JTF Copilot docs

Scoped AI for security workflows.

Build agents and artifacts that respect client scope, authorized methods, human approval, and audit requirements.

Docs index

The control surface is part of the product.

Scoped sessions

Every request is evaluated against tenant, client, role, and method scope before the model receives context.

Refusal behavior

Requests for another client, unauthorized records, covert surveillance, spyware, interception, trackers, or false identities are refused and audited.

Artifact write-back

Generated reports, proposals, and summaries write back as artifacts with source hashes, requester identity, and approval status.

Partner API

The public API accepts scoped AI requests, returns gate decisions, and requires the same authorization checks as the workspace.

Guardrail examples

Allowed scoped workallowed

Draft an after-action summary for client-acme mission records.

R-AI-1 scope violationscope_violation

Summarize another client's incident log.

R-AI-2 out-of-bounds methodout_of_bounds_method

Build a covert surveillance tracker plan.

EndpointPOST /api/ai/requests

Requests include clientIds, allowedMethods, prompt, requester identity, and optional human approval state.

Decision codesai_request_allowed

Refused requests return scope_violation, out_of_bounds_method, or human_approval_required before artifact creation.

Auditrestricted record

Prompt content is reduced to a hash and the decision is persisted for review without exposing unrelated client context.