Governance
Risk, ownership, AI accessibility, and policy simulation — with explicit honesty about enforcement state.
Total capabilities
33
High risk
7
AI-accessible
26
Metadata-only
33
Ownership gaps
0
Stale
1
Policy simulator
Pick a principal, capability, and action. ATLAS evaluates matching policies and returns the decision, reasons, and obligations. Every simulation is recorded as an audit event.
Active policies
- P1External models restricted from confidential contextdenysimulated
External-model assistants may not access confidential or restricted capabilities without explicit approval.
actions: invoke_read, invoke_write
obligations: use_internal_model_only
- P5Production destructive changes require approvalmanual approvalmetadata only
Any destructive write in production requires manual approval.
actions: invoke_write, manage
obligations: record_justification, request_owner_approval
- P10Read-only tools for approved assistantsallowsimulated
Approved coding assistants (Cursor / Windsurf / Claude Code / Internal Agent) may invoke read-only MCP tools without manual approval.
actions: discover, view_docs, invoke_read, simulate
- P20Missing owner prevents activationmanual approvalmetadata only
Capabilities without an owner team may not be invoked in production.
actions: invoke_read, invoke_write
obligations: require_owner_approval