Governance
Who is acting, on what, within which scope
Nolocron tracks who is behind every action — you, an assistant, or an importer — not just a single user. Each one runs with an explicit identity, scope, and audit trail, and context only reaches an assistant through a permission you grant.
Problem
Why it matters
Hand an AI your whole memory and you've traded one risk for another. Useful context has to be brokered — granted, scoped, and revocable — not siphoned.
Capabilities
What Nolocron provides
- Every action carries an execution context: who is acting, what they may do, in what scope.
- A policy engine evaluates each action — default-deny when no policy applies.
- Agents run at a trust tier that narrows what they can reach; scope locks keep them in bounds.
- Access shaping for external clients, so a connector can't probe for what it isn't allowed to see.
Workflow
How it works
- Each actor acts through its own context, never a shared bypass.
- Policies gate tool use, scope, and rate.
- Agents are confined to their assigned scope by the query layer.
- Grants are explicit, inspectable, and revocable.
Evidence
Product proof points
- Nothing runs without a known actor and scope, and no action can quietly widen its own access.
- Even you act through a scoped identity — there is no master key that quietly sees everything.
- Permissions and provenance are things you can see and check, not plumbing hidden under the app.
Related