The platform behind governed AI operations.
Droco is not a single feature. It is the control plane, the console, and the record layer for running AI and infrastructure work in production — with you owning the result end to end.
One platform, seven parts you own.
Each part is inspectable, exportable, and runs where your policy allows. Together they cover the whole path from request to proof.
Control plane
One core that knows who can do what — identity, permissions, policy, and audit history, all in one inspectable place.
Operator console
A real dashboard to see what's running, approve sensitive work, and pull the records — not just a status page.
Policy & approvals
Risky actions wait for a named human. Every approval is tied to a person, logged, and expires on its own.
Tool registry
Everything automation is allowed to do is written down, reviewed, and bounded before it touches a real system.
Observability
Metrics, logs, and error tracking built in — so you see the health of the system instead of guessing at it.
Evidence & exports
Every run produces a portable record — request, plan, approval, execution, proof — that stays yours.
Self-hostable & federated
Runs where your rules allow — your servers or your cloud. Open formats, so leaving is always an option.
How the platform governs every action.
Anything sensitive runs the same loop: a clear request, a specific approval, and a record you keep. This is the spine that makes the rest of the platform trustworthy.
INTENTStart with a clear request.
Before sensitive tools run, Droco captures the requested change, its expected impact, and what is out of scope. The request is tied to a person, agent, or service identity.
{
"summary": "rotate prod database credentials",
"blast_radius": "core-prod",
"tools_required": ["vault.kv.put", "nomad.job.restart"],
"approver_required": true,
"expected_outcome": "services reconnect with rotated credentials"
}APPROVALSpecific, time-bound, and reversible.
Approvals are tied to identity, policy, and environment. Each gate records who approved it, when it expires, and what it allowed.
approval.id : a47f-2826 approval.intent : intent#7821 approval.approver : platform-owner · authorized approver approval.policy : prod.rotate.requires_cto approval.granted_at : 2026-04-25T14:03:11Z approval.expires_at : 2026-04-25T14:33:11Z approval.revocable : true
EVIDENCEKeep proof you can inspect later.
Each governed run produces a bundle with the request, plan, approval, execution log, and related artifacts. Your team can export it, review it, and keep it with the rest of your records.