Five primitives: Prompts, Skills, Data Context Mappings, Agents, Audit. Four governance properties: policy-gated, evidence-locked, human authority, single-tenant on-premise. Two pillars built on top: agentic AI for revenue teams (GA today), and AI vulnerability validation for security teams (design-partner programme). One install pattern. Your cloud, your keys, your audit chain.
These are not roadmap items. They are properties of every Prompt invocation, every Skill call, every Agent run — visible in code, recorded in the ledger, enforceable by your security team.
Every action — every Prompt invocation, every Skill call, every Agent run — routes through an Open Policy Agent (OPA) Rego policy gate before execution. The gate evaluates the AI's proposed action against your policy bundle, allows or denies, and logs the decision with the rule that fired. AI never invokes an executor directly. Policy bundles are versioned, signed, and committed alongside the Prompts they govern.
An append-only WORM (write-once-read-many) evidence ledger captures every decision the platform takes — AI output, human approval, two-person authorisation, policy gate denial — with hash chaining for tamper evidence. Ledger entries ship in near-real-time to a customer-controlled trusted store, separate from the platform host. Compromise of the platform cannot erase the evidence.
Human-in-the-loop on every AI output that touches a system of record. Two-person authorisation on every sensitive transition (policy changes, model swaps, production write-back, evidence-store rotation). AI proposes; humans decide; the ledger records both. No autonomous platform action — by design, in code, audited.
Deployed inside your cloud account or your on-premise environment, behind your IAM, against your scanner exports and your CRM/ERP credentials, with a controlled egress to your approved LLM endpoint. There is no shared SaaS tenant; every customer's install is structurally isolated. Your keys, your audit store, your sub-processors — all yours.
What you author in the portal, what your team consumes through the channels, and what your audit team reviews in the ledger. Same primitives, both pillars.
A Prompt is one governed unit, a thing your team calls on to get work done. You author a Prompt by talking to the assistant, or by editing the structured view, or by writing the raw source. All three are the same Prompt.
A Skill is a Prompt wired as a callable tool, your automation and integration layer. Where a Prompt reads data and returns an answer, a Skill does: invokes code under the hood to pull from external databases, create or update Salesforce records, post messages to Slack, pre-fill forms, or trigger the next step in a workflow. Decorated with OpenAPI specs so agentic LLMs can invoke them directly through function calling.
paths:
/skills/post-call-next-steps:
post:
summary: "Generate next steps from a voice call transcript"
parameters:
- name: transcript_id
in: query
schema:
type: string
responses:
"200":
description: "Next steps drafted to Salesforce"The bridge between your business data and what a Prompt sees. Each mapping pins specific fields from a connector to a Prompt's inputs. No ad-hoc scraping, no silent leaks.
Bundles of Prompts, Skills, and Channels. One Agent answers the same way and takes the same actions no matter where it's called from: Slack, voice, MCP, REST.
Every run writes to an immutable log. Six-year retention by default. Your security team exports the CSV and closes the ticket.
The engine is governance, not domain logic. The pillar-specific work lives in the Prompts, the mappings, and the Agents. Click through to either pillar for the depth.
Prompts read across CRM, ERP, and warehouse. Skills write back through your existing OAuth and IAM. Data Context Mappings pin which fields each prompt sees. Agents bundle prompts and skills behind one invocation surface, reachable from voice, MCP, REST, and the channels rolling out per their published status. Audit covers every read and every write — your existing GDPR, DPDP, HIPAA, and CCPA controls keep applying.
See the revenue pillar →Prompts ground triage decisions against public corpora (NVD, OSV, CISA KEV, EPSS, ATT&CK, CAPEC, OWASP, CWE) and your similarity index. Skills are deliberately bounded — no production write-back, no auto-remediation. Data Context Mappings pin scanner exports and your sandbox configuration to the validation harness. Agents propose; humans authorise; the WORM evidence ledger records both. Audit produces machine- and human-readable evidence packages your assessors can read.
