System architecture

Policy lives at the enforcement boundary.

Redirective separates content inspection, policy distribution, and metadata visibility into explicit paths—with the endpoint as the control point.

Content path

The decision happens before the AI request leaves the device.

The browser adapter captures send intent, a native broker hands it to the Windows service, and the local scanner evaluates content against a validated policy.

AI Web ApplicationUSER INTENT
Browser ExtensionAPPLICATION ADAPTER
Native Messaging BrokerLOCAL IPC
Windows ServicePRIVILEGED AGENT
Local Scanner + Policy EngineENFORCEMENT BOUNDARY
Allow / Warn / Redact / BlockDECISION
Sensitive content remains inside endpoint trust boundary
Metadata path

Events explain the decision—not the content.

Metadata exits through a separate channel. It carries the fields required for administration, reporting, health, and support.

ENDPOINT
Metadata-only eventRULE + ACTION
Authenticated transportCONTROL CHANNEL
CONTROL PLANE
Redirective AI SaaSNO PROMPT FIELD
Tenant event storeMETADATA
ADMINISTRATION
Security dashboardVISIBILITY
Reports + healthOPERATIONS
Policy path

Signed policy arrives. The endpoint decides when it is safe to activate.

01 · Administrator publishes policyTenant-scoped configurationControl plane
02 · SaaS signs policyVersioned policy artifactIntegrity
03 · Endpoint validates tenant + signatureRejects invalid or mismatched policyEndpoint
04 · Last-known-good policy activatesCached for offline enforcementProtected

Endpoint trust boundary

  • Prompt and upload contents
  • Detected or redacted values
  • Local scanner and policy evaluation
  • Last-known-good signed policy
Architecture review

Trace your AI data path with us.

Bring your browsers, identity model, device estate, AI applications, and enforcement requirements.