Governance
Port's governance model is what makes autonomous operation trustworthy.
The same permissions that determine what a developer can do determine what an agent can do. The same audit trail that records a human's actions records an agent's. The same standards your platform team defines for services are the ones agents help enforce — and are themselves measured against.
Agents have no built-in brakes - given a broad mandate, they can query catalog data that they have no business seeing, invoke a workflow with real production consequences, and do both without an audit trail unless one is built into the platform.
Governance is what puts those brakes back: it scopes what an agent can see, restricts what it can trigger, and records what it did, so giving agents more autonomy never means giving up oversight.
Governance in Port spans two dimensions.
Standards & compliance
Scorecards let you define what "good" looks like for any entity in your catalog — and continuously measure every service, team, or resource against it. A scorecard defines rules (is the on-call owner set? is the repository linked? does the deployment frequency meet your SLA?) and assigns each entity a maturity level based on how many it passes.
The result is a live quality picture across your entire organization: which services are production-ready, which are drifting from your security baseline, and which teams are improving. Scorecards make abstract standards concrete, measurable, and actionable — from the catalog, from dashboards, and from automated workflows triggered when an entity falls below a threshold.
Governance across pillars
Port's access controls are not centralized in a single permissions screen. They live in each pillar, close to the resource being governed:
- Context lake — Govern data access controls which users and teams can view, create, edit, or delete catalog entities, at the blueprint level.
- Workflows — Dynamic permissions restrict who can see and trigger self-service workflows, with role-based, team-based, or runtime policy evaluation.
- AI agents — AI security and data controls configure which LLM providers power Port AI, set data access boundaries for AI agents, and enforce security policies across AI-driven workflows.
- Interface builder — Page permissions control which users and teams can view or edit catalog and dashboard pages.
For a consolidated reference, see governance across pillars.