逐屏导览 · 真实控制台A guided, screen-by-screen tour

九屏看完私有化 AI 治理与取证平台Nine screens through an on-prem AI governance & forensics platform

这是钧衡 / WAN.NOW 管理控制台的逐屏导览——每一屏都忠实复刻真实视图(标签、指标、状态均取自产品代码),数据为脱敏演示。从发现、分析、审计,到防篡改取证链一键验真数据出境台账按人头成本归因——后三者是云端方案没有的差异化。看完即可预约一次私有化演示A screen-by-screen walkthrough of the WAN.NOW admin console — every screen is a faithful rendering of the real view (labels, metrics, states taken from the product code), with anonymized demo data. From discovery, analytics and audit to one-click tamper-evident chain verification, the cross-border egress ledger and per-head cost attribution — the last three being what cloud tools structurally can't do. When you're done, book an on-prem demo.

◷ 约 2 分钟 · 9 屏 + 预约◷ ~2 min · 9 screens + book ⛓ 内容审计默认关闭、合规前置⛓ content-audit OFF by default ★ = 云端方案没有的差异化★ = differentiators cloud tools lack
一句话

钧衡 / WAN.NOW 产品导览逐屏展示一个私有化、内容不出域的 AI 治理与取证平台的九个真实控制台视图(态势 / 影子发现 / 使用分析 / 会话审计 / 取证链验真 / 数据出境台账 / 护栏 / 成本归因 / 取证启用)。其中防篡改取证链一键验真、数据出境台账、按人头成本归因是云端 SaaS 形态难以提供的差异化。内容审计默认关闭、合规前置。

The WAN.NOW product tour walks through nine real console views of an on-prem, in-domain AI governance & forensics platform (overview / shadow-AI discovery / usage analytics / conversation audit / chain verification / cross-border egress ledger / guardrails / cost attribution / forensic posture). Tamper-evident chain verification, the egress ledger and per-head cost attribution are differentiators cloud SaaS can't easily match. Content audit is off by default — compliance-first.

01 / 09态势主页 · 一份记录,两个读者Situation Home · one record, two readers

态势主页是「一份记录,两个读者」的门面:同一份不出域的取证台账,左供财务读成本与 ROI(永远 LIVE),右供合规读证据与留痕。合规列默认关闭——内容审计与 DLP 受合规双钥保护,启用前只显示全量防篡改链深。底部路线图轨上的能力均诚实标注尚未交付The front door for "one record, two readers": one in-domain forensic ledger — finance reads cost & ROI on the left (always LIVE), compliance reads evidence & trail on the right. The compliance column is off by default — content audit & DLP sit behind a two-key seal. The roadmap track at the bottom honestly marks what isn't shipped yet.

// OVERVIEW 态势主页Situation Home ✓ 链 LIVE · 链深 48,217✓ chain LIVE · depth 48,217刷新Refresh
财务读者 · 成本与 ROIFinance · cost & ROILIVE
总成本(窗口)Total cost (window)
$3,210.48
用量调用Calls
1,284
Tokens
9,640,512
在册启用员工Enabled employees
312
成本趋势(窗口内 · 入库快照,不重算价)· 部门级聚合不点名到人。Cost trend (ingest-time snapshot, never re-priced) · department-level, never named to an individual.
合规读者 · 证据与留痕Compliance · evidence & trail默认关闭OFF by default

全量内容留痕未启用。内容审计 / DLP 为默认关闭(合规双钥保护)。启用后本列显示内容留痕事件、DLP 命中与数据出境窗口 KPI;启用前仅显示全量防篡改链深。Full content capture not enabled. Content audit / DLP are off by default (two-key sealed). Once enabled this column shows capture events, DLP hits and egress KPIs; until then, only the full tamper-evident chain depth.

防篡改链深(全量)Tamper-evident chain depth (all)
48,217
主权与加密Sovereignty & encryption/admin/status
部署环境Environment
production
部署形态Deployment
私有化 · 数据不出域On-prem · in-domain
信封加密Envelope encryption
AES-256-GCM | SM4
密钥池Key pool
✓ 正常 · provider 2 · key 6✓ healthy · 2 / 6
能力路线图Capability roadmap· 诚实标注未交付· honestly marked not-shipped
OUTPUT GUARD
输出侧拦截Output guard
出站实时拦截 —— 设计在案,尚未交付。Real-time outbound blocking — designed, not shipped.
TOKENIZE
可逆脱敏Reversible tokenize
脱敏占位与回填 —— 创始人门控。Mask & rehydrate — founder-gated.
REROUTE
提示词改道Prompt reroute
护栏改道 —— 引擎在仓,本期禁用。Guardrail reroute — in repo, disabled this cycle.
INTENT ML
意图分类 MLIntent-ML
关键词档已建,ML 模型待样本。Keyword tier shipped, ML model pending.
SHADOW STREAM
影子发现实时流Shadow stream
采集器在仓,待 SWG 日志接入。Collector in repo, awaiting SWG feed.
02 / 09影子 AI 发现 · 只看元数据Shadow AI Discovery · metadata only

发现员工在用哪些外部 AI。旁路传感器只观测元数据(host、计数、字节、首末见),物理上不含任何 prompt / 响应明文。风险评分由服务端单一源计算(数据敏感度 + 国别出境 + 用户数 + 流量),前端只展示、不重算。「建议阻断」仅为顾问信号——本面只发现与取证,不执行拦截。See which external AIs staff actually use. The out-of-band sensor reads metadata only (host, counts, bytes, first/last seen) and by construction carries no prompt or response text. Risk is scored server-side (data sensitivity + cross-border + users + volume); the UI displays, never recomputes. "Block recommended" is advisory only.

