Documentation

Cogniplane — Governed AI Workspace for Enterprise Teams

Cogniplane gives your organization one governed place for AI work — research, drafting, analysis, and multi-step workflows — using company-approved skills and tools. IT and Security control access, approval policies, and the audit trail. Business teams get a workspace they can actually use.

💬

I'm a regular user

I want to ask questions, delegate tasks, and get work done using the Cogniplane chatbot.

Go to User Guide →
⚙️

I'm an admin or developer

I set up the platform, publish skills, connect data sources, and manage access for my team.

Go to Admin Guide →

What is Cogniplane?

Cogniplane is a governed AI platform built for enterprise adoption. Unlike a consumer AI tool, every capability your employees access has been reviewed, approved, and configured by your team. The agent runs inside an isolated session per user, connects only to the data sources your admins have whitelisted, and logs every action to a replayable audit trail.

Governed skills and connectors

Admins publish domain-specific skills and approve MCP server connections. Employees use only what IT has reviewed — no self-service shadow connectors.

Human approval workflows

Consequential tool actions pause and wait for explicit approval before executing. Approval policies are configured centrally — end users cannot bypass them.

Multi-tenant isolation

PostgreSQL row-level security and per-session isolated runtimes keep teams and data separated by architecture, not just policy.

Full audit trail

Every session, tool call, and approval decision is logged. Evidence is replayable and exportable for compliance and security reviews.

How it works at a glance

When a user sends a message, Cogniplane selects the right skill, calls the approved tools available to that team, and streams the result with full tool activity visible in the conversation. The agent runtime runs in an isolated process per session — connected to your internal systems only through the MCP gateway, which enforces auth and audit on every call. Admins configure what each tenant can access through the tenant policy and integrations surfaces; the runtime enforces those boundaries, not prompts.

Who uses this documentation

CTOs and Heads of AI evaluating the platform

The Platform Overview, Tenant Policy, PII Protection, and Deployment sections cover architecture, governance model, and security posture — the substance behind the marketing.

Engineers doing the implementation

The admin guide covers everything needed to go from zero to a running deployment: choosing a runtime provider, connecting MCP servers, writing and publishing skills, configuring the tenant policy and PII protection, managing tenants, and setting up SSO.

CISOs and security reviewers

Multi-tenant RLS, WorkOS SSO (SAML, OIDC), RBAC, credential isolation, secret redaction, and replayable audit sessions are covered across the admin sections. Nothing is hidden behind a sales call.

Business teams onboarding to the workspace

The user guide covers the full end-user experience: starting sessions, working with skills, understanding tool approvals, uploading files, and managing conversation history.

Platform capabilities at a glance

Choice of runtime provider

Each tenant picks a runtime — Codex with OpenAI models or Claude Code with Anthropic models — using the organization's own API key. The same governance surface applies to both.

PII protection built in

Detect, block, or transform PII in chat prompts, uploaded files, and imported documents. Detection combines an LLM-based provider with rule-based fallbacks, and findings are persisted for audit.

Reviewed skills marketplace

Import curated AgentSkills bundles from a reviewed marketplace and activate them as tenant-local revisions after inspection.

Draft rollouts for beta testers

Skills and MCP servers can be kept in draft so only beta testers see them before you publish broadly.

Tenant integrations

Enable Notion, GitHub, and Microsoft / SharePoint per tenant from a single admin surface. Reads and writes are toggled separately, and writes flow through the approval gate.

Artifacts, previews, and feedback

Generated files land in the session as artifacts with inline preview for text, code, Markdown, images, and PDFs. Users can thumbs-up or thumbs-down any assistant answer; ratings roll up in the admin dashboard.

Token usage dashboards

Admins and end users can review token consumption and estimated cost over time, with breakdowns by user and model.

Tenant API keys and GitHub setup

Owners set the organization OpenAI or Anthropic API key to match the chosen runtime, install the tenant GitHub App for private repository access, and users can optionally authorize GitHub as themselves.

💡
New here? If someone else set up Cogniplane for your team, jump straight to Getting Started. If you're responsible for the platform, head to the Admin Guide.
For Users

Getting Started

Cogniplane runs in your browser. Your admin will give you a link to your organization's Cogniplane instance. Here's what to expect on your first visit.

Signing in

Cogniplane uses your organization's existing identity provider — the same login you use for other work tools. Click Sign in with your organization, complete the login prompt, and you'll land on the chat interface.

💡
No account to create. Your admin provisions access on your behalf. If you can't sign in, contact your Cogniplane administrator.

The interface at a glance

The main screen has three areas:

  • Sidebar (left) — your past and current sessions. Click any session to return to it.
  • Chat area (center) — the conversation. Messages from you appear on the right; Cogniplane's responses and tool actions appear on the left.
  • Input bar (bottom) — type your message or attach a file here. Press Enter or click Send.

Personal settings

Your settings area includes two new controls that are useful during day-to-day work:

  • Token usage & cost — review your own usage over time, broken down by day and model with estimated spend.
  • GitHub authorization — if your organization has installed the GitHub App, you can optionally authorize GitHub as yourself so runtime actions use your identity instead of the app bot.

