Skip to main content
Panopticore
Request early access
Solutions

Governance at the Salesforce trust boundary.

Panopticore governs agent actions where they cross the network boundary. For Salesforce and Agentforce workflows, that means governing what leaves the platform, not what stays inside it.

Request early access
The architectural boundary

What Panopticore can and cannot govern.

This is a deliberate architectural boundary, not a roadmap gap. Understanding it is the starting point.

Governable

  • Cross-platform calls leaving Salesforce
  • Integrations to external systems triggered from Salesforce processes
  • MuleSoft and other middleware orchestrations
  • Outbound API calls from custom code, Apex, Flow, or agent actions

Outside scope

  • Actions that remain entirely inside Salesforce (Agentforce executing within the platform's trust boundary)
  • Internal Salesforce data operations that never leave the platform

An action executed entirely inside a vendor's closed infrastructure cannot be intercepted at the network layer. This is how infrastructure-layer governance works: it governs the boundary, not the interior.

How it works

At the boundary, everything is visible.

Salesforce Trust Boundary Agentforce Apex / Flow MuleSoft egress Panopticore Policy + Evidence Separate Trust Boundary External APIs
1

Agent in Salesforce triggers an outbound call to an external system (API, database, third-party service).

2

Panopticore intercepts at the boundary, authenticates the principal, and evaluates the request against policy.

3

Allow, block, or route to approval. The full session is recorded in a cryptographically signed Evidence Binder.

Why this matters

Honest architecture is better architecture.

Any vendor claiming to govern agent actions inside a closed platform from outside the platform is overpromising. Panopticore's scope is the network boundary. Every action that crosses that boundary is visible, governable, and evidenced. Actions that stay inside the platform are outside the interception surface.

For Salesforce architectures where significant agent actions involve external systems (which is most production architectures), this boundary covers the highest-consequence actions: data transfers, API calls to third-party systems, cross-platform orchestrations.

Govern what crosses the boundary.

Request early access and we'll map your Salesforce egress surface together.

Request early access