5. Single-System Control Plane: Operations
Functional Documentation
The Single-System Control Plane is the runtime cockpit for one AI system. It is where operators monitor activity, tune enforcement behavior, manage integrations, and control operational access.
1) System Overview
Purpose: At-a-glance health view of one system (runtime state, traffic/risk snapshots, top-level KPIs).
What you can do:
- Navigate directly into operational modules from one screen.
Main actions:
- Open Activity
- Open Prompts
- Open Guardrails
- Open Integration
- Open Access
- Open Settings
Notes:
- Some actions are role-gated (for example Access and sensitive integration actions are admin-only).
2) Activity (Logs)
Purpose: Full event timeline for the system, including guard and complete lifecycle records.
What you can do:
- Investigate incidents.
- Validate guard behavior.
- Inspect prompt/output evidence.
Main actions:
ExportRefreshApply FiltersResetView DetailsView Prompt/Hide PromptPrevious/Next
Detail panel actions:
Export JSONGenerate Summary/ regenerateMark as False Positive(permission-based)
3) Prompt Explorer
Purpose: Prompt/output analysis workspace for prompt-level observability and patterns.
What you can do:
- Explore prompt history.
- Inspect topic clusters.
- Pivot from topic insights to raw events.
Main actions:
ExportRefresh- Topic selection in distribution map
View DetailsView Prompt
Notes:
- Reuses timeline and filter mechanics from Activity but is optimized for prompt-intelligence workflows.
4) Guardrails
Purpose: Runtime security posture and enforcement controls for the system.
What you can do:
- Configure allow/block behavior.
- Configure strict mode.
- Configure AI audit behavior.
- Configure protection modules.
Main actions:
Save Notification ChannelsSave Plan TierSave Service ProtectionSave AI Firewall / Security ShieldSave Circuit Breaker
Typical toggles:
- strict security mode
- shadow mode
- AI analysis
- block prompt injection
- block DB access
- block code execution
- block toxicity
- block PII leakage
- encrypted payload handling
Notes:
- Changes are explicit-save. Unsaved changes are not enforced.
5) Blacklist & Policies
Purpose: Deterministic policy layer for blocked terms and rule-based enforcement.
What you can do:
- Maintain blocklists.
- Bulk import policy terms.
Main actions:
AddUpload(CSV import)Delete
Notes:
- This is a pre-execution deterministic layer. Edit rights are role-restricted.
6) Access
Purpose: Role-based control over who can operate this system.
What you can do:
- Assign internal operators.
- Invite and assign customer collaborators by allowed roles.
Main actions:
Assign OperatorInvite & Assign- Revoke/remove assignment
Notes:
- Admin permissions are required for management actions.
7) Integration (SDK)
Purpose: Connect runtime traffic to AgentID through SDK keys, setup guidance, and outbound hooks.
What you can do:
- Generate and manage API keys.
- Configure SIEM/webhook delivery.
- Copy SDK quickstart assets.
Main actions:
Generate KeyCopy KeyOpen Step-by-Step Setup GuideOpen SIEM Settings
Webhook actions (when enabled):
Add webhookSave changesCancelEditDeleteTest webhookAuto-generate secret
Notes:
- Some integration surfaces are hidden or read-only in customer-managed contexts.
8) Settings
Purpose: Operational metadata and system configuration management.
What you can do:
- Update system details.
- Update business context.
- Manage versioning metadata.
Main actions:
Save System DetailsSave Business ContextBump VersionEdit in Guardrails/Open Guardrails
Notes:
- Runtime security controls are managed in Guardrails; Settings handles metadata and links into enforcement configuration.