// DISCOVERY 影子发现看板Shadow AI Discovery 查询Query下载 CSVCSV
窗口(UTC,左闭右开) 2026-06-01T00:00:00Z → 2026-06-24T08:00:00Z
发现应用Apps discovered
37
总流数Total flows
48,217
总字节Total bytes
6.4 GiB
应用发现排行Discovered apps
应用App 风险Risk 用户数Users 流数Flows 字节Bytes 敏感度Sensitivity 国别Country 目录Catalog
ChatGPT
chatgpt.com
⚠ 严重⚠ Critical92
12814,8202.3 GiBHighUS△ 影子 · 建议阻断△ shadow · block
Claude
claude.ai
△ 中△ Medium58
645,310980 MiBMedUS影子shadow
通义千问
tongyi.aliyun.com
✓ 低✓ Low21
413,902610 MiBLowCN✓ 已入目录✓ cataloged
Midjourney
midjourney.com
△ 中△ Medium47
292,118820 MiBMedUS影子shadow
风险评分由服务端 RiskScore 计算(数据敏感度 + 国别出境 + 用户数 + 流量),0–100 映射 无/低/中/高/严重;用户数 = 窗口内去重源 IP。全部为元数据聚合,不含任何内容明文。RiskScore is computed server-side (data sensitivity + cross-border + users + volume), 0–100 → none/low/medium/high/critical; users = distinct source IPs in window. All metadata aggregation — no content plaintext.
03 / 09使用分析 · 应用 × 意图Usage Analytics · apps × intent

把已封进防篡改审计链的聚合元数据展开为两个视角:按应用(检测 client:app 与运营声明 agent_label 双列不合并,带调用、用户、护栏命中、跨境与入库美元成本)与按意图(闭集分类分布)。全程只消费聚合计数与闭集标签,绝无内容明文 / PII / key。默认关闭:客户端应用标注与意图标注;意图当前为关键词档,ML 模型在建Unfolds tamper-evident chain metadata along two axes: by application (detected client:app and operator-declared agent_label kept as two un-merged columns, with calls, users, guardrail hits, cross-border and stored USD cost) and by intent (a closed-set distribution). Off by default: client-app and intent labeling; intent today is keyword-based, with the ML model still in progress.

// USAGE ANALYTICS 应用 / 行为活动Applications / Behavior 标注默认关闭labeling OFF by default刷新Refresh
窗口(UTC,左闭右开) 2026-05-25 → 2026-06-24
应用调用分布Calls by applicationclient:app · Top 7
cursor31%
vscode24%
copilot18%
python9%
其他 · 5 应用other · 518%
意图分布Intent distribution闭集 · 关键词档closed-set · keyword
源代码处理Source code28%
数据外发Data exfil19%
凭证访问Credential14%
个人信息PII11%
财务信息Financial7%
48,217 标注事件 · 闭集意图分类 id,不含任何内容明文。48,217 labeled events · closed-set intent ids, no content plaintext.
检测 vs 声明(双列不合并)Detected vs declared (un-merged)client:app ↔ agent_label
检测应用Detected app调用Calls用户Users护栏Guard跨境X-border成本Cost
cursor398,2101,2043711$3,210.48
vscode308,44098050$1,902.17
copilot231,30074200
未识别unidentified9,3178800
成本「—」= 无计量或未计价(绝不静默显 $0);声明轨(agent_label)优先于 UA 检测,双列不合并。Cost "—" = unmetered/unpriced (never a silent $0); declared track (agent_label) takes precedence over UA detection — columns are never merged.
04 / 09逐条会话审计 · 原文默认封存Conversation Audit · plaintext sealed

每一次模型调用都留下不可抵赖的元数据,逐条可查、按部门租户隔离。点开任意一条,即时盖上「窗口化链验真」钢印——密码学证明本条留痕未被篡改。原文默认封存:查看需独立的 content-read 令牌 + 必填用途,且查看动作本身逐行写回审计链;明文只活在抽屉内存,关闭即销毁,绝不出域、绝无复制。内容采集默认关闭(强认证 step-up 在建)。Every model call leaves non-repudiable metadata, queryable record-by-record and tenant-isolated by department. Open any row and a windowed chain-verification seal is stamped on the spot. Plaintext stays sealed by default: viewing needs a separate content-read token + a required purpose, and the act of viewing is itself written back to the chain; cleartext lives only in the drawer's memory and is destroyed on close. Content capture is OFF by default (step-up auth in progress).

