Appearance
What this is
AI Control Center is the governed layer between AI clients and the systems where work happens. It does not expose every downstream tool to the model — it exposes a small, governed surface for discovery, execution, confirmation, and evidence. This page defines the core terms.
Gateway
The public endpoint AI clients connect to. It exposes a small orchestration surface (search_tools, execute_tool, confirm_operation, sessions) — not the raw downstream tools. One front door, governed.
Tool & Registry
A tool is a callable capability (a comp adjustment, an email send, a retrieval). The registry holds normalized metadata for every tool — schema, risk_level, confirm_required, data_scope, and searchable text. search_tools queries the registry; it does not grant access.
Session
Groups the calls for one user task. Every gateway call carries session_id + user_intent, which makes multi-step agent work traceable and auditable.
Policy (execution-time)
Decides whether a principal may run a tool against a resource — allow, route (to approval), deny, or abstain (no rule → default-deny). Discovery checks availability; execution applies policy. Finding a tool is not permission to use it. The decision engine is deterministic and is the only decision authority.
Confirmation
An explicit human approval required before a sensitive operation runs (comp writes, external messages, deletes, exports, legal holds, decisions affecting individuals). Routed actions wait in an approval queue until a named human approves or denies.
Evidence
Every call — allowed, routed, denied, or errored — resolves to a control record: actor, tool, argument summary, policy decision, approver, result, source references, timing. Records can be frozen under legal hold. Every capability resolves to a control record.
Domain
A governed area of work with its own policies and checks — People Analytics, Compensation, GTM. A domain reuses the same gate; only the sensitive-action class and the attached check (fairness, pay-equity, consent) differ.
Honest scope
These are the load-bearing terms; the gateway, control-plane, and API sections build on them. AI Control Center governs and records action — it does not make the business decision for you.