See the security pillar →Pick how your team already works. Henoyo shows up there, answers the same way, writes the same audit trail.
WebRTC in the browser, Deepgram for speech to text, Polly or Azure Speech for the reply. Sub-second round trips, works in any modern browser, no install required.
A Model Context Protocol server, ready for Claude Desktop and any other MCP client. Your Prompts and Skills appear as callable tools, governed by the same masking and audit layer.
A signed REST endpoint for each Prompt and Skill. Drop it into the app your engineers already shipped. Payloads are JSON, auth is HMAC, logs match the portal.
Expose Henoyo Agents as Copilot plugins inside Teams and Office. Same Prompts, same data layer, same audit.
Native iOS and Android clients. Push-to-talk voice, inbox, full audit history.
Three tiers, one object. You talk to the assistant to sketch a Prompt, edit the structured view to refine it, or open the raw source when you want precision. Same Prompt, same governance.
What should this Prompt do?
Summarize open opportunities over $50k that haven't moved in 14 days.
Got it. I'll pin Amount, CloseDate, and LastModifiedDate from salesforce.opportunity. Want it on voice and MCP?
Yes, both. Audit required.
Drafted. stuck-deals. Want to try it?
A sample of five of them, below. Prompts read and return. Skills write, create, update, and integrate. The full library lives in the portal.
prompt · sales · voice · chat · mcpprompt · sales · voice · chatprompt · sales · voice · mcpprompt · service · chat · auditskill · service · chatA Prompt is a governed unit that reads data and returns an answer (text, JSON, or structured output). A Skill is a Prompt wired as a callable tool with an OpenAPI specification: it invokes code under the hood to create or update records, pull from external databases, post to Slack or Teams, pre-fill forms in Outlook, or trigger the next step in a workflow. All Skills are Prompts; not all Prompts are Skills.
The engine is governance, not domain logic. Policy gating, audit, two-person authorisation, data-context discipline, single-tenant deployment — none of those are CRM-specific or security-specific. They are properties any regulated buyer needs, whether the buyer is RevOps wiring a Salesforce assistant or AppSec wiring a vulnerability validator. The pillar-specific work lives in the Prompts, the Data Context Mappings, and the Agents. The engine stays the same.
Yes. Any internal REST endpoint you expose to the Henoyo deployment (inside your VPC or VNet) can be wrapped as a Skill. The Skill is registered with an OpenAPI spec, auth is handled inside your cloud, and the call appears in the same audit log as every other Agent action.
Authoring is bot-first. You describe what you want in plain English; the assistant drafts the Prompt or Skill, pins the right Data Context Mapping, and suggests the channels. You can review the structured view to tweak fields, or open the raw source when you need precision. A RevOps lead who has never opened a JSON file can ship a real Prompt in about half an hour.
Web voice (WebRTC + Deepgram + Polly or Azure Speech), MCP server (ready for Claude Desktop and any MCP client), signed REST API for your own apps. Microsoft Copilot plugins, Teams, Slack, telephony, and native iOS/Android mobile clients are at varying stages — see the channel pages for per-surface status.
Data Context Mappings are pinned by field name and type. When a field is renamed or removed, the portal flags impacted Prompts and Skills. You rebind the mapping in one click; nothing updates silently. The audit log records the rebinding with the user who made the change.
Yes. Salesforce is the default revenue-side connector because most customers start there, but Microsoft Dynamics, NetSuite, Workday, HubSpot, SAP, and custom databases all work. On the security side, the connectors are scanner exports (SARIF, JSON from Semgrep, Trivy, gitleaks, Nuclei or equivalents), and the customer's audit store. You manage the connectors inside your own IAM.
Book thirty minutes. We will walk through the install (revenue side: about an hour with a CloudFormation or ARM template; security side: a design-partner programme conversation), your governance posture, and which pillar fits your team's first conversation.