Starting your first conversation

  1. Click "New session"

    Each conversation lives in its own session. Sessions keep your context separate and can be resumed later.

  2. Type your question or task

    Be as natural as you like. You can ask a direct question ("What were our top 5 products last quarter?") or describe a task ("Summarize this PDF and list the key action items").

  3. Watch Cogniplane work

    You'll see the agent's reasoning and any tool calls in the conversation. Read-only actions (like searching a database) happen automatically. Actions with side effects will ask for your approval.

  4. Follow up naturally

    Cogniplane remembers the full conversation within your session. You can ask follow-up questions, correct misunderstandings, or change direction at any point.

For Users

Having a Conversation

Cogniplane is designed to feel like talking to a knowledgeable colleague — one that also has direct access to your company's data and tools.

What to ask

Cogniplane handles two types of requests well:

Questions

"What's our current headcount by department?" or "What does the Q3 policy document say about travel expenses?"

Tasks

"Summarize the attached contract and flag any unusual clauses." or "Pull the monthly sales figures and write a short briefing."

Tips for better results

  • Be specific about the goal. "Give me a 3-bullet summary" produces a more focused answer than "tell me about this."
  • Mention the data source if you know it. "Check the HR policy database" helps Cogniplane pick the right tool faster.
  • It's okay to correct the agent. If the answer is off, say so. Cogniplane will adjust and try again.
  • Ask multi-step tasks in one message. Cogniplane handles compound requests — you don't need to break them up.

Understanding the response

Cogniplane responses often include:

  • Tool activity — a collapsible card showing which tool was used, what was queried, and what came back.
  • The answer — the main response, grounded in the data retrieved.
  • Follow-up suggestions — the agent may suggest related questions when they're relevant.
ℹ️
Grounded answers. Cogniplane always tells you where its information comes from. If it uses a tool to retrieve data, that tool call is visible in the conversation. If it can't find a reliable answer, it says so.

When Cogniplane says it can't help

There are a few reasons Cogniplane might decline or say it's unable to help:

  • The data source you're asking about isn't connected yet (talk to your admin).
  • The task requires a capability that hasn't been enabled for your team.
  • The request falls outside the scope of the active skill.

In any of these cases, Cogniplane will explain what's missing so you can follow up with the right person.

For Users

Using Skills

Skills are what give Cogniplane specialized knowledge and behavior. Think of a skill as a mode — when a skill is active, the agent knows how to behave, which tools to use, and what kind of answers to give for that domain.

How skills work

Your admin publishes skills for your organization. Skills might include things like:

  • A Sales Intelligence skill that queries your CRM and revenue data
  • A HR Policy Advisor skill that searches your HR documentation
  • A Contract Analyst skill that reads uploaded documents and flags key clauses
  • A Financial Reporting skill that pulls data from your data warehouse

Activating a skill

In most cases, skills are available from the session setup screen or a skill selector in the chat interface. Your admin configures which skills are available to your team.

💡
You don't always need to pick a skill manually. If your organization has a default skill configured, Cogniplane will use it automatically when you start a session. Skills may also switch automatically based on what you're asking.

What a skill changes

When a skill is active, Cogniplane:

  • Follows domain-specific instructions for how to behave and what to prioritize
  • Gets access to specific tools and data sources relevant to that domain
  • Uses terminology and formats that match the skill's context (e.g., financial formatting for a finance skill)
  • Knows which actions require approval vs. which can run automatically

If the skill doesn't cover your question

Skills are scoped. If you ask something outside the skill's domain, the agent will let you know. Try switching to a different skill or asking your admin whether a skill for that use case exists or is planned.

For Users

Tool Actions & Approvals

To answer questions or complete tasks, Cogniplane uses tools — connections to your company's databases, document repositories, and services. Here's how that looks in practice.

Read-only actions run automatically

Most of what Cogniplane does is read-only: querying a database, searching a knowledge base, reading a document. These actions run automatically and are shown as collapsible cards in the conversation so you can inspect exactly what was queried and what came back.

You send a message
Cogniplane calls a tool
Tool runs automatically
Answer appears

Actions with side effects ask for approval

If Cogniplane wants to take an action that could change data or run a command, it will pause and show you an approval prompt before doing anything. This applies to:

  • Write operations — submitting a form, creating a record, triggering a workflow
  • Shell commands — when your admin has enabled command execution for a skill, each individual command is shown for your approval before it runs
  • File changes — modifications to files in the agent's workspace
Cogniplane plans an action
Approval prompt appears
You approve or reject
Action runs (or stops)
⚠️
Always review approval prompts carefully. The approval card shows exactly what Cogniplane is about to do. Read it before clicking Approve. You can always click Reject and ask the agent to take a different approach.
💡
Approval limit. The platform limits each session to 5 pending approvals at a time. If you see an error about this, approve or reject the outstanding items before continuing.

Viewing tool activity

Every tool call is visible in the conversation thread. Click the tool activity card to expand it and see:

  • Which tool was used
  • What input was sent to the tool
  • What the tool returned
  • How long it took

This transparency is intentional — you should always know how Cogniplane reached its answer.

For Users

Working with Files

Cogniplane can read and analyze files you upload directly in the chat. This is useful when you have a document you want the agent to work with — a contract, a report, a data extract.

