AI use control, upload protection, and audit evidence for institutions.
Register institutions, generate secure deployment kits, inspect AI use, and export audit evidence without storing raw sensitive content.
Loading system status…
Command Ledger
Ready to refresh.
Loading…
Create institution
No institution action yet.
Invite the first institution administrator
Create the institution workspace first, then send password-setup instructions to its verified administrator. Public self-signup remains disabled.
No administrator invitation sent.
AI Tool Registry
The approved inventory for websites, desktop applications, local model runners, APIs, and browser extensions.
Tool
Type
Decision
Coverage
Refresh the registry to load tools.
Technical result
No registry action yet.
Discovery Queue
New websites and applications reported automatically by managed browsers, endpoints, gateways, DNS, proxies, and firewalls.
Default action: an unknown AI destination is blocked and held for review. Only destination and application metadata is stored.
Discovered item
Source
Status
Action
No discoveries loaded.
Review selected discovery
Controlled discovery simulator
Use synthetic metadata only. Managed devices normally report this automatically.
Technical result
No discovery action yet.
Managed Devices
Enroll institution computers and monitor Browser Guard, Endpoint Agent, application discovery, and policy status.
One-time enrollment secret
Copy it directly into the approved device configuration. It cannot be displayed again and is never stored in raw form.
Device
Site / group
Platform
Access
Connection
Action
No managed devices loaded.
Selected device control
Replacement device credential
Install it directly on the selected device. It is shown once and is never stored in raw form.
Technical result
No device action yet.
Fleet Management
Organize institution sites and device groups, then issue short-lived enrollment campaigns for controlled bulk installation.
Unique device identity: a campaign authorization is temporary and usage-limited. Every computer exchanges it once for its own revocable credential.
1. Institution site
2. Device group
3. Enrollment campaign
One-time campaign authorization
Use only in the approved deployment system. Revoke it after rollout. The raw value cannot be displayed again.
Campaign
Scope
Usage
Expires
Status
Action
No enrollment campaigns loaded.
4. Central device actions
Safe remote administration: choose a site, group, selected devices, or every matching device. Endpoints accept predefined actions only—arbitrary PowerShell and raw credentials are never sent.
Select
Device
Site / group
Connection
Refresh fleet to load devices.
Action
Scope
Progress
Status
Approval
No central actions loaded.
Technical result
No fleet action yet.
Policy Control
Review the effective tool and data policy, then publish a numbered release for managed gateways, browsers, and endpoints.
Unknown AIBlock and review
External uploadsInspect all destinations
Raw sensitive storageDisabled
Effective policy details
Preview or publish a policy release.
Institution Deployment Center
Generate institution-specific gateway, endpoint, browser guard, policy bundle, installation docs, checksums, and a downloadable ZIP package.
No deployment kit generated in this session.
Operator access
Allowlist an existing Authentication user and assign one controlled role. Institution-scoped roles require at least one institution ID.
No operator action yet.
Approvals
Request
Subject
Status
Action
Refresh approvals to load requests.
Record a decision
No approval action yet.
Incidents
No incident action yet.
Prompt Guard
No prompt inspected yet.
Document Upload Guard
Managed browsers detect the destination automatically. Operators do not maintain URLs during normal use.
Automatic coverage: every available external file selection is paused and inspected before the destination page receives it. Some external services disable attachments for signed-out or restricted accounts; use this controlled simulator when their file picker is unavailable.
No upload inspected yet.
Developer Guard
No code scanned yet.
Evidence Export
No evidence action yet.
Administrator guide
Follow this guide in order for a controlled institution rollout. Public self-signup is disabled: every institution, operator, device, policy, and high-impact action remains inside an approved administrative workflow.
A national operator creates the institution workspace first, then invites its verified administrator. The administrator receives password-setup instructions directly by email; AIGuard never stores a password or reset link.
Open Institution Setup and use a stable institution ID.
Invite the institution administrator at an official, verified email address.
Use Forgot password for recovery; the response does not reveal whether an account exists.
2. Assign the correct role
The number shown at the top is the count of institution workspaces in scope. It does not mean one institution owns another. A national operator may administer several institutions; institution roles see only their assigned institution IDs.
National operator: cross-institution control and onboarding.
Institution administrator: sites, groups, devices, and operators in its institution.
Security officer: reviews tools, incidents, approvals, policies, and fleet actions.
Auditor/developer reviewer: read or specialist review access only.
3. Register AI policy
Unknown destinations are blocked and held for review. Managed browsers, endpoints, gateways, DNS, proxies, and firewalls report destination and application metadata automatically.
