Capability log

What's new in Cortex AI OS.

Every capability in the governed runtime, and what we're improving. This log reflects the current public release — grouped by area, each entry tied to a capability that ships today, with no fabricated version history.

Grouped by area · Shipped vs. Improved · links to the platform

Governance runtime

The gates every run passes.

Author an agent and every run flows through the same fail-closed governance chain — identity, budget, guardrails, registry, control-tower, policy, oversight, audit. Deny is the default.

Policy-as-CodeShipped

Testable policy rules with simulate and golden tests

Author rules that evaluate in priority order with the most-restrictive effect winning (deny > require_approval > allow), preview a decision and its per-rule trace before shipping, and gate changes against a golden-test suite.

Action FabricShipped

Actions as first-class governed objects

Every action runs through dry-run → propose → approve/deny → execute → compensate with an immutable invocation ledger and an evidence pack. High-risk actions land in a human approval inbox; declared rollback keys enable compensation.

Oversight modesShipped

Explicit autonomy levels with a risk floor

Set per-agent autonomy from suggest_only through autonomous. Oversight can only tighten a decision, never weaken the action's own approval floor — and admin break-glass force-executes with a mandatory audited reason.

Agent IAMShipped

Identity and access for every agent

Agents carry their own identity, allowed tools, allowed models, allowed data, and deployment channel. The runtime refuses to execute missing, draft, unpublished, cross-tenant, expired, paused, or unauthorized agents.

MCP GatewayShipped

Governed Model Context Protocol servers and tools

MCP servers register as pending and cannot be invoked until approved; block is an instant kill-switch. Governed invokes run a DLP scan on input, enforce a per-server tool allow-list, and record every call with redacted I/O.

Control TowerShipped

One command center over the whole fleet

An aggregated per-tenant view of agents, runs, spend, tools, and active controls — with one-click pause and tool-disable that the runtime enforces (a paused agent is rejected 409 AGENT_PAUSED).

Trust & provenance

From governed to provable.

Every governed outcome is recorded so a third party can check it. The audit ledger is hash-chained, outcomes emit signed receipts, and a provenance graph stitches the chain from human to outcome.

Trust LedgerShipped

Tamper-evident, hash-chained audit

Every audit event is hash-chained so any insertion, edit, or deletion is detectable, with a verify endpoint that proves integrity over a range and returns the broken sequence if the chain was altered.

Trust LedgerShipped

Signed outcome receipts, verifiable offline

Each governed outcome — an agent run, an action execution, an approval decision — emits a compact, detached-signature receipt a third party can validate offline, with the signing key operator-supplied and fail-closed in production.

ProvenanceShipped

10-hop provenance, datapoint to source

A queryable lineage graph stitches the chain Human → Agent → Skill → Prompt → Policy → Model → Tool → Artifact → Outcome → Approval, and every surfaced fact links back to its source filing, page, and box.

Agents & Studio

Build agents that earn the right to ship.

Author governed agents in plain English or code, then move them through a real lifecycle — draft, test, review, publish — with a reliability bar that decides what reaches production.

Agent StudioShipped

No-code studio with the full agent lifecycle

Author agents with skills, knowledge, guardrails, and model policy, then walk the draft → test → review → approve → publish → deploy → pause → retire lifecycle — with prompt and instruction versioning and a built-in evaluation harness.

Reliability scoreShipped

A reliability bar that gates production publish

A 0–100 score blends success rate, eval pass rate, and incidents over a rolling window. The registry refuses to publish an agent that has enough signal and scores below the bar (409 RELIABILITY_TOO_LOW) — while new agents publish freely and a scoring outage fails open.

OntologyShipped

A business semantic layer with versioning

Model object types, relationships, and verified metrics with object-, property-, and action-level permissions — plus ontology versioning, promotion, rollback, and migration so the model evolves safely.

Automation

Move work through the governed runtime.

Orchestrate multi-step work and let events trigger governed actions — without ever stepping outside the gates.

AutomationShipped

Workflows and event-condition-action rules

Compose multi-step workflows and event-condition-action automations that propose governed actions, run on a schedule or a queue, and stream through the real-time hub — every step still passing the same gates.

Observability

Watch, judge, and improve every run.

You can't govern what you can't measure. Per-run quality scoring, eval gates, a simulation lab, and a full-trace debugger turn agent quality into a number you can watch and gate on.

ObservabilityShipped

Per-run quality scoring and eval release gates

Each governed run is scored for quality — faithfulness, citation coverage, safety — with the trace captured for replay; gold eval suites act as release gates that block a regression before launch. Live runs return quality { overall: 100 }.

Agent debuggerShipped

Replay any run, hop by hop

The debugger reconstructs an entire run — prompt → context → model → tools → approval → output — each step stamped with cost, latency, and verdict, and every hop linking back to the trust ledger.

Simulation labImproved

What-if testing before you promote

A/B prompts and models against real traffic and compare the results before promoting a change — so a candidate proves itself before it touches production runs.

Cost & value

Spend you can cap and prove.

Put a budget on the runtime and tie every dollar to the work it bought.

Cost GovernanceShipped

Rolling spend caps with alerts and hard caps

Set tenant- or agent-scoped budgets with an alert threshold and an optional hard cap. Spend is computed live over a rolling 30-day window, and a run is blocked once projected spend would exceed a hard cap — emitting BudgetExceeded events.

Model opsShipped

Model policy and a compute broker

Govern which models an agent may use and route runs through a compute broker — so model choice is a policy decision, with usage, adoption, and ROI rolling up alongside cost.

Distribution

Ship a governed solution once, deploy anywhere.

Bundle a tenant's governed solution into a versioned, signed, portable artifact you can verify and re-deploy — across tenants and air-gapped environments.

Solution PacksShipped

Signed, verifiable Solution Packs

A pack bundles ontology types, policies, actions, and agent metadata; its contents are canonicalized, hashed, and HMAC-signed. verifyPack checks both the content hash and the signature — any tamper breaks hashOk, any wrong secret breaks signatureOk.

Solution PacksShipped

Import with a verify-first diff preview

Importing a pack shows a per-section diff — added, changed, unchanged — against your live definitions, then verifies before it applies and refuses an invalid pack (409). Transfer happens through the artifact, never a direct cross-tenant write.

This is the capability log of the current governed runtime, not a dated release history. Want updates as new capabilities ship?Subscribe for product updates

Want a deeper look?

Read how the governed runtime fits together, or see it run against your own work.