Supported file types

TypeWhat Cogniplane can do
PDFRead and extract text, answer questions about content, summarize sections, identify key information
Text & code filesRead, summarize, analyze, and reason about plain text, Markdown, JSON, CSV, and common source-code files
ImagesDescribe, extract visible text, and answer questions about image content
Office documentsWord and Excel files can be uploaded or imported from SharePoint. The agent reads them directly from its workspace.

Importing from SharePoint and Microsoft

Instead of uploading manually, you can browse and import documents from SharePoint and other Microsoft sources through the file selector. Imported files appear in the session like any other upload and flow through the same PII scanning and artifact handling.

ℹ️
Every upload passes through PII scanning. If your organization has PII protection configured, uploads and imports are scanned before the agent reads them. Depending on the tenant policy, sensitive values may be flagged, transformed, or the upload may be refused.

How to upload a file

  1. Click the attachment icon in the input bar

    Or drag and drop a file directly into the chat window.

  2. Wait for the upload to complete

    A progress indicator shows while the file uploads. Large PDFs may take a few seconds.

  3. Ask your question

    Once the file is attached, type your question. Cogniplane will read the file as part of answering. For example: "Summarize the key obligations in this contract" or "What does this document say about renewal terms?"

Files stay in your session

Uploaded files are attached to the current session. You can reference the same file multiple times throughout the conversation without re-uploading. Files are not shared across sessions or with other users.

💡
Scope your questions. If you upload multiple files, tell Cogniplane which one you mean: "In the Q2 report I just uploaded…" This helps it focus on the right document.
For Users

Artifacts & Previews

When Cogniplane produces a file — a summary, a generated report, a modified spreadsheet, a short script — it saves it to the session as an artifact. Artifacts stay attached to your session, so you can refer back to them later or download them.

Inline preview

Most artifacts can be previewed directly in the chat without downloading. Click Preview on any artifact card to inspect:

  • Text, Markdown, and code files — syntax-highlighted; Markdown is rendered as formatted HTML.
  • Images — PNG, JPEG, GIF, and WebP render inline.
  • PDFs — extracted text is shown in a reading view.

Downloading artifacts

Click the download link on any artifact to save it locally. Download links are short-lived and scoped to you, so you cannot accidentally share an artifact by pasting a link.

Referring to artifacts in the conversation

The agent can read any artifact previously created or synced into your session, not only ones generated in the current turn. If you want to be explicit about which files are in scope for a message, use the artifact selector in the composer to tag them — this is a hint to the agent, not a security boundary.

For Users

Rating Answers

Every assistant response has a thumbs-up and thumbs-down control. Use them to tell your admins when an answer was helpful or when something went wrong.

  • Thumbs up — the response was useful and correctly grounded.
  • Thumbs down — the response was wrong, off-topic, or unsafe. You can add an optional comment.

Ratings roll up in the admin feedback dashboard, where they are used to spot regressions and compare model and skill performance over time. Ratings are private to your tenant.

For Users

Scheduled Jobs

If a task should run on a recurring basis — a Monday morning sales digest, a weekly compliance check, a nightly data pull — you can schedule it instead of running it manually every time.

Creating a scheduled job

  1. Describe the task in a session

    Run the task once interactively so you can confirm it produces the output you want.

  2. Schedule it

    From the scheduled jobs area, create a job with the task prompt, the skill to use, and a cron-style schedule.

  3. Review run history

    Each run appears in the job's run history with status, output, and any artifacts produced. You can replay a run to see exactly what the agent did.

ℹ️
Scheduled jobs run under your identity. They use the tools, MCP servers, and approval policies available to you in the tenant. Jobs that would normally require interactive approval will not run unattended — configure the skill and tools to be auto-approvable first, or run the task manually.
For Users

Managing Sessions

Every conversation in Cogniplane happens inside a session. Sessions keep context separate — each one remembers its own history, files, and state.

Your session list

The left sidebar shows all your sessions, most recent first. Sessions are auto-named from your first message. Click any session to resume it exactly where you left off — the full conversation history is preserved.

Starting a new session

Click New session at the top of the sidebar. Use a new session when you're switching to an unrelated topic — it keeps your conversation history clean and focused.

Resuming a session

When you return to a previous session, Cogniplane picks up the conversation in full context. You don't need to re-explain what you were working on.

💡
Session history is private to you. Other users cannot see your sessions or messages. Your admin may have access to audit logs for compliance purposes, but regular users cannot view each other's sessions.

Replaying a session

You can scroll back through any session to review what the agent did, which tools it used, and what it found. This is useful for audit trails and for picking up where you left off after time away.

For Admins

Platform Overview

As an admin, you control how Cogniplane behaves for your organization. You choose the runtime provider, publish skills that define what the agent knows and can do, connect data sources via MCP servers, configure the tenant policy and PII protection, and manage who has access.

