APPROVAL & GOVERNANCE Speed and control, not a trade-off

Ship every change in minutes. Defend every change in audit.

Lean teams move fast when nobody has to ask permission twice. Procurement signs off when every change is scoped, approved, audited, and reversible. Core dna does both, on the same engine, for every change a team makes across every property they run.

Agentic = describe the change in plain language; the platform ships it across every property, with approval and audit built in.

Hero image placeholder
Every change
audited
who, what, when, where

Save a Life   I   Clark Rubber   I   YMCA   I   Frontier Touring   I   RANDYS Worldwide

Audit trail
SOC 2 and GDPR ready
★★★★★
4.5
the cost of governance friction what slow governance actually costs

Governance shouldn't be the reason a change takes a week.

Most platforms treat governance as a feature you bolt on. Permission plugins. Approval add-ons. Audit logs in a different system from the change you're approving. The result is a team that moves fast on the easy work and stalls on anything that matters. Pricing changes wait on legal. Brand updates wait on the CMO's inbox. Compliance updates wait on everyone. Meanwhile the customer sees the old experience.

01 Approvals by email

Approvals live in inboxes nobody audits.

"Did you see the brief?" "Forwarded for sign-off." "Waiting on legal." The approval exists. It happens. Nobody can prove it happened, prove who approved it, or roll it back when the approver was wrong. Email is the audit trail.

02 Permissions by trust

Either everyone can change everything, or nobody can change anything.

The team that owns local content also has admin on the production catalog. The intern hired last week has the same permission as the CMO. Permission gets handed out by Slack message and revoked by quitting. Procurement notices in the audit.

03 Compliance by spreadsheet

SOC 2 evidence lives in a Google Doc nobody updates.

Audit season arrives. The team scrambles to reconstruct who changed what, when, on which property. The evidence is real. It's just scattered across six tools, three Slack channels, and the memory of whoever happened to be on the change. The audit costs three weeks.

04 Rollback by redeploy

Rolling back a bad change means a deploy ticket and a Sunday night.

The launch went wrong. The fix is to revert. The cost is a deploy window, a release engineer, and an apology to the team that built the change. Rollback should be a button. On most platforms, it's a project.

What governance looks like, end to end, for one change.

Every change in Core dna runs through the same six stages: propose, preview, approve, ship, audit, roll back. Same engine for a content edit, a pricing change, a translation rollout, or an AI agent's bulk update. Each stage is logged. Each stage is reversible. None of them are optional.

See it in action
Propose
Preview
Approve
Ship
Audit
Rollback

Scope permissions to the work, not the person

Old governance asks who someone is. Modern governance asks what change they're proposing, on which property, against which content type. A regional marketing manager can publish local content on their region's sites and propose pricing changes for review. They cannot touch corporate templates, global catalog records, or another region's content. The permission lives with the work, not the title.

  • Per-property scopes, a permission can apply to one site, one region, or the whole network
  • Per-content-type scopes, separate permissions for pages, products, prices, integrations, agents
  • Per-action scopes, read, propose, approve, ship, rollback as distinct verbs
  • Role templates for common shapes (marketing manager, regional admin, e-commerce lead)
  • API-level enforcement, scopes apply to UI, headless API, and agent calls the same way
See the platform
Image placeholder
Image placeholder

Route approvals to the right person, not everyone

Approval routing matches the risk of the change. Low-risk content edits route to a content lead. Pricing changes route to commerce and finance. Legal text changes route to legal. Multi-property rollouts route to whoever owns brand consistency at that scale. Routes are configured per change type, not per change. Once configured, every change of that type follows the route automatically.

  • Per-change-type routing rules, configured once
  • Multi-approver routes (any of, all of, in sequence)
  • Conditional routing, different routes based on properties touched, price thresholds, or content fields
  • SLA on approvals with escalation if a route stalls
  • Approval-by-Slack, approval-by-email, or in-platform approval, the route handles all three
Explore Core Orchestration
governance in practice the four change types that scale with property count

The same governance model. Every change type. Every property.

