- Agents as governed identities
- Owner · risk tier · expiry
- Pause respects identity scope
One screen to pause, gate, and kill your AI agents.
The Control Tower is air-traffic control for your agent fleet — a tenant-wide view of every run, spend, and tool, with operator controls that the runtime actually enforces. Pause a misbehaving agent and its next run is refused 409 AGENT_PAUSED, before any model is called.
Admin-only · tenant-scoped · fail-closed enforcement
When an agent goes wrong, minutes matter.
A misbehaving agent can burn budget, call the wrong tool, or take real action across thousands of runs while you scramble for a console. Without one place to see the whole fleet and a switch that actually stops it, governance is a dashboard you read after the incident — not a control you act through during it.
See everything. Stop anything. Prove all of it.
The Control Tower aggregates live state across your Cortex services into one admin-only, tenant-scoped view — and turns it into controls the runtime obeys.
- 01
Live aggregation
One per-tenant view of agents (by status, paused), runs (total · failed · last-24h), spend (all-time · 30-day · by model), tools (calls · failures · disabled), active controls, and recent audit + policy denials.
- 02
Operator controls
Pause or resume any agent, and disable or enable any tool — one click. Controls write to cortex_runtime_controls and take effect on the very next run.
- 03
Governance report
Export the whole overview as a CSV governance report — the one-click artifact you hand a regulator, auditor, or your own risk committee.
A pause that actually pauses. A kill switch that actually kills.
These are not UI toggles. Pausing an agent refuses its next run with 409 AGENT_PAUSED; disabling a tool drops it from the agent's toolset so it can never be called. Enforcement lives in runtime.service.ts run() — the same fail-closed path every governed run already takes.
- Pause / resume any agent — refused 409 AGENT_PAUSED while held
- Disable / enable any tool — disabled tools are dropped from the toolset
- Every control change is admin-only and recorded in the audit log
The demo you can run yourself.
Pause Fraud Triage in the Control Tower, then trigger a new run for the same agent. The runtime refuses it before identity, budget, or model — a deny you can see in the response and in the ledger.
Powerful by design, locked down by default.
Every Control Tower endpoint requires a platform-admin session, resolved server-side via auth-service. The tenant is taken from the authenticated principal — never the request body — so a mismatched tenantId is rejected 403.
Unauthenticated callers are rejected before any aggregation runs.
Operators and read-only roles can view runs but cannot pause, disable, or export.
Owner / admin / superadmin (or controltower.admin permission) get the full command center.
The Control Tower sits on top of every gate.
It aggregates and acts on the same governed services your agents already run through — so what you pause, audit, and report on is the real thing.
- Five autonomy modes
- Risk floor it can only tighten
- Audited break-glass
- Every pause/resume recorded
- Hash-chained, tamper-evident
- Governance report exports
- Live spend by model
- 30-day budgets · hard caps
- Surfaced in the overview
Built for the enterprise security review.
Admin-only access, server-side tenant isolation, fail-closed enforcement, and a full audit trail on every control — mapped to the frameworks your auditors already use.
Put your agents under air-traffic control.
See every run, stop anything in one click, and export the proof — from one admin-only command center.