PalveronPalveronDocs
User Handbook

Settings — Security

API keys, blockchain wallet, Browser Guard keys, encryption, and the Neural Governance Engine.

Navigate to Settings → Security. This page is for platform admins; other roles see a read-only view.

API keys

Project API key

Generated when the project is created. Format: pv_live_... (production) or pv_test_... (sandbox).

To rotate: click Rotate key, confirm, copy the new value. The old key is invalidated immediately.

After rotation, every integration needs the new key. Stage rotation: rotate in a test project first, deploy your client update, then rotate in production.

Extension keys (Browser Guard)

Separate ext_... keys, one per extension deployment. Generate one per department, region, or team — revoke independently when staff turnover happens.

Agent keys

Issued automatically when an agent is registered (format: agent_...). Listed under the agent's Integration tab. Revoked automatically when the agent is paused, suspended, or revoked.

Neural Governance Engine (NGE)

NGE runs local ONNX models inside the gateway for sub-50 ms PII, injection, and intent detection. Configure under Settings → Security → Neural Governance Engine.

Engine mode

Pick the engine that powers verify decisions:

ModeBehaviorCost / latency
DisabledPure regex + LLM-assist (pre-Sprint-54 behavior)Highest LLM cost, ~300-800 ms latency
NGE LocalLocal inference only; never escalates to LLMZero LLM cost, ~30-50 ms
NGE Fallback (default)Local-first; borderline cases escalate85-95% LLM cost reduction, ~30-50 ms typical
LLM OnlySkip local inference, always call cloud LLMMost expensive; useful only for benchmarking

Most customers run NGE Fallback. Switch to NGE Local for strict data-residency requirements; full air-gapped deployment is on the roadmap (see On-premise & air-gapped).

Sensitivity preset

A single slider that maps to internal thresholds across all five NGE stages:

PresetBehaviorWhen to use
StrictLower thresholds, more BLOCK / MODIFY decisionsHealthcare, finance, government
Balanced (default)Vendor-tuned thresholdsGeneral enterprise use
TolerantHigher thresholds, fewer interventionsInternal R&D, developer tooling

The preset adjusts NGE confidence cutoffs across all stages — Regex, Aho-Corasick, ONNX NER, NLI Contextual, and LLM-Assist.

Shadow mode

Toggle Shadow mode to run the engine for evaluation without enforcing decisions. Traces show what would have happened (BLOCKED, MODIFIED) but the request always passes through. Use Shadow mode for:

  • A/B testing a stricter sensitivity preset before rolling it out
  • Validating NGE accuracy against a known-good corpus
  • Onboarding new agent types without false-positive blocks

Language packs

Default: English + German. Enable additional language packs (Spanish, French, Italian, Portuguese, Dutch, Polish — one ONNX model each) for multilingual prompts. Each pack adds ~250 MB to the gateway image; load on first use.

Entity redaction

Default on. When enabled, NGE-detected entities are redacted in the modified_prompt returned by /verify and stored redacted in traces. Disable only when downstream systems require raw text (and you carry the audit/compliance risk).

Blockchain configuration

Wallet mode (Platform-managed or BYOW — Bring Your Own Wallet), attestation level (MANDATORY_ONLY, BROAD, EXHAUSTIVE), smart contract address, and verification link. See Configure Wallet for the full setup.

Encryption

OptionAvailable fromDescription
StandardCommunityAES-256-GCM with a Palveron-managed key
BYOK (planned)Enterprise (roadmap)Bring Your Own Key — KMS-backed (AWS KMS, GCP KMS, Azure Key Vault, HashiCorp Vault). Architecture is in place; rollout follows the launch milestone.

BYOK encryption is on the post-launch roadmap and not yet generally available. The behaviour described here is the planned design. Contact sales if you need BYOK as part of an enterprise contract — early-access slots are limited.

The planned design: BYOK projects will be able to revoke encryption keys to render historical data unreadable — useful for legal-hold release or right-to-be-forgotten flows.

Palveron Discover (Business / Enterprise)

Per-project toggle for behavioral AI discovery (SSE fingerprinting + extension inventory). See Shadow AI Dashboard for what it surfaces.

Settings — General

Project name, environment, language, and general configuration

Settings — Notifications

Alert thresholds, email recipients, and event configuration

On this page

API keysProject API keyExtension keys (Browser Guard)Agent keysNeural Governance Engine (NGE)Engine modeSensitivity presetShadow modeLanguage packsEntity redactionBlockchain configurationEncryptionPalveron Discover (Business / Enterprise)