

Live Skill Activity

Real-time log of skill invocations across all demos. Resets on server restart (in-memory buffer, last 50 events).

Why this matters to enterprise buyers

CFO perspective

Cost per interaction is tracked and gated. Rate limiting prevents runaway spend. Every token cost is observable.

CTO perspective

Guardrails, automated outcome grading, and HITL checkpoints are code — not policy docs. Grader agents fail CI on quality regression before any merge reaches production.

CISO perspective

No raw IPs stored, prompt injection detected at the edge, all outputs sanitized before render, audit log immutable.