Governance controls

RBAC, tenant-scoped prompt registry, audit visibility, and document retention are configurable at the org level.