Neural Inverse is Open Source →
DocsAI Governance

AI Governance

AI Governance gives the organisation control over which AI models developers can use and under what conditions. It is managed in the Console under Manage > AI Governance.

Enforcement Mode

ModeDescription
EnforcedDevelopers can only use models approved in the model access policy. Personal API keys are blocked.
BYOLLMDevelopers configure their own model provider credentials. Org can still restrict which providers are allowed.
MixedSome model tiers are org-managed, others are developer-configured. Configured per model tier.

Switch enforcement mode in the Console under Manage > AI Governance > Enforcement Mode.

Model Access Policy

When enforcement mode is Enforced, the org defines which models are available in the Model Marketplace:

TierDescription
NI ManagedCurated models provisioned by Neural Inverse Enterprise - organisation pays usage, no per-developer credentials needed
Org-configuredOrganisation provides provider credentials at the org level - Claude, GPT-4o, Gemini, Azure OpenAI, Bedrock
Developer-configuredDeveloper provides their own credentials - allowed or blocked by org policy

Blocking Specific Providers or Models

In the model access policy, list allowed providers. Any provider not listed is blocked:

{
  "allowedProviders": ["anthropic", "azure-openai"],
  "blockedModels": ["gpt-4o-mini"]
}

Developers attempting to use a blocked provider or model see a policy error in the IDE status bar. The blocked request is logged in the audit trail.

BYOLLM Configuration

When enforcement mode includes BYOLLM, connect your own model endpoint:

  1. Go to Manage > AI Governance > BYOLLM
  2. Enter the endpoint URL (must be OpenAI-compatible)
  3. Enter the API key (stored encrypted, never logged)
  4. Select which features route to this endpoint: Chat, Power Mode, Checks, Completions

The IDE connects to your endpoint for all selected features. The Enclave still scans context before it reaches your endpoint.

Supported Endpoint Types

Any OpenAI-compatible API endpoint works:

  • Self-hosted models (vLLM, Ollama, LM Studio, llama.cpp with server mode)
  • Azure OpenAI endpoints
  • AWS Bedrock via OpenAI-compatible proxy
  • Any other provider with an OpenAI-compatible API

Agent Model Controls

AI agents (Power Mode, Workflow Agents, Checks Agent) can be restricted to specific models separate from the IDE chat model:

{
  "agentModels": {
    "powerMode": ["claude-sonnet-4-6", "gpt-4o"],
    "workflowAgents": ["claude-haiku-4-5"],
    "checksAgent": ["claude-sonnet-4-6"]
  }
}

This lets the org use cheaper or faster models for high-volume agent tasks while reserving premium models for direct developer interaction.

Cost and Usage

The Console shows model usage under Observe > Cost and Usage:

  • Token consumption by model, by project, by developer
  • Cost breakdown by provider (when NI Managed or org-configured credentials are used)
  • Spend alerts configured under Manage > Spend Alerts

Usage data is updated approximately every 5 minutes.

Developer Request Workflow

When a developer needs access to a model or provider that is blocked by policy, they can submit a request directly from the IDE:

  1. Developer attempts to use a blocked model - sees a policy error
  2. Developer clicks Request Access in the error notification
  3. Request appears in the Console under Manage > Requests with full context
  4. Admin approves or denies with a note
  5. Developer is notified in the IDE

All requests, approvals, and denials are logged in the audit trail.


Was this page helpful?

Last edited