What admins manage

AreaWhat you control
Skills The agent's domain-specific knowledge and behavior. Each skill defines instructions, tool access, and behavior in its domain.
MCP Servers Connections to your company's data sources. Each MCP server exposes a set of tools the agent can call.
Integrations First-class integrations to Notion, GitHub, and Microsoft / SharePoint. Toggle reads and writes per integration; configure per-integration credentials in one place.
Tenant Policy Enabled tools, approval policy, auto-approve for read-only tools, default model, and runtime provider. All permission-boundary controls for the tenant live here.
Runtime Provider Whether sessions run on the Codex runtime (OpenAI models) or the Claude Code runtime (Anthropic models), and the matching tenant API key.
PII Protection Detection mode (off, detect, block, transform) for chat prompts, uploads, and Microsoft imports. Findings are persisted per message and artifact.
Tenants & Members User access control — who belongs to which tenant, and what role they have (owner, admin, member).
GitHub Access Tenant GitHub App installation for private repository access, plus optional per-user GitHub authorization for actions that should run as the signed-in user.
Usage & Feedback Tenant-wide token usage dashboards with cost estimates, plus response-rating rollups from user thumbs-up / thumbs-down feedback.

The Admin Workbench

All admin tasks happen in the Admin Workbench — a dedicated interface accessible only to users with admin or owner roles. Reach it from the user menu in the top right corner of Cogniplane.

⚠️
Changes take effect on new sessions. When you publish a new skill or update an MCP server configuration, existing active sessions will continue using their current configuration. New sessions pick up the latest version.

Architecture in brief

Cogniplane runs a dedicated agent runtime per user session. When a user starts a session, the platform launches an isolated process with the compiled configuration for that skill. The runtime connects to your MCP servers through an HTTP gateway that enforces auth and audit on every tool call. This means:

  • Sessions are fully isolated — no cross-session state leakage
  • Tool calls are logged and auditable on every request
  • Configuration changes are staged and applied safely — existing sessions are unaffected
  • Multi-tenant deployments use PostgreSQL row-level security to prevent data cross-contamination at the database layer

Security architecture for reviewers

For security teams doing a formal review, here is where the controls live:

ControlImplementation
Authentication WorkOS SSO — SAML, OIDC, Google Workspace, Microsoft Entra. Short-lived JWT access tokens (15 min) with encrypted httpOnly refresh cookies.
Authorization Role-based access control (RBAC) — owner, admin, member — enforced at the API layer. The tenant policy enforces tool allowlists, approval policy, and runtime provider inside the runtime execution layer.
Data isolation PostgreSQL row-level security (RLS) scopes every query to the requesting tenant. Per-session isolated runtimes prevent cross-session state access.
Secret handling Credentials are carried in short-lived per-turn execution contexts, never exposed to the model. All tool results pass through automated secret redaction before audit persistence.
Approval enforcement Approval policies are set by admins and enforced inside the runtime execution layer — not in prompts. End users cannot bypass them.
PII protection Chat prompts, uploaded files, and Microsoft imports are scanned before the agent sees them. Tenants choose detect, block, or transform. Findings are persisted per message and artifact for audit.
Audit trail Every session, tool call, approval decision, and PII finding is logged with a replayable history. SIEM export is on the roadmap.
Hardening posture Outbound HTTP requests run through an SSRF deny list that blocks private and reserved ranges. File uploads have their declared MIME type cross-checked against the actual content (magic bytes), and download filenames are encoded per RFC 5987. Production refuses to start without a non-default JWT signing secret and a separate data-encryption secret. Every deploy runs pnpm audit at the high-severity threshold and fails on regressions.
For Admins

Deployment & Hosting

Cogniplane is currently deployed with a split frontend/backend topology designed to keep the user-facing application fast while keeping the backend and stateful services close together.

Current production layout

LayerCurrent platform
Frontend Cloudflare
Backend AWS ECS
Backend ingress AWS Application Load Balancer in front of ECS
Object storage AWS S3 for artifacts and generated files
Database PostgreSQL
Redis Redis

Region placement

The backend and stateful services are colocated in us-east-2:

  • AWS ECS and the Application Load Balancer run in us-east-2
  • AWS S3 runs in us-east-2
  • PostgreSQL runs in the same region
  • Redis runs in the same region

Cloudflare remains the global frontend edge, while the application control plane and data services stay concentrated in a single backend region.

Backend DNS and proxying

The backend uses a custom DNS name that points via CNAME to the AWS load balancer hostname. Cloudflare can proxy that backend hostname in front of the ALB, which gives Cogniplane two practical benefits:

  • DDoS protection and edge filtering in front of the API
  • Origin shielding, so end users do not connect directly to the raw load balancer hostname
🛡️
Cloudflare in front of ALB is the preferred public API posture. With ECS plus an ALB, Cogniplane can use Cloudflare proxying in front of the backend hostname. This was more awkward with App Runner, but it is a standard setup with a regular ALB.
⚠️
Proxying only helps if direct origin access is restricted. If the ALB remains directly reachable, attackers can bypass Cloudflare. In production, restrict origin access so only Cloudflare and other explicitly trusted sources can reach the public backend path.

Request path in production

  1. The browser loads the frontend from Cloudflare

    Static assets and the public web surface are delivered from Cloudflare's edge network.

  2. The frontend calls the backend through the custom API hostname

    That hostname resolves by CNAME to the AWS load balancer.

  3. The load balancer forwards requests to ECS

    The backend service handles auth, sessions, runtime orchestration, SSE streaming, and the MCP gateway.

