Durable agent governance for the enterprise

Agent governance. Remarkably simple.

Declare your org. Bind your roles. Ship governed agents. Powerloom is the control plane IT teams use to run Claude agents at scale — with the access model and audit trail you already expect.

Request access →See how it works
Deployed on AWS Hash-chained audit Community edition coming
Policy decisions · allow · deny · inherited
support-triagerun-as · kaipg-writerrun-as · servicerepo-analyzerrun-as · janefiles-supportpg-analyticsslack-opsgmail-sendPOWERLOOM · POLICY PLANErbac.checkokou.bindingsokdeny.mergeokpolicy.evalokDECISIONS files.read slack.post gmail.sendfiles.read
The governance gap

Your agents have permissions. Do they have governance?

Every Claude agent your teams ship is another identity with tools, credentials, and access to something it shouldn't outlive. Most orgs don't track them. Most can't revoke them. None can prove what they did.

Ad-hoc
Credentials in code.

API keys pasted into config files. Tokens shared over Slack. No revocation path when someone leaves.

Opaque
No audit trail.

Agents call tools. Tools hit systems. Nothing is reproducible, attributable, or reviewable after the fact.

Sprawl
No org model.

One person ships a pilot. Three teams ship copies. The compliance review is the week before the audit.

How it works

Three concepts. Every auth decision in your agent fleet.

If you've used Active Directory, you already know the model. OUs, security groups, role bindings, deny precedence — applied to agents, their tools, and their runtime.

Step 01

Model your org

Nest OUs the way engineering already does — by team, environment, or tenant. Agents, MCP deployments, and human members live inside an OU and inherit its policy.

▸ acme
▸ engineering
▾ platform · 2 agents · 2 MCPs
• pg-writer (service)
• repo-analyzer (user)
▸ support
▸ accounting
Step 02

Bind roles, merge denies

Grant AgentAuthor to eng-leads. Deny invocations outside business hours. Stacked bindings resolve with AD semantics — deny always wins, inheritance flows down.

allow
eng-leads
OUAdmin
allow
usr.raj
AgentAuthor
deny
contractors
inherited · acme
AgentAuthor
allow
svc.pg-writer
DeploymentOperator
Step 03

Run, and see every call

Agents call MCP tools through the Powerloom runtime. Every request is checked against the merged policy, logged with a decision, and streamed to the session console in real time.

14:22:07session.startpg-writer · usr.raj
14:22:08tool.callsql.explain
14:22:08policy.check✓ allow · rbac
14:22:09tool.resultrows=84 · 612ms
14:22:11tool.callsql.migrate
14:22:11policy.check✗ deny · out-of-hours
14:22:11session.idle_endreason=policy
Platform

A control plane for agent fleets.

The patterns you already know — organizational units, role bindings, audit trails — applied to the agents your teams are shipping.

Organizational units

Nest agents, groups, and MCP deployments under OUs that mirror your org chart. Policy inherits down. Admin delegates cleanly. Scoping is a structural property, not a code convention.

OUsinheritancedelegation

RBAC with deny precedence

Built-in roles (OrgAdmin, AgentAuthor, DeploymentOperator) plus custom roles scoped to an OU or the whole org. Deny wins. Merges are deterministic.

built-in + customdeny-mergedeterministic

Approval gates

Freeze high-risk tool calls behind a human reviewer. The agent waits. The request, the reviewer, and the decision are all rows in the audit trail.

requestreviewrecorded

Append-only audit

Every agent turn, tool call, policy decision, and approval lands in a hash-chained log. Replay any session. Export to Splunk, Datadog, or S3. Redact at read time.

hash-chainedreplayableSIEM-ready
Security

Security by absence. Trust is the product.

Every agent action is authenticated, authorized, and logged. Every policy decision is reproducible. The dangerous capabilities were never built.

Access
AD-native RBAC

OUs, security groups, role bindings, deny precedence. OIDC sign-in via Google, Microsoft, or GitHub.

Audit
Hash-chained

Append-only. Cryptographically linked. Replayable. Exportable to Splunk, Datadog, or S3.

Encryption
Envelope-encrypted

Per-tenant KMS keys. Secrets never land in plain text. Zero-backdoor by design.

Posture
In progress

SOC 2 audit initiated. HIPAA and ISO 27001 on the roadmap. Details on the security page.

Read the full security brief →
The reveal

All that governance. One conversation.

Ask in English. The meta-agent drafts the manifest, shows you the diff, applies with your approval. Sixty seconds from ask to ship. Every decision in the audit trail.

youSpin up a support-ticket classifier for the customer-ops OU. Read from Zendesk. Flag anything billing-related for human review.
claudeDrafted agent.yml and a new role binding. Two changes:
+ agent            ticket-classifier          (ou=customer-ops, model=claude-sonnet-4-6)
+ approval-policy  billing-review             (gate: tag=billing)
+ mcp-binding      zendesk-read              (scope=customer-ops)
claudeApply now? y
claude✓ Applied in 1.2s. Run apl_7c3e91. Agent is live.
Infra-as-code

Declarative, reviewable, diff-able.

Every OU, binding, agent, and MCP deployment is a YAML manifest. Apply with the CLI, review in PR, roll back on drift.

  • weave apply — plan, diff, rollout
  • Policy simulator runs in CI on every PR
  • Git-native: the manifest is the source of truth
  • Drift detection alerts when the live state diverges
$ powerloom apply -f acme/
// planning changes against ou=acme …

+ ou               acme/engineering/platform
+ role-binding     eng-leads → OUAdmin        (scope=platform)
~ role-binding     contractors ✗ AgentAuthor  (effect: allow → deny)
+ agent            pg-writer                  (model=claude-sonnet-4-6)
+ mcp-deployment   pg-analytics               (template=postgres v3)

// 5 changes · 0 warnings. apply? [y/N] y
 applied in 1.4s · run apl_9f2ac4
Start governing

Govern your fleet.

Invite-only beta. Request access and we'll get you running.

Request access →Read the brief