How Kynexa governs enterprise AI interactions.
A complementary control plane between enterprise identities, data, context, models, tools, agents and AI applications. Policy is evaluated inline and activity is recorded as structured audit events.
Reads at source · single-tenant · every policy decision logged.
A three-lane reference architecture. Identities and source systems on the left are read and indexed in place. The single-tenant Kynexa control plane in the center includes connectors, semantic metadata and context graph, policy service, LLM gateway, MCP and tool gateway, agent and memory governance, and audit service. Governed AI systems on the right include RAG applications, copilots, agents, models, tools, MCP servers and vector stores. Data stays at source, metadata stays in tenant, policy is evaluated inline and every decision is logged.
The problem we solve
Governance bolted onto each AI application is inconsistent and hard to audit across the estate. Enterprises need one control point between their identities, data sources and their AI systems that reads at source, enforces inline and records every decision.
The end-to-end flow
Connect & scan
Connectors list and read items from your sources using OAuth or API keys, with Vault-backed credentials.
Process
The file processor extracts unified text, chunks and embeddings; embedding calls route through the provider-agnostic gateway.
Understand
Semantic metadata adds entities, labels, sensitivity and categories at element level.
Govern
The policy manager authors, evaluates and simulates policies over that metadata, on retrieval, reasoning and output.
Serve
Governed RAG, model routing, tool access, agent actions, and memory operations proceed only under the applicable policy decision.
Prove
Structured events record data access, policy decisions, models, tools, identities, memory, outputs, and decision reasons.
Enforcement points
Where the control plane acts between identities, data sources and AI systems.
| Control surface | Policy input | Enforcement point | Audit evidence |
|---|---|---|---|
| Read-at-source | Connector scope | Connectors (Secure Connections) | Access log |
| Policy enforcement | Role · intent · sensitivity | Policy service (inline) | Decision log |
| Model & tool gateways | Approved catalog · scope | LLM / MCP gateways | Gateway trace |
| Audit | All decisions | Audit service | Structured events |
Architecture principles
Your data stays at source
Kynexa reads and indexes; it does not relocate data.
Provider-agnostic
One gateway across model and embedding providers; bring your own vector store.
Auditable by default
Every policy evaluation is logged as a structured event.
Single-tenant deployment
Deployed as a complementary layer isolated in your environment.
Technical FAQ
See Kynexa govern your AI — in 30 minutes.
Bring a real use case. We'll set up governed retrieval, reasoning and audit on your stack.