Application Workspace
The Application Workspace is the home for one application. It opens when you click an application and brings together sessions, monitoring, policy, evidence, and setup in one place.
Important: The tab set is role-specific. The current portal no longer uses one fixed application workspace for every persona.
Common tabs:
- Sessions for application-scoped investigation.
- Monitor for alerts, status, and operating stage.
- Policy for business-language posture and policy maturity.
- Rules for application-level rule work where available.
Extra tabs appear either directly on the tab bar or under More depending on role and screen width.
Applications
An application in VeriProof represents one AI system or service you want to manage. Each application has its own workspace, policy context, session scope, and evidence trail.
All roles access the Applications list. What you see inside each application workspace depends on your role — the tab set adapts to show only the work relevant to you.
You see every tab in the application workspace: Sessions, Monitor, Policy, Rules, Config, Evaluation Datasets, and more. You can initiate an emergency stop directly from the workspace toolbar to immediately suspend session ingestion for this application.
You can create applications, generate API keys, edit application configuration, and manage redaction rules. You do not see compliance, cost, or governance dashboard tabs inside the workspace.
You see governance-specific tabs inside the workspace: policy posture, rules, monitoring, and evaluation datasets. You can edit application AI context fields (business context, outcomes, risk description) but cannot manage API keys.
You see evidence readiness, framework coverage, and review queue tabs inside the workspace. You can manage audit engagements scoped to this application.
You see governance health, policy maturity, and risk exposure tabs inside the workspace. You do not see technical trace or SDK configuration tabs.
You see sessions and evidence tabs scoped to your active audit engagement. You cannot modify application configuration or create review outcomes.
Registering an Application
Create the application
Navigate to Applications and click New Application. Provide:
- Name — a human-readable label (e.g., “Loan Underwriting Assistant”)
- Environment — Production, Staging, or Development
- Description — optional, but useful for audit documentation
- Risk classification — your initial assessment of this application’s risk level (you can refine it later as more policy evidence arrives)
Copy the API key
After creation, the portal displays the application’s API key once. Copy it immediately. Ongoing key and settings management happens from the application’s Settings tab.
Instrument your code
Add the VeriProof SDK to your application and configure it with the API key. See the SDK Quickstart for language-specific setup instructions.
Verify the connection
Return to the application workspace. Within a few minutes of the first session, the Instrumentation or Monitor views show whether the application is reporting correctly.
The Application Workspace
Every application has a dedicated workspace, but the visible tabs change by role. The current portal uses a primary tab row plus an optional More menu for overflow tabs.
Current tab patterns by role
| Role | Primary tabs you can expect |
|---|---|
| Administrator | Sessions, Monitor, Policy, Rules, Compliance, Settings |
| Developer | Sessions, Monitor, Policy, Instrumentation, Rules, Settings |
| Policy Manager | Rules, Monitor, Policy, Sessions, Test Datasets, plus More for Evidence & Exports and Settings |
| Compliance Officer | Evidence & Exports, Monitor, Sessions, Documentation, plus More for Policy and Rules |
| Business Owner | Sessions, Monitor, Policy |
| Auditor | Sessions and Evidence |
This means older screenshots or legacy docs that show a fixed Dashboard / Health / Config / SDK Health layout are no longer accurate.
Sessions
The Sessions tab is the application-scoped investigation view. Filter by date range, risk level, outcome, model, intent, or policy signal, then open any row in Time Machine.
Key filters:
- Risk level — LOW / MEDIUM / HIGH / CRITICAL
- Outcome — success / failed / escalated / partial_success / cancelled / timeout / conditional_approval / error / unknown
- Guardrail action — blocked / flagged / allowed
- Has human review — true / false
- Policy score range — minimum / maximum
Monitor
The Monitor tab is the current operational status view. It brings together alerts, monitoring stage, and follow-up guidance for the application.
| Metric | Description |
|---|---|
| Session volume | Total application sessions over the selected window |
| Error rate | Recent operational error rate |
| Data richness | How complete the policy-relevant signals are for this application |
| Risk score | Composite operational and policy risk score |
| Regulatory evidence | Current evidence-readiness status for frameworks in scope |
Policy
The Policy tab summarizes how policy is behaving for this application in business language. This is where business and policy users quickly understand whether rules are active, whether anything needs review, and how mature the application’s policy coverage is.
