Security & Governance
Governed knowledge, secure delivery.
AgileDocs is built for organizations that need to control what knowledge goes where, who can access it, and what AI systems are allowed to do with it.
Not "throw content in and hope AI figures it out"
Most knowledge platforms treat content as a flat bucket for retrieval. AgileDocs treats every content object as a governed asset with approval state, ownership, freshness, confidence level, and explicit rules about how it can be used.
The difference matters. When AI retrieves an answer from AgileDocs, it knows whether the content is approved, who owns it, when it was last reviewed, how confident the source is, and whether it's allowed to surface that content in that context.
Content guardrails
Every knowledge object in AgileDocs carries governance metadata that controls how it can be used:
- Approval states prevent unapproved content from reaching customers or AI systems
- Ownership tracking creates accountability for every piece of knowledge
- Freshness dates and review cycles flag stale content before it causes problems
- Confidence levels signal to AI systems how much to trust each source
- Allowed and prohibited use flags control which channels can surface the content
- Restricted-use content stays internal even when AI retrieves it
- Citation chains trace every claim back to its source
Secure MCP delivery
AgileDocs exposes knowledge to AI systems through the Model Context Protocol (MCP), a standardized layer for resources, tools, and prompt templates. This is not a public API with no controls. It is a governed delivery mechanism with:
- Bearer token authentication for every MCP session
- Rate limiting and concurrent session controls
- Content filtering based on publication status and approval state
- Role-aware access so different AI clients see different content subsets
- Audit logging for every retrieval operation
Editorial workflow security
Content review uses one-time cryptographic tokens rather than shared credentials. When an admin generates a review link, the system creates a unique 48-character hex token tied to a specific article. The token is invalidated immediately after the reviewer submits feedback.
- Tokens are not guessable (48-character random hex)
- Each token is single-use and tied to one article
- Only admins can generate review links
- Reviewers never need to create accounts or log in
- Feedback is captured with timestamps for audit
What AgileDocs does not do
Security is also about what you choose not to build:
- AgileDocs does not store or process customer PII
- AgileDocs does not send content to third-party AI providers without explicit configuration
- AgileDocs does not auto-publish content without approval workflows
- AgileDocs does not allow AI to invent facts, only retrieve governed source objects
- AgileDocs does not track individual user behavior for advertising purposes