CONTENT PAGES · CAMPAIGNS · MULTI-PROPERTY

Content changes, scoped per region and per role.

Page edits, campaign launches, hero swaps, translation rollouts. Each one carries its own approval route, its own audit trail, its own rollback. A regional manager can propose a local campaign without touching the corporate site. A corporate marketer can roll a campaign across every property without manually approving each one.

Scoped to region Per-content-type routing Diff preview Rollback armed
COMMERCE PRICING · CATALOG · CHECKOUT

Pricing, catalog, and checkout changes that need two sets of eyes.

Price changes route to commerce and finance. Catalog publishes route to merchandising. Checkout configuration routes to engineering. Each change captures the diff (old price, new price, per-warehouse impact) before approval, and rolls back to the previous state in one click if a launch goes wrong.

Multi-approver routing Per-warehouse diff Threshold rules Atomic rollback
INTEGRATIONS APIS · WEBHOOKS · DATA SYNC

API connections, webhooks, and data flows that auditors actually inspect.

Adding a new ERP sync, changing a webhook endpoint, updating a CRM mapping. These are governed changes, not configuration edits. Every change to the integration layer is approved, logged, and reversible. The audit trail shows which integration changed, who approved it, and what flowed through it after.

Endpoint approval Mapping diffs Test before live Connection rollback
AGENTS PERMISSIONS · POLICIES · CEILINGS

Govern the agent before the agent acts.

AI agents act under scoped permissions, configured policies, and explicit ceilings. A translation agent is limited to specific languages, properties, and word counts per run. A content agent is limited to specific page types and template ranges. Every agent action runs through the same approval and audit pipeline as a human change.

Scoped permissions Policy per agent Cost ceilings Same audit trail
Procurement-ready

The compliance and audit detail your e-commerce lead and your CISO will ask for.

Every change, every approval, every agent action is logged with timestamp, user, property, change type, and diff metadata. Queryable by any of those dimensions through UI or API. Exportable to your SIEM. Retained per your retention policy. The same log feeds engineering debugging, operations reporting, and compliance evidence.

Core dna's SOC 2 controls map directly to platform features: access control to scoped permissions, change management to approval routing, audit to the audit log, business continuity to backup and rollback. GDPR data subject rights map to the user record, the consent log, and the deletion workflow. Your auditor's checklist becomes a platform screenshot.

Critical change types enforce role separation by default. The team member who proposes a price change cannot also approve it. The agent that drafts a compliance update cannot also ship it. Separation is enforced at the platform layer, not by team convention.

Set retention policies per content type and per region. EU member data lives in EU regions. Audit logs retain for the period your compliance requires. Deletion workflows execute through the same audit-and-approval pipeline as every other change, with the evidence to prove it.

SAML SSO across every team member account. MFA enforceable by role. IP allow-listing for admin access. Session timeouts configurable by environment. Identity controls map to whatever your enterprise identity stack already requires.

One-click rollback for any change. Point-in-time restore for catastrophic recovery. DR tested on the schedule your auditor expects. The recovery surface is the same surface that handles routine rollback, no separate process to learn, no separate audit to maintain.

Built so agents are safe to ship

Governance isn't a feature beside agentic operations. Governance is what makes agentic operations possible. Without scoped permissions, an agent could touch any property. Without approval routing, an agent could ship a price change without legal review. Without an audit trail, you couldn't prove what an agent did. Without rollback, you couldn't undo it. Core dna treats every agent the same way it treats every human team member: scope, approval, audit, rollback. By default.

The agentic workflows page covers what agents do. This page covers how they're allowed to do it. Same engine. Same guardrails. Same audit.

  • Agents run under scoped permissions, configured per agent
  • Policies define which actions an agent can take, on which properties, within which ceilings
  • Every agent action follows the same approval route a human action would
  • Every agent action is logged with the same audit fidelity as a human action
  • Rollback applies to agent changes the same way it applies to human changes
Explore agentic workflows
Image placeholder

See governance walked through on your content. Book a 20-minute walkthrough.

Book a demo