Evidence & Exports
The Evidence & Exports tab is available where role and workflow require it. Use it to generate and download structured evidence packages for selected date ranges and frameworks.
To generate an evidence package:
- Click New Export.
- Select the date range and compliance framework (EU AI Act, ISO 42001, NIST AI RMF, SOC 2, or HIPAA).
- Choose the sessions to include: all sessions, high-risk only, flagged only, or a custom filter.
- Click Generate. The package appears in the Evidence list when ready (typically a few minutes for large date ranges).
Packages are signed with your organization’s deployment context key and include a verification manifest. Download the .zip archive and deliver it to your audit team.
Rules
Application-scoped rules live here. Rules created in the global Rules workspace can also be scoped to one application.
Instrumentation
For developers, the Instrumentation tab replaces the older SDK Health view. Use it to verify that SDK reporting, latency, export health, and input coverage look correct.
Documentation
For compliance-focused roles, the Documentation tab highlights evidence and coverage completeness rather than raw telemetry. Use it to understand whether the application has enough structure for policy review and audit packaging.
Settings
The Settings tab replaces the older Config wording. It is where you review application-level setup, keys, and configuration details that are visible from the portal.
Key configuration fields shown:
| Field | Description |
|---|---|
| SDK version | The veriproof-sdk package version in use |
| Adapter type | The AI framework adapter (e.g., semantic-kernel, autogen, custom) |
| Content capture | Whether input and output text is being captured |
| Redaction policy | The active redaction policy name |
| Batching | Batch size and flush interval |
| Endpoint | The ingest API endpoint configured in the SDK |
Compliance
Administrators can also see an application-specific Compliance tab for framework alignment and coverage drill-down inside the application workspace.
Test Datasets
Policy Managers can use Test Datasets to evaluate changes before they are promoted into live policy operations.
Policy Input Coverage
Coverage and documentation views summarize how completely this application’s sessions are annotated across the five policy input dimensions VeriProof tracks:
| Dimension | What it measures |
|---|---|
| Intent coverage | Percentage of sessions with an intent annotation |
| Grounding coverage | Percentage of sessions with a grounding annotation |
| Human oversight coverage | Percentage of sessions with a human oversight annotation |
| Content safety coverage | Percentage of sessions where content safety was evaluated |
| Outcome coverage | Percentage of sessions with a business outcome linked |
Each dimension shows a coverage tier: Strong (≥ 90%), Adequate (60–89%), Partial (30–59%), or Minimal (< 30%). The overall tier helps you judge this application’s policy readiness level.
Managing API Keys
Each application can have up to five active API keys. To manage keys:
- Navigate to the application’s Settings tab.
- Scroll to API Keys.
- To rotate: click Rotate next to the key you want to replace. The old key is invalidated immediately.
- To create an additional key: click Add Key, give it a label, and copy the value.
Rotating or deleting an API key immediately invalidates any SDK instances using that key. Schedule key rotations during low-traffic windows and deploy the new key to your application before rotating the old one.
Deleting an Application
Deleting an application is irreversible. All sessions, evidence packages, rules, and configuration for the application are permanently removed after the data retention period expires.
To delete:
- Navigate to the application workspace.
- Open Settings → Danger Zone.
- Click Delete Application and confirm.
Applications with active audit engagements cannot be deleted until the engagement is closed.
Related Documentation
Connect the VeriProof SDK to a new application in under five minutes.
SDK QuickstartReview live alert activity and operating-stage issues for your applications.
AlertsForensic replay of any individual session captured by this application.
Time MachineImprove annotation coverage across the five core policy inputs.
Policy Input CoverageFull guide to generating, validating, and delivering audit-ready evidence packages.
Evidence Export Guide