  4. The backend talks to S3, PostgreSQL, and Redis in the same region

    This keeps artifact storage, PostgreSQL, and Redis traffic close to the ECS service and reduces cross-region latency.

For Admins

Runtime Providers

Cogniplane runs sessions on one of two AI runtimes. The choice is a tenant-level setting — every session for that tenant uses the selected provider, and the platform injects the tenant's matching API key at runtime start.

ProviderModelsAPI key
Codex OpenAI models (e.g., GPT‑5.4 family) Tenant OpenAI API key
Claude Code Anthropic Claude models Tenant Anthropic API key

What stays the same across providers

The governance surface is identical on both runtimes:

  • Skills, tool allowlists, and approval policy
  • MCP server connections and the authenticated MCP gateway
  • Audit trail and replayable session history
  • PII protection on chat prompts, uploads, and imports
  • Per-session runtime isolation and tenant data separation

Deployment modes for a runtime

Each runtime can execute either locally on the backend host or inside an isolated E2B sandbox, depending on the backend configuration:

  • Local runtime — the runtime runs in-process alongside the backend. Lowest latency, simplest ops.
  • E2B sandbox — each session gets its own isolated sandbox. Session artifacts are synced into the sandbox workspace at the start of each turn so the agent can read them natively (PDFs, images, Office documents, code).

Reasoning and plan streaming

For the Claude Code runtime, intermediate reasoning and plan steps stream into the conversation in real time alongside tool calls, giving users visibility into the agent's thought process before the final answer.

💡
Setting the provider. The runtime provider is selected in the Tenant Policy. The matching API key must be saved in the same area before the first session can start.
For Admins

Creating & Publishing Skills

Skills are the primary way you shape what Cogniplane does for your users. A well-written skill gives the agent clear purpose, focused capabilities, and predictable behavior.

There are two ways to create a skill:

  • Import from the reviewed marketplace — browse curated AgentSkills bundles and import pinned revisions into your tenant.
  • Import a skill bundle manually — upload a ZIP file or point to a GitHub repository containing a packaged skill.
ℹ️
Skill management is import-driven. New skills now enter the registry through marketplace, ZIP, or GitHub imports. Each import creates a tenant-local revision that you inspect and activate explicitly.
For Admins

Anatomy of a Skill

Every skill is built from the same core sections. Understanding these sections will help you write skills that behave predictably and give users great experiences.

SKILL.md — annotated example
# ── Metadata ────────────────────────────────────────────────
name: HR Policy Advisor
version: 1.0.0
description: Answers HR policy questions using the company policy knowledge base.

# ── Activation ──────────────────────────────────────────────
# When should this skill be used? This helps the platform and
# users understand when to pick this skill.
## When to use this skill
Use this skill for questions about HR policies, benefits, time-off,
leave entitlements, expense policies, and employee conduct guidelines.

# ── Instructions ────────────────────────────────────────────
# How the agent should behave in this skill context.
## Instructions
You are an HR policy advisor for ACME Corp. Always cite the specific
policy document and section when answering. If a policy is ambiguous,
say so and recommend the user speak with HR directly. Do not speculate
about policies not found in the knowledge base.

# ── Tools ────────────────────────────────────────────────────
# Which MCP server tools this skill can access.
## Tools
- search_knowledge_base: Search the HR policy knowledge base
- query_hr_database: Query structured HR data (read-only)

# ── Workflow ─────────────────────────────────────────────────
# Optional: describe a structured approach the agent should follow.
## Workflow
1. Clarify the employee's question if ambiguous.
2. Search the knowledge base for relevant policy sections.
3. Synthesize a clear, cited answer.
4. Offer to find related policies if helpful.

# ── References ───────────────────────────────────────────────
# External documents or resources the skill should know about.
## References
- Employee Handbook v2024 (linked via knowledge base)
- Benefits Guide 2025 (linked via knowledge base)

Section reference

SectionRequiredPurpose
name, version, descriptionYesIdentifies the skill in the admin UI and runtime manifests.
When to use this skillRecommendedHelps the platform route requests to the right skill automatically.
InstructionsYesCore behavior: persona, tone, constraints, and what to do when uncertain.
ToolsRecommendedWhich MCP tools this skill is permitted to use.
WorkflowOptionalStep-by-step approach for structured or multi-stage tasks.
ReferencesOptionalExternal documents, knowledge base links, or companion resources.
💡
Write instructions for the worst-case, not just the happy path. Tell the agent what to do when it can't find an answer, when the question is ambiguous, or when the user asks for something outside the skill's scope. Explicit fallback behavior produces much more consistent results.
For Admins

Writing Your First Skill

The fastest way to create a skill is to prepare a valid AgentSkills bundle, then import it into the Admin Workbench. If you are starting from scratch, write the bundle locally first and use the structure below as your template.

  1. Draft the bundle locally

    Create a skill directory with a valid SKILL.md, plus any optional assets/, references/, or scripts/ folders you need.

  2. Set the core metadata

    Give the skill a clear name, version (start with 1.0.0), and a one-line description that helps both admins and the platform understand when it should be used.

  3. Fill in the Instructions section

    This is the most important part. Write a clear description of the agent's persona, what it should focus on, how it should handle uncertainty, and any hard constraints (e.g., "never speculate about legal obligations").

