Layer 04 · Trust

Human in command. AI in execution.

Synapse doesn't replace people — it amplifies decisions. Human approval where it matters, autonomy where it's safe, an auditable trail throughout. Your company adopts AI without losing control, without breaking policy, without surprises in an audit.

See full architecture
113
granular permissions
100%
of actions auditable
LGPD
by design, schema to log
B
finance squad · proposed action
Send an R$ 84,320.00 invoice payment to vendor Cibra Distribuição — due in 5 days.
policy · amount > R$ 50k · requires human approval
CM
Camila Moraes · CFO
Cross-checked active contract and cash flow. Approved — action executed and logged.
✓ Approve Decline
The "ungoverned AI" problem

Autonomous AI without control fails audit — and the board.

Mid-market companies adopting AI without a governance framework learn the cost of "speed first" early. Irreversible mistakes, leaked regulated data and audits with gaps are the three scenarios that stall roll-out — and the ones HitL governance exists to neutralize.

Irreversible mistake

Wrong payment, contract sent without review, email shipped to the wrong customer. High-impact actions without human approval turn into labor, financial and reputational liabilities.

Regulated data leak

A squad ships personal data to an external LLM, the model retains it in history, the regulator finds it. Without granular RBAC and PII redaction, your team breaks LGPD silently — and the fine arrives later.

Audit with gaps

"Who approved this payment?" "The AI." "Which document was used?" "No log." Without per-agent and per-action audit trail, your company is indefensible in a compliance review.

The solution: native Human-in-the-Loop

Four steps, one loop. Approval where it matters, autonomy where it's safe.

HitL isn't "everything needs approval" or "AI decides everything alone." It's a framework that classifies each action by risk, requires a human at the critical points and allows autonomy where policy permits — with 100% auditable trail on both sides.

Step 01

Risk classification

Every action is classified by impact and reversibility. Sending an internal summary is low. Paying a vendor is high. Deleting a record is critical. The framework sets the tier.

By amountBy dataBy recipient
Step 02

Policy and workflow

You configure it: "amounts above R$ 50k approved by CFO", "deletions only by director", "external customer contact goes through the account manager". The squad obeys your business policy.

Custom workflowPer squadNo code
Step 03

Human approval where it matters

When the tier calls for people, Synapse pauses the action and routes to the right approver. With full context of what is about to happen, the source backing it and the expected impact.

Full contextMobile approvalNative HitL
Step 04

Immutable audit

Every decision — human or AI — becomes a line in an immutable log: who, when, on which source, with what result. Exportable for compliance, board or regulator, with no friction.

Append-onlyPer agentAuditor export
113 granular permissions

Serious RBAC: who does what, with which data, in which branch.

Synapse doesn't have "admin" and "user" — it has 113 granular permissions that cover every action, every data type and every agent. Combined with the Branches system, it isolates units of the same group.

RBAC + Branches

Policy from your org chart, not from our ERP.

The Branches system isolates units of the same enterprise group — each branch sees only its own scope, while the holding consolidates everything. Permissions cross role × data type × branch scope.

  • By role: CEO, CFO, sales manager, analyst, external consultant — each one sees only their own universe.
  • By data: sensitive data (PII, restricted financial, confidential contract) requires explicit permission.
  • By branch: the SP branch manager doesn't see the São Paulo Holding base — unless policy allows.
  • By agent: the finance squad has access to accounts payable. The marketing squad doesn't — even if it asks.
permissions-matrix · role: sales manager
View sales pipelinescope: own branch
ON
Export lead listscope: own branch, no CPF
SCOPE
Send proposal > R$ 100krequires director approval
HITL
Access confidential contractsrestricted permission
OFF
Delete customer recorddirector only + special log
OFF
View AI call historywith decision and approver
ON
Technical specification

The details your compliance and legal team will validate.

Serious governance isn't just "approval in the flow" — it's architecture that separates roles, isolates data, logs everything immutably and exports in a format the regulator accepts. Here is how Synapse implements each piece.

Native HitL inside the agent

Human approval is part of the agent definition, not a plugin. Policy says "when, to whom, with what context". The agent pauses, waits, resumes — without rework and without dropping state.

Per agentNative workflowNo lost state

Immutable audit trail

Append-only log with chained hash: tampering breaks the chain, evidence preserved. Every LLM call, every prompt, every human decision — with trusted timestamp and compliance export.

Append-onlyHash chainAuditor export

113 granular permissions

RBAC with 113 controllable actions — read, write, export, delete, approval override, sensitive data access. Default-deny: whatever wasn't explicitly allowed is blocked.

Granular RBACDefault-denyAuditable per user

Branches system

Same platform, many isolated spaces. The holding consolidates — each branch sees only its own. Useful for enterprise groups, franchise networks and multi-country operations with distinct regulatory requirements.

Multi-branchSelective rollupMulti-jurisdiction

LGPD by design

Encryption at-rest and in-transit. Native PII detection blocks personal data before it becomes an external prompt. Configurable retention, right-to-erasure via API, auditable logs for the DPO.

EncryptionPII redactionConfigurable retention

Behavior observability

Dashboard shows approval rate per agent, average human latency, reversal rate. You discover where the policy is too tight and where it's too loose — before it becomes an incident.

HitL rateReversalsBottleneck analysis
Platform integration

Governance isn't "after the fact" — it's in every call, in every log line.

No Squads, Your Base or Multi-LLM decision goes around governance. It is the layer that makes Synapse safe adoption for regulated mid-market.

Squads obey policy

Every squad action consults the policy before executing. If the tier requires HitL, the squad pauses and routes. No hack, no bypass — behavior guaranteed.

Your Base with PII guard

Documents containing personal data are tagged at ingest. The router blocks these chunks from external models. Human approval required to make the source active.

Router audits picks

Every chosen model gets logged with reason and cost. Compliance sees which provider processed what. Policy can force an on-prem model for sensitive data.

Want to see governance running on one of your team's workflows?

In a 45-minute technical demo, we configure a squad with your company's policy, run a real action and show the audit trail — ready for your compliance and legal teams to validate.

See full architecture