AI layer
Let agents act, without handing them the keys.
AI in your platform is only useful if you can trust what it does on your behalf. IntegraCI routes every model call and every tool an agent touches through one governed gateway: policy decides what is allowed, a person signs off on the risky steps, and the trail records what happened. The same controls apply from a guided evaluation to a self-hosted, air-gapped install. Here is how each one works.
Governed gateway
One endpoint your tools already know how to call.
The gateway speaks the OpenAI-compatible API, so the clients and SDKs you have point at it with a URL change. Every model call your platform makes goes through here, which is what lets the policy, approvals, and metering below actually mean something.
-
OpenAI-compatible
Point your existing AI clients and SDKs at one endpoint. The request shape is the one your tools already speak, so you route through governance without rewriting them.
-
One door in
Every model call from your platform goes through the gateway. There is no side path that skips the controls, so the policy you write actually applies.
-
Provider behind the seam
Swap or add a model provider without touching the apps that call it. The gateway holds the keys and the routing, the caller holds a stable contract.
no side path skips the controls
- read_catalog agent:triage allow
- open_pr agent:triage allow
- delete_service agent:triage deny
checked before the tool runs
Per-tool authorisation
An agent does what you allowed, not what it dreamt up.
A capable model will suggest actions you never meant to permit. Before any tool runs, IntegraCI checks it against policy-as-code bound to that agent. No matching rule means no action, so the boundary holds even when a prompt tries to talk its way past it.
-
Per-tool authorisation
Each tool an agent can reach is checked against policy-as-code before it runs. An agent gets the actions you allowed it, not everything the model could imagine.
-
Closed by default
A call with no matching allow rule is denied, not waved through. When a policy is missing, the action does not happen.
-
Policy you can read
The rules ship as code you version and test, so what an agent may do is reviewable in a pull request, not buried in a prompt.
Human-in-the-loop approvals
Keep a person on the irreversible decisions.
Some actions you never want a model to take on its own. Mark them sensitive and they pause: the agent proposes, the action waits in an approval inbox, and a reviewer decides. Approve, reject, and the reason all land in the audit trail.
-
Stop before the risky step
Actions you mark as sensitive pause and wait for a person. The agent proposes, a human decides, and nothing irreversible runs unattended.
-
One inbox to decide in
Pending actions collect in an approval inbox with the context behind each one, so a reviewer approves or rejects without chasing the trail.
-
On the record
Who approved what, and when, lands in the exportable audit trail alongside the action itself.
-
grant_access
pendingagent:onboard requests prod read for payments-api
Approve Reject -
deploy_promote
pendingagent:release promotes build 1f3a to prod
Approve Reject
Scoped agent credentials
Give each agent its own keys, not a master one.
A shared credential turns one compromised agent into access to everything. IntegraCI issues per-agent credentials for the tools each agent uses, held in a dedicated secrets store. The agent works with a reference, so there is no plaintext key to surface in a log or a prompt.
-
Scoped per agent
Each agent gets its own credentials for the tools it uses. One agent cannot borrow another's access, so a mistake stays contained.
-
Kept off the database
Credentials live in a dedicated secrets store. The agent receives a reference, not a plaintext key it could leak in a log or a prompt.
Usage metering
See the AI spend before the bill arrives.
Because every call goes through the gateway, every call gets counted. Tokens and cost are recorded per tenant and per caller, so you can attribute spend, set budgets, and gate runaway usage instead of reconciling an invoice after the fact.
-
Counted as it happens
Every call records its tokens and cost, so usage shows up where the spend is, not in a surprise bill at month end.
-
Attributed to a tenant
Usage is tied to the tenant and the caller that drove it, which makes chargeback and budget limits something you can actually enforce.
Grounded retrieval
Answers from your platform, not a guess.
A model that only knows general facts gives general answers. IntegraCI retrieves over your own service catalog, runbooks, and telemetry, so an agent reasons about the services you actually run. Retrieval stays tenant-scoped, so the context never crosses a boundary.
-
Grounded in your catalog
Answers draw on your own service catalog, runbooks, and telemetry, so the model reasons over what your platform really looks like.
-
Tenant-scoped retrieval
Retrieval respects the same isolation as everything else. An agent sees its tenant's context and nothing from another's.
-
Fresh, not frozen
The index tracks your catalog and signals over time, so the context an agent reasons over keeps up with your estate.
Capabilities
Everything in the AI gateway.
The governed controls that route, gate, and account for every AI and agent action across your platform.
Bring AI to your platform with the guardrails on.
Request a demo, connect your own model provider, and route agents through governance from the first call. Self-host when you need to, up to an air-gapped install.