Skip to main content

Console tour

The console sidebar is grouped into Overview, Access, Control, Records, and Workspace. Above the groups sit your organisation and workspace switchers and a live gateway-status pill. Here's what each page does. Every screenshot below is the demo data view, so you can recognise each page before connecting your own gateway.

Overview

Dashboard

"What your agents are doing right now — and what Permaura decided." Live counters (active sessions, requests today, approvals pending, denials blocked), a requests-over-time chart split by allow / approval / deny, and a recent-activity feed. It's the first thing you see and the fastest read on whether anything needs you.

Dashboard

Access

Agents

Every AI client enrolled with your account: the device it runs on, whether it's active, idle, or revoked, and how busy it is. This is where you Connect agent and approve new ones. Agents identify per session — remove one and its in-flight access dies instantly. See Connect an agent.

Agents

Connections

Your configured integrations — each one a sealed credential plus the capabilities it exposes. Add a connection from the catalog, an OpenAPI/GraphQL spec, or a generic HTTP endpoint; open one to toggle its capabilities, rotate its credential, or hit the kill switch. Capabilities are managed here, per connection, rather than on a page of their own. See Add a connection.

Connections

Control

Policies

The deny-by-default rules behind grants: for a given connection, which actions are allowed, which need approval, and which are denied. This is where the "agent can ask, Permaura decides" logic lives.

Policies

Grants

What actually hands out access: a grant binds policies to agents, with an optional budget (calls per day/week/month/overall) and expiry, and an enabled/paused switch. Every account keeps one Default grant that approved agents inherit. See Grant access.

Grants

Approvals

The human-in-the-loop queue. Actions marked needs approval pause here until you approve or deny — each request single-use and time-boxed. High-risk actions can require a signature from an enrolled device, or even two people. See Approvals.

Approvals

Records

Audit log

Every decision, hash-chained and ed25519-signed. Click any row to inspect its request hash, chain links, and signature. Filter by agent, capability, or connection, and verify the whole chain with one click. This is the tamper-evident record of everything your agents did, across every tool — and it never contains a credential value.

Audit log

Vault

The secrets your connections hold, listed by id and metadata only — never a value. Values are write-only: you can add and rotate them, but not read them back. It's the inventory of what your gateway is guarding, not a place to retrieve keys.

Vault

Workspace

The Gateway, Members, and Devices pages configure the current workspace — your gateway and remote access, who's in the workspace, and the phones enrolled to approve requests. These are covered in Workspaces & organisations and Remote access.


Where to go next