Governance
Access control
Identity and access management across the three sovereignty tiers. The MCP Gateway enforces per-operation authorization for every human role and non-human identity.
Role matrix
Per-tier access by human role, enforced at query time — the AI only retrieves what the acting user may view.| Role | Members | Public | Company | Business Unit | Destructive ops |
|---|---|---|---|---|---|
Chief Compliance Officer | 3 | Full | Full | Full | Allowed · sign-off |
Agent Architect | 12 | Full | Full | Read | — |
Quant Researcher | 24 | Read | Read | Full | — |
Risk Analyst | 41 | Read | Read | None | — |
External Auditor | 5 | Read | None | None | — |
Non-human identities
Agent identities brokered by the MCP Gateway — short-lived tokens, mutual authentication and per-tool authorization.| Agent | Tool authorization | Token TTL | Mutual auth |
|---|---|---|---|
FX Risk Copilot | get_fx_exposure Granted rag.search Granted place_order Denied | 15m | |
Compliance Sentinel | flag_violation Granted notify_officer Granted | 15m | |
FX Algo Trading Agent | place_order Approval get_fx_exposure Granted | 30m | |
Liquidity Stress Modeler | run_stress_scenario Granted rag.search (unit) Denied | 15m |