Endpoint trust boundary
- Prompt and upload contents
- Detected or redacted values
- Local scanner and policy evaluation
- Last-known-good signed policy
Redirective separates content inspection, policy distribution, and metadata visibility into explicit paths—with the endpoint as the control point.
The browser adapter captures send intent, a native broker hands it to the Windows service, and the local scanner evaluates content against a validated policy.
Metadata exits through a separate channel. It carries the fields required for administration, reporting, health, and support.
Bring your browsers, identity model, device estate, AI applications, and enforcement requirements.