NodeShift lets your workforce stand up production-grade AI agents by voice — running inside your perimeter, scoped to each user's RBAC, wired into 250+ enterprise systems, swappable across 140+ model brains, and paused for human approval before any action with consequences.
"Build me an agent that scans my inbox every morning at seven, flags anything from a regulator, drafts a reply for the urgent ones, and waits for my approval before sending."
RE: Q3 supervisory return — circular update
from supervision@regulator.example.ae
Agent paused. Awaiting your approval before any external action.
The mainstream agent story goes like this: give a language model a set of tools, let it decide what to do, and let it run. It's the right story for a personal productivity demo on a laptop. It is the wrong story for an institution where one bad action — one email sent to the wrong regulator, one ticket opened against the wrong system, one record overwritten in a production database — is a regulatory event.
Regulated institutions need the opposite default. The agent should propose; the human should dispose. Reads can be autonomous; writes cannot. The agent should run as the user, not as a privileged service account — so its blast radius is the user's blast radius. Every step it considers, every tool it touches, every approval it requests should be a logged event that a compliance reviewer can replay months later.
NodeShift's agent layer is built backwards from those requirements. OpenClaw provides the reasoning. NodeShift wraps it in the per-user containers, the RBAC inheritance, the inline guardrails, the human-approval gates, and the immutable audit log that make agents safe to deploy inside a central bank, a sovereign fund, or a defense entity. The model is the brain; the governance is the spine.
These are not configurations. They are properties of the platform.
Authoring is conversational. A staff member speaks a workflow — "scan, classify, draft, wait for me, send" — and OpenClaw assembles the agent's plan, tool list, triggers, and approval gates. No YAML. No flowchart software. No engineering ticket.
Every action with material impact pauses for explicit user approval. The agent shows the exact payload, the exact target, and the exact connector it intends to call. The user approves, edits, or rejects. Read-only actions can run autonomously; writes always require confirmation.
Every agent session runs inside a container scoped to a single user. No agent shares memory, state, filesystem, or credentials with any other user's session. When the session ends, the container is destroyed. No standing processes. No cross-user contamination. No lateral movement.
Agents inherit the running user's identity through every tool call. They cannot exceed the permissions of the person who launched them. No privileged service accounts. No expanded blast radius. If the user can't read a SharePoint folder directly, neither can their agent.
Every prompt, every tool invocation, and every model output passes through the NodeShift guardrail engine before it is permitted. Sensitive data is classified and masked inline. Prompt-injection attempts are detected and blocked. No bypass path exists — even programmatic agent calls flow through the same control plane as a user session.
The model is swappable. The five properties above are not. Whichever brain you pick, every agent on NodeShift inherits the same governance posture — by construction, not by configuration.
Every NodeShift agent is backed by a model the user chooses — or the institution restricts. Claude for reasoning-heavy work, GPT for general drafting, Gemini for long-context analysis, Llama or Mistral for fully open-source deployments, Jais or K2-Think for Arabic-primary workflows. The brain is a configuration. The guardrails, the RBAC, the audit log, the human-approval gate — those are constants.
Frontier reasoning, long-context coding, agentic chains
Balanced speed and intelligence, top agentic benchmarks
General drafting, broad tool use, multimodal
Long-document analysis, multimodal retrieval
Sovereign deployments, MoE efficiency
European-grade open weights, multilingual
Open reasoning, cost-efficient inference
Top open-source benchmark, agentic
Arabic-first reasoning and drafting
Arabic-English bilingual workflows
Plus any open-source or fine-tuned model your team needs
The governance is identical.
The same guardrail engine evaluates the prompt. The same RBAC scopes the tool calls. The same anonymisation pipeline masks sensitive data before any external model is called. The same audit log captures every step. Swapping from Claude to Llama is a single parameter change — not a re-implementation of your security posture.
Cloud models are accessed via the NodeShift control plane with on-prem anonymisation; raw sensitive data never leaves your environment
On-prem models run inside your infrastructure end-to-end. Zero external egress
Admins restrict which models a given agent — or a given user group — is allowed to use, through the same RBAC console
Watch a single agent ingest a Teams meeting, draft follow-ups, open tickets — and pause for the human at every consequential step.
Weekly Supervisory Sync
47 min · 6 participants · recorded today
Speech-to-text running on-prem · diarisation enabled · EN + AR
The agent reads the meeting the same way a human would — but transcription, diarisation, and language detection all run inside the institution's perimeter.
Voice command kicked it all off
External actions were taken — each individually approved by the human
Sensitive data left the institution's perimeter unmasked
Audit record captured the whole thing, replayable end-to-end
Every connector inherits the same RBAC, the same guardrails, the same audit trail. No connector is a side door.
Connector calls inherit the running user's identity. Agents cannot exceed user permissions.
Every tool invocation passes the guardrail engine before it is issued.
Sensitive data is masked before any external model sees it.
Request, response, decision, and approval state are logged for every call.
Layered defence is the only defence. Each layer below is mandatory. None can be bypassed.
SSO-enforced login. Network-bounded access. Every agent inherits the calling user's identity, never a service account.
Every agent session runs in a destroyed-after-use container. No shared memory. No shared filesystem. No standing processes between users.
The agent inherits the user's role-based permissions across all connectors. Document-level security filters what it can see; tool-level RBAC filters what it can do.
Every prompt, every model output, every tool invocation passes through the NodeShift guardrail engine before it is permitted. Sensitive data is classified and masked. Prompt injection is detected and blocked.
The agent proposes. The human disposes. Every action with material impact pauses for explicit user approval — showing the exact payload, target, and connector — before any external system is touched.
Immutable Audit · Live
Six patterns that show up in nearly every regulated deployment. Each one ships in days, not quarters.
Every staff member is an agent author. The platform meets them where they're comfortable.
Type the same prompt. Identical pipeline. Useful when the user is in a quiet open office or working in Arabic-script input where dictation is impractical.
Start from a vetted institutional template — Inbox Triage, Meeting-to-Action, Report Drafting — and customise its triggers, scope, and approval gates without writing the workflow from scratch.
For power users and platform admins: a visual builder with full control over the plan graph, model selection, connector binding, guardrail policies, and approval gating. The same agents — built node by node when precision matters.
Every agent your staff builds is a versioned, RBAC-scoped artifact stored inside your environment. IT and Compliance can approve, restrict, version, or retire agents the same way they manage any internal system.
Every prompt, every plan, every tool call, every approval, every outcome — immutably logged with user identity, timestamp, model, guardrail decision, and full payload. Searchable. Exportable. Replayable.
Once voice-build is enabled, agent creation is no longer an engineering task. The people who do the work define how the work gets done.
When on-prem brains are selected, agents run end-to-end inside your environment. No external API calls. No data egress. No vendor lock-in on the runtime path.
The institutions that back NodeShift.
A 30-minute walkthrough with our engineering team — built around an agent pattern that matches your actual operations.
JavaScript is disabled in your browser. For a better experience, please enable JavaScript.Learn how to enable JavaScript.
