PalmerAI - Audit-first AI Governance Gateway
Pilot-ready - Evidence-first - Human-in-the-loop
What it is
A secure gateway designed to enforce policy, approval gates, and audit evidence for AI-driven actions before execution.
Designed for
- Security / Compliance / IT stakeholders
- Teams scaling automation with controlled risk
- Procurement-friendly pilots (tight scope, clear outputs)
Deployment model
- Cloudflare Workers runtime (edge)
- Auth + policy evaluation in the request path
- Operator console and audit reports (ops/admin)
Details are verified from repo config in the Security Review Pack.
How it works (5 steps)
- Send request to Gateway
- Policy evaluation + risk classification
- If triggered - approval required
- Execute / block
- Write audit evidence (metadata)
What we log (evidence-first)
- Request ID
- Decision: allow / block / approval required
- Policy reference
- Timestamp (UTC)
- Risk level and triggers
Default posture avoids raw prompt storage in audit records unless pilot scope requires it.
Pilot (Single Use Case - 30 days)
- One primary use case (scope-disciplined)
- Defined risk triggers + approval gates
- An audit report you can share with security / compliance stakeholders
- Clear go / no-go decision and rollout options
Security posture (pilot-ready)
- Secrets via Cloudflare secrets
- Admin endpoints protected by Bearer tokens
- Rate limits / abuse controls in policy
- Retention is policy-configurable
Procurement-friendly notes
- No cookies / no tracking on the public website by default
- Evidence-first audit summaries (request ID + policy reference)
- Scope-disciplined pilot (one use case)
- Clear go / no-go success criteria
- Built for security / compliance stakeholders
- Minimal integrations in v1 to keep risk low
- Security and data-handling review pack (pilot-ready) available on request