  4. List expected tool access

    Document which MCP server tools the skill expects to use. At activation time, the referenced tools and MCP servers must also be enabled in the tenant policy before they become available to sessions.

  5. Add a workflow (optional)

    If the skill should follow a structured approach — for example, always searching the knowledge base before querying the database — describe that sequence here.

  6. Import and keep it in draft

    Import the bundle through the Admin Workbench and leave the resulting skill in draft while you review, test, and decide whether to expose it only to beta testers or publish it to everyone.

ℹ️
Skills are versioned. Every time you make a significant change, increment the version number. The platform keeps revision history so you can roll back to a previous version if needed.

Testing your skill before publishing

Before activating a skill, use the built-in Skill Workbench to run test conversations against the draft. This lets you verify the skill behaves as expected without exposing it to users.

For Admins

Importing a Skill Bundle

For more complex skills — or when distributing skills across multiple Cogniplane deployments — you can package and import skills as bundles. A bundle is a structured ZIP file (or GitHub repository) containing the skill definition and any companion files.

Bundle structure

my-skill/
├── SKILL.md          # Required: skill definition
├── README.md         # Optional: human-readable documentation
├── config/
│   └── defaults.json # Optional: default configuration values
└── assets/
    └── prompts/      # Optional: prompt fragments or reference materials

Using the reviewed marketplace

The Skills page can surface a curated marketplace of reviewed AgentSkills bundles. Marketplace entries are pinned to specific Git revisions, so the content you review is the exact content that gets imported into your tenant.

  1. Open Skills in the Admin Workbench

    The marketplace appears alongside your manual ZIP and GitHub import options when a marketplace manifest is configured for the deployment.

  2. Review the entry metadata

    Each listing shows its review status, tags, publisher, skill version, and the pinned source revision so you can evaluate provenance before importing.

  3. Import the skill

    The import creates a tenant-local revision. It does not become active automatically.

  4. Activate after review

    Inspect the imported revision, add review notes if needed, then activate it when you are ready for new sessions to pick it up.

Importing a bundle

  1. Prepare your ZIP file

    Package your skill directory into a ZIP file. The root of the ZIP must contain a valid SKILL.md file.

  2. Go to Skills → Import in the Admin Workbench

    Click "Import skill bundle" and select "Upload ZIP".

  3. Upload the file

    The platform validates the bundle structure and checks for required fields. Validation errors are shown inline — fix the issues in your bundle and re-upload.

  4. Review the parsed skill

    A preview shows you what the platform found in the bundle. Confirm the name, version, and instructions look correct.

  5. Submit for review or activate directly

    Depending on your team's workflow, you can either activate immediately or submit for a peer review step first.

  1. Ensure the repository is accessible

    The platform supports manual imports from public GitHub repositories. The repository root (or a specified subdirectory) must contain a valid SKILL.md.

  2. Go to Skills → Import in the Admin Workbench

    Click "Import skill bundle" and select "Import from GitHub".

  3. Enter the repository URL and optional path

    Paste the repository URL. If the skill lives in a subdirectory, specify the path (e.g., skills/hr-advisor).

  4. Select a branch or tag

    Pin your import to a specific branch or Git tag for reproducibility. Using a tag (e.g., v1.2.0) is recommended for production imports.

  5. Review, validate, and submit

    The platform fetches the bundle and runs the same validation as a ZIP import. Review the parsed skill and activate or submit for review.

ℹ️
Manual GitHub skill import is still for public repositories. The tenant GitHub App enables private repository access inside the runtime sandbox, but manual skill bundle imports from GitHub remain a public-repository flow. Use a ZIP import for private bundles.
For Admins

Reviewing & Activating a Skill

Before users can use a skill, it must be activated. This applies to both skills you write in the workbench and bundles you import.

The skill lifecycle

Draft
In Review
Active
Archived
StateMeaning
DraftSaved but not visible to users. Safe to edit and test.
In ReviewSubmitted for admin peer review. No longer editable until reviewed.
ActiveLive. Users can select and use this skill in new sessions.
ArchivedDeactivated. Existing sessions using it continue; new sessions cannot select it.

Activating a skill

  1. Open the skill in the Admin Workbench

    From the Skills list, click the skill you want to activate.

  2. Review the compiled definition

    Read through the instructions, tool list, and how the skill interacts with the tenant's enabled tools and MCP servers. Confirm everything looks correct.

  3. Click "Activate"

    The platform compiles the skill into a runtime manifest and makes it available for new sessions immediately.

Draft vs. published rollout

Activation and visibility are now separate controls. An activated skill can remain in draft so only beta testers can use it, or be marked published so it appears for everyone in the tenant.

  • Draft — useful for staged rollout, QA, and internal validation with a limited audience.
  • Published — available to all eligible users in new sessions.
  • Beta testers — managed from the Admin user management area; they can see draft skills and draft MCP servers that regular members cannot.

Rolling back a skill

Every activation creates an immutable revision. If a newly activated skill has unexpected behavior, go to the skill's Revision History, select a previous revision, and click Activate this revision. The rollback takes effect for new sessions immediately.

