Architecture

Palveron operates in two modes that can be used independently or together — Enforcement Gateway for traffic you can route, Governance Control Plane for traffic you can't.

Enforcement Gateway

For AI systems that route traffic through an API, Palveron acts as a transparent proxy:

Your app → Palveron Gateway → LLM provider
                ↓
         Policy Engine (Rust, μs latency)
                ↓
         Multi-modal analysis (text / image / audio / code)
                ↓
         Trace + audit log → Flare blockchain

For AI systems that cannot be proxied — native platform agents, SaaS tools, browser-based AI — Palveron offers documentation, compliance tracking, and event ingestion via the Extension API and MCP Gateway.

Components

Component	Technology	Purpose
Gateway	Rust / Axum	Near real-time policy enforcement, trace logging, multi-modal analysis
Dashboard	Next.js 16 / React 19	Admin UI, Command Center, Agent Registry, Playground
PostgreSQL	Supabase / self-hosted	Persistent storage, multi-tenancy
Redis	Optional	Caching, blocklists, rate limiting
NGE	ONNX Runtime + 5 models	Local neural inference — sub-50ms PII, injection, NLI scoring
Flare Relayer	Rust	Merkle-tree computation, blockchain anchoring
SDKs	TypeScript, Python, Go, Java	Customer libraries with retry, circuit breaker, multi-modal

Content ingestion paths

Palveron supports several equivalent ingestion paths. Each path normalizes to the same VerifyRequest format:

Path	Use case
SDK / Verify API	Direct API calls from your application code
Gateway Proxy	Drop-in replacement for LLM base URLs
MCP Gateway	Coding agents (Cursor, Windsurf, Claude Code)
Extension API	SaaS connectors, webhooks, external systems

The gateway supports text, images, audio, documents, and code in a single request:

VerifyRequest
├── prompt: String
├── attachments: [{ contentType: "image/png", data: Base64, ... }]
└── context: { mcpServer, toolName, chainDepth, sourceSystem }
         ↓
    Content-type detection (auto: OpenAI / Anthropic / Palveron format)
         ↓
    Provider routing: Text → NGE local → optional LLM-assist
                      Image → Llama Guard Vision
                      Audio → Whisper → text pipeline
                      Code → Secret Scanner + NGE
         ↓
    Merge findings → apply policies → decision

Attachment types use MIME strings (no enums) — extensible without code changes. Today: image/png. Tomorrow: application/x-lidar-pointcloud.

Neural Governance Engine (NGE)

NGE is Palveron's local inference layer — five ONNX models that run inside the gateway and turn most LLM-assist round-trips into sub-50ms local calls.

Input → NGE pipeline (5 stages)
   1. Regex          — fast, deterministic (credit cards, SSNs, emails)
   2. Aho-Corasick   — multi-pattern keyword matching (denylists, brand terms)
   3. ONNX NER       — entity extraction (PII NER × 2 + injection detector)
   4. Contextual     — NLI semantic scoring (toxicity, off-topic, policy intent)
   5. LLM-Assist     — escalate borderline cases to the cloud (toggleable)

Engine modes:

Mode	Latency	When to use
`disabled`	n/a — pure regex + LLM-assist	Pre-Sprint-54 behavior, no NGE inference
`nge_local`	~30-50 ms	Run only local models — zero LLM cost, zero external calls
`nge_fallback` (default)	~30-50 ms + occasional LLM	Local-first; borderline cases escalate to LLM-assist
`llm_only`	~300-800 ms	Skip local inference, always call LLM

Most customers run nge_fallback — Palveron's data shows it eliminates 85-95% of LLM-assist calls while keeping accuracy within 1 percentage point of llm_only.

The NGE outputs are assistance signals — they inform policy decisions, but the policy engine still owns the final decision. See the Neural Governance Engine guide for the full pipeline.

Purpose-Bound Entity Governance (PBEG)

Traditional access control governs entities by type ("agents", "users", "documents"). PBEG governs entities by purpose — the declared reason the entity exists.

Agent: "support-bot-v2"
   ↓
Declared purpose: "Answer tier-1 customer support emails. Read CRM tickets. Send templated replies. Never invoice."
   ↓
Capability model derived from purpose
   ├── ALLOW    crm.read_ticket
   ├── ALLOW    email.send_templated
   ├── DENY     billing.create_invoice
   └── REQUIRE  approval for crm.bulk_export

When an agent attempts an action outside its declared purpose, Palveron blocks (or queues for approval) — even if the action would otherwise pass the gateway's content checks.

PBEG runs alongside, not in place of, the existing EntityGate. PBEG is the enforcement primary; EntityGate continues in observe-only mode for backwards compatibility. Purpose is set during agent registration and is one of the fields auditors look at first in Annex IV reports.

Security model

Dual authentication: API key + optional JWT
Multi-tenancy: Organization → project isolation, enforced in middleware
RBAC: 5 levels — platform_admin, owner, admin, editor, viewer (see Roles & Permissions)
Encryption: AES-256-GCM at rest, TLS 1.3 in transit
Audit immutability: Append-only traces, blockchain-anchored evidence
Failure modes: Configurable fail-open or fail-closed
Circuit breaker: All SDKs include a client-side circuit breaker (5 failures → open → 30s cooldown)

On this page