Review discoveries as Approve, Monitor, or Block.
New approvals require an independent second reviewer.
Publish a numbered policy release after approved changes.
4. Organize the computer fleet
Create sites and device groups before enrollment—for example, head office, branch, data center, staff computers, security workstations, or developer devices.
1 computer: controlled PowerShell installation is acceptable for a pilot.
Up to 50: use a limited campaign with Group Policy or approved IT deployment.
Hundreds: use Intune or equivalent endpoint management with staged groups.
Every computer exchanges campaign authorization once for its own revocable identity.
5. Deploy safely at scale
Create a short-lived, capacity-limited enrollment campaign for one site and group. Keep its authorization outside MSI properties, source control, email, browser storage, and shared folders.
Begin with a small pilot and verify ONLINE heartbeats.
Roll out in batches using the provided Intune, Group Policy, or PowerShell profiles.
Revoke the campaign after the expected enrollment count is reached.
Browser Guard is distributed through managed Chrome/Edge enterprise policy.
6. Operate devices centrally
IT can target checked devices, a group, a site, or all matching institution devices. Selection scope applies to the filtered target, not only a convenient manual copy-and-paste workflow.
Available actions are health check, policy refresh, restart, automatic credential rotation, staged update, rollback, disable, and controlled uninstall.
Offline devices receive unexpired queued work when they reconnect.
Use maintenance windows, small batches, progress refresh, pause/retry procedures, and rollback evidence.
7. Approve high-impact actions
Multi-device credential rotation, update, rollback, disable, and uninstall require two-person control. The requester cannot approve or reject their own request.
A second security officer reviews the action, scope, count, and maintenance window.
Rejected jobs remain at zero progress and never reach endpoints.
Approval and job outcomes are appended to the audit chain.
8. Rotate credentials automatically
The endpoint generates the replacement locally, sends only its SHA-256 verifier to the control plane, and protects the raw value with Windows DPAPI LocalMachine.
Administrators never view, copy, email, or paste the replacement.
Verify the job reaches COMPLETED and the device remains ONLINE.
Manual rotation is reserved for controlled recovery only.
9. Inspect AI use and evidence
Prompt Guard, Upload Guard, and Developer Guard classify content before external AI use. The ledger retains decisions, classifications, hashes, actors, and chain links—not raw prompts, files, code, passwords, or credentials.
Verify the audit chain after material operations.
Export evidence for internal audit, INSA readiness, management, and regulator review.
Use synthetic data for acceptance tests.
10. Sign production releases
Controlled pilots may use checksum-verified unsigned packages. Production distribution should use an organization-validated code-signing certificate issued to BookAddis Technology PLC.
Prefer a trusted hardware token or managed cloud-signing service.
Keep the private key non-exportable; never send the key, PIN, or password through chat, email, ZIP, source control, or AIGuard.
Run signing-readiness, sign PowerShell/MSI artifacts, timestamp signatures, and verify signatures before publishing.
11. Update, recover, and revoke
Use only integrity-verified enterprise bundles. The transactional updater backs up the current runtime, preserves device identity, checks health, and restores the backup if validation fails.
Use rollback only through an approved maintenance action.
Disable a lost or retired device centrally before local uninstall.
Rotate a suspected credential automatically; use manual recovery only when the endpoint cannot authenticate.
Never delete audit history to make a dashboard look clean.
12. Daily operator routine
Keep operations short and repeatable.
Review offline/stale devices and pending discoveries.
Review pending approvals and incidents.
Confirm policy release and fleet-job progress.
Verify the audit chain and export scheduled evidence.
Investigate repeated failures before retrying an action.
Operational rollout checklist
Step
Owner
Output
Approve operating scope
Executive sponsor + security office
Institution, users, risk scope, and success criteria
Create workspace
National or institution operator
Institution record and policy context
Invite administrator
National operator
Verified institution account with scoped role
Define sites and groups
Institution IT
Approved fleet topology and rollout scope
Generate kit
AIGuard operator
Integrity-verified ZIP, SHA-256, and installation guide
Allowed public prompt, blocked restricted upload, blocked risky code
Test central operations
IT + second approver
Health, rotation, rejection, reboot, and rollback evidence
Export evidence
Auditor/operator
Evidence ZIP and verified audit chain
Security rule: Do not email enrollment authorizations, credentials, signing keys, PINs, or certificate passwords. Do not upload real citizen, customer, credential, or confidential data during first validation. Use controlled synthetic data until the institution security office approves production traffic.