⚠️
Active sessions are not affected by rollbacks. Sessions that are already in progress will finish with the skill version they started with. Only new sessions will use the rolled-back version.
For Admins

Connecting an MCP Server

MCP (Model Context Protocol) servers are how you give Cogniplane access to your company's data and services. Each MCP server exposes a set of tools — named operations the agent can call during a conversation.

Examples of what an MCP server might expose:

  • A search_knowledge_base tool that queries a vector search index
  • A query_database tool that runs read-only SQL against your data warehouse
  • A get_policy_document tool that fetches a specific document from a document store

Before you connect an MCP server

You'll need:

  • The HTTP endpoint URL of the MCP server (it must be reachable from the Cogniplane backend)
  • Any authentication credentials the server requires (API key, service account token, etc.)
  • A list of the tools the server exposes — names, descriptions, and input/output shapes
💡
Building an MCP server? MCP servers are HTTP services that implement the Model Context Protocol tool interface. Any team in your organization can build one and register it here. The Cogniplane gateway handles auth injection and audit logging on the framework side — your MCP server is responsible for its own downstream authorization.

Adding an MCP server

  1. Go to MCP Servers in the Admin Workbench

    Click "Add MCP server".

  2. Enter the server details

    Provide a name (used in skill configuration), the HTTP endpoint URL, and a short description of what this server does.

  3. Configure authentication

    If the server requires an API key or token, add it here. Credentials are encrypted at rest and never exposed to users or to the agent directly.

  4. Run the connection test

    The platform will call the server's discovery endpoint to verify connectivity and retrieve the tool list. If this fails, check the URL, firewall rules, and credentials.

  5. Review the discovered tools

    Each tool the server exposes will appear with its name and description. Verify the list is complete and the descriptions are clear — the agent uses these descriptions to decide when to call each tool.

  6. Save and assign to skills

    Once saved, the server's tools are available to assign in skill definitions. Go to a skill and add the tools you want that skill to have access to.

ℹ️
MCP servers now support the same staged rollout model as skills. Keep a server in draft to expose it only to beta testers, then publish it when you are ready for everyone to use it in new sessions.

Tool descriptions matter

The agent decides which tool to call based on the tool's name and description. Vague descriptions lead to incorrect tool selection. If tool calls aren't firing when you'd expect them to, improving the tool description on the MCP server side is usually the fastest fix.

For Admins

Integrations

Integrations are the first-class connectors Cogniplane ships with — the systems most enterprise teams already work in. Unlike a generic MCP server you bring yourself, an integration comes with a managed tool set, a per-tenant configuration page, and a built-in OAuth flow. They are managed from a single admin surface so a security review can point to one page to see everything that is enabled.

What ships today

IntegrationWhat it providesAuth model
Notion Search across your workspace, fetch pages, query databases, create and update pages, append blocks. Per-user OAuth. Reads can auto-approve; writes flow through the approval coordinator.
GitHub Private repository access, issue and PR context, code search, and runtime actions in skills that need them. Tenant-installed GitHub App, with optional per-user authorization for actions taken in the user's name.
Microsoft & SharePoint Browse SharePoint sites and import documents directly into a session. Imports run through the same PII scan path as direct uploads. Per-user Microsoft sign-in.

More integrations are registered and on the path to general availability. The admin page lists each one alongside its current status so you can see what is shipping and what is coming.

How an integration is enabled

  1. Open Integrations in the Admin Workbench

    You will see every registered integration in one list, with its current state for the tenant.

  2. Toggle reads, writes, or both

    Each integration exposes reads and writes as separate switches. Most tenants enable reads first, observe usage, and turn writes on later. Writes always require approval unless the tenant policy explicitly auto-approves them.

  3. Provide any tenant-level credentials

    Some integrations need a tenant-installed app (GitHub) or shared credentials. The admin page collects them per integration. Secrets are encrypted at rest and never returned to the UI in clear text.

  4. Users authorize as themselves

    For OAuth-style integrations, each user completes a quick sign-in the first time they use a session that needs that integration. Their personal credentials never reach the model — only the agent runtime, scoped per turn.

💡
Settings nav stays clean. The settings sidebar only shows the provider pages for integrations the tenant has actually enabled. Disabling an integration hides its settings page until it is turned back on.
ℹ️
Integrations vs. MCP servers. Integrations are platform-managed connectors with a curated tool set and a built-in approval posture. MCP servers are something your team builds or runs to expose internal data sources. Both surface tools to the agent through the same gateway — and the same audit trail.
For Admins

Tenant Policy

The tenant policy is the single configuration surface that defines what Cogniplane is allowed to do for your organization. Everything an admin needs to shape runtime behavior lives on one page.

What the tenant policy controls

SettingWhat it does
Enabled toolsThe allowlist of tools the tenant can use. Tools not on the list cannot be called, even if a skill references them.
Enabled MCP serversWhich connected MCP servers are live for sessions. A server must be both connected and enabled here to expose its tools.
Approval policyGlobal posture for consequential tool calls: automatic (runs without confirmation) or require-approval (pauses for explicit user approval).
Auto-approve read-only toolsWhen on, queries, searches, and document reads run silently even if the global policy is require-approval.
Runtime providerCodex (OpenAI) or Claude Code (Anthropic). See Runtime Providers.
Tenant API keyOpenAI or Anthropic key used when new runtimes start. Write-only: the raw key is never shown again after saving.
Default modelThe model selected automatically when a user starts a new session. Users may switch to another model if their role permits.
Default skillThe skill activated automatically when a user starts a new session.
PII protectionDetect, block, or transform behavior for chat prompts, uploads, and Microsoft imports. See PII Protection.

Safe defaults

  • Read-only tools (queries, searches, document reads) are auto-approved. No user prompt needed.
  • Write tools (creating records, submitting forms, triggering workflows) require approval. The agent pauses and shows an approval prompt before executing.
  • Shell command execution is off unless a skill explicitly requires it. When enabled, every command still requires individual user approval.
💡
One surface, one place to audit. Because everything that affects runtime behavior lives in the tenant policy, security reviews can point to a single page as the authoritative record of what the tenant is allowed to do.
For Admins

PII Protection

Cogniplane scans chat prompts, uploaded files, and Microsoft imports for personally identifiable information before the agent sees them, and persists findings for audit. You configure the behavior per tenant.

Modes

ModeBehavior
OffNo scanning. Use only if another upstream control covers this.
DetectScan and record findings. The request proceeds. Useful for baseline monitoring and building a usage picture before enforcing.
BlockIf PII is detected, the request is refused and the user is told why. No model call, no persistence of the offending content.
TransformDetected values are redacted or tokenized before the model or agent sees them. The original values are not persisted in plain form.

Detection layer

Detection combines two providers:

  • An LLM-based provider (via OpenRouter) with a retention-aware model choice, used for nuanced detection of names, addresses, and contextual PII.
  • A rule-based fallback for structured identifiers (emails, phone numbers, common government IDs) and for when the LLM provider is unavailable.

Where scanning runs

  • Chat prompts — every message is scanned synchronously before the model call.
  • Uploads and Microsoft imports — scanned as part of the upload path.
  • Queued jobs — an async worker scans messages and artifacts that arrived while the provider was unavailable, so audit coverage catches up.

Audit and evidence

Findings are persisted alongside the message or artifact, with the matched categories and positions. Admins reviewing a session can see which parts of each message triggered detection and which mode was applied.

ℹ️
Block mode is the strictest option end users see. If you want a gentler user experience while still preventing sensitive data from reaching the model, use transform. Detect mode is appropriate when you want audit visibility without changing runtime behavior yet.
For Admins

Tenants & Members

Cogniplane is multi-tenant. Each organization (or internal business unit) is its own tenant. Tenants are fully isolated — users, sessions, skills, and data from one tenant are never visible to another.

Roles

RoleWhat they can do
Owner Full access. Manage all tenant settings, add/remove admins, and configure integrations. Typically the person who set up the platform.
Admin Manage skills, MCP servers, the tenant policy, PII protection, and members. Cannot change tenant-level billing or remove the owner.
Member Use the Cogniplane chatbot. No access to the Admin Workbench.

Inviting members

  1. Go to Members in the Admin Workbench

    Click "Invite member".

  2. Enter the user's email address

    The user must have an account in your organization's identity provider. Cogniplane uses your existing SSO — no separate account creation required.

  3. Assign a role

    Choose Member, Admin, or Owner. You can change this at any time from the Members list.

  4. Send the invitation

    The user will be able to sign in to Cogniplane with their existing organizational credentials. No separate email invitation is required if SSO is configured.

Beta testers

Admins can flag individual users as beta testers from the user management area. Beta testers get access to draft skills and draft MCP servers in new sessions, which makes staged rollouts possible without affecting the wider tenant.

Removing a member

From the Members list, find the user and click Remove. Their active sessions will remain in the system for audit purposes but they will immediately lose the ability to start new sessions.

🚫
Owners cannot remove themselves. To transfer ownership, promote another admin to owner first, then have them remove your owner role.

Tenant-level configuration

Owners manage the following in addition to the runtime and tool controls on the Tenant Policy page:

  • Tenant display name
  • Organization API key for the active runtime provider — OpenAI key for Codex, Anthropic key for Claude Code
  • Tenant GitHub App installation for shared private-repository access
  • SSO configuration (identity provider settings)
  • Session and audit retention settings
💡
Tenant API keys are write-only. Owners save the organization API key from the admin UI, but the raw key is never shown again after storage. It is injected only when new runtimes start.

GitHub setup

GitHub access follows a two-layer model:

  • Organization GitHub App — installed once by a tenant owner or admin to enable private repository clone and shared repository access for the tenant.
  • Optional personal authorization — each user can connect GitHub as themselves from personal settings when they want runtime GitHub actions to run with their own identity instead of the app bot.
ℹ️
Credential changes apply quickly. When the tenant GitHub App connection or a user's personal GitHub authorization changes, Cogniplane refreshes runtime access so new work uses the updated credentials.

Token usage and feedback dashboards

The Admin Workbench surfaces two usage views:

  • Token usage — total tokens, estimated cost, daily trends, and breakdowns by user and model.
  • Response feedback — aggregated thumbs-up / thumbs-down ratings with a positive-rate summary, daily trend, and per-model breakdown so you can spot regressions.