// CONVERSATIONS / FORENSIC AUDIT 审计记录Audit Records 采集默认关闭capture OFF by default查询Query
会话记录Recordskeyset · 第 1 页 · 50 条page 1 · 50
ID方向Dir严重度Sev意图Intent员工Staffmodel策略PolicySHA-256
#48217响应resp⚠ 高⚠ Highdata_exfil林深L. Shenclaude-x拦截block9f2ac41be0d3…
#48205请求req△ 中△ Medcode_gen周岚Z. Langpt-x1b7d09e4aa52…
#48190请求req无发现clean陈帆C. Fanclaude-xc0ffee12ab34…
行 DTO 绝无 ciphertext / 明文;意图徽章为 cls:intent_kw 关键词档(ML 在建)。Row DTOs carry no ciphertext/plaintext; intent badges are keyword-tier (cls:intent_kw); ML in progress.
事件详情 · 记录 #48217Event · #48217
✓ 本条未被篡改 · 链完整✓ Untampered · chain intact
SEQ 48217 · this_hash 7a3f9c2e1b08…
命中DLP
credit_card=2 · email=1
脱敏/截断Redact
已脱敏redacted
出境Egress
domestic=true
保留至Retain
2031-06-24
⚿ 内容默认隐藏⚿ Content hidden by default

授权解密需 content-read 令牌 + 必填用途;本次查看逐行写入审计链。(强认证 step-up 在建)Decrypt needs a content-read token + a required purpose; the view is written to the chain. (step-up auth in progress)

授权解密查看内容Authorize & decrypt
05 / 09★ 头号护城河★ #1 moat防篡改取证链 · 一键验真Tamper-evident chain · one-click verify

这是头号护城河:一键全链重放对整条审计链做哈希验真——自创世条目起逐条比对前向哈希链接与内容哈希。通过则盖下「封」字钢印并出具可打印的《链验真报告》法律证物;任一处被篡改则盖「断」破章并精确定位断点 seq / 类型。结论只含位置与哈希断点,绝不含任何 prompt / 响应明文WitnessAI 等云端 SaaS 形态结构上做不到这一层。The number-one moat: one click replays the entire chain and hash-verifies it end to end from the genesis record. A pass stamps the "Sealed" chop and issues a printable, court-grade Verification Report; any tamper stamps the "Broken" chop and pinpoints the break by seq/kind. The verdict carries only positions and hash breaks — never any plaintext. Cloud SaaS tools like WitnessAI structurally can't offer this layer.

// AUDIT-CHAIN / TAMPER-EVIDENT SEAL 链校验Audit-Chain Verification 运行校验Run verify导出验真报告Export report

✓ 链完整 · 已验真✓ Chain intact · verified

全链重放通过:自创世条目起,每个条目的前向哈希链接与内容哈希逐条一致。Full-chain replay passed: from the genesis entry on, every forward-hash link and content hash matched.

链深 48,217chain depth 48,217
链条目数(校验起点)Entries verified
48,217
校验耗时Verify time
842 ms
校验时间Verified at
2026-06-24 09:14
篡改态示例:盖「断」破章,精确定位断点Tamper case: "Broken" chop pinpoints the break
结论Verdict
✗ 断 · 篡改 / 链断✗ BROKEN
断点类型Break kind
broken-link(前向链接断裂)broken-link (prev_hash mismatch)
断点 seq / indexBreak seq / index
31,902 / 31,901
验真结论为某一时刻的陈述(全链重放,最长 60 秒);结果只含位置与哈希断点信息,不含任何内容明文。「封 / 断」用字形 + 环型 + 文字三重编码,灰度影印仍可读。The verdict is a point-in-time statement (full replay, up to 60s); it carries only positions and hash breaks, no content plaintext. "Sealed / Broken" is triple-encoded (glyph + ring + label) — legible even in grayscale.
06 / 09★ 中国法域护城河★ China-law moat数据出境 System-of-RecordCross-border egress SoR

数据出境的System-of-Record:每一条经受控通道转发到境外 / 境内 provider 的请求,都按部门、员工、Provider 折叠成可查证的聚合,再落到逐请求的取证清单。境内 / 境外判定单一源在服务端,前端只展示、绝不重算;全程只读审计链元数据,不含内容明文。这是个保法 / 数据出境合规的可证据化台账——云端 SaaS 结构上难以提供对应能力。The system-of-record for cross-border egress: every request forwarded through a controlled channel to a domestic or overseas provider is rolled up by department, employee and provider into verifiable aggregates, then grounded in a per-request forensic ledger. The domestic-vs-overseas verdict is server-side; the front end never re-derives it. An evidentiary ledger for PIPL / data-export compliance that cloud SaaS tools structurally struggle to provide.

// EGRESS — CROSS-BORDER SoR 数据出境台账Cross-Border Egress Ledger 查询Query下载汇总 CSVCSV
出境调用汇总Egress by department
部门Dept出境调用Calls实际转发Forwarded已拦截Blocked
战略投资部Strategy64263111
研发中心R&D3183171
数据科学组Data Sci1961960
市场部Marketing12810325
出境调用合计 1,284 · 其中拦截 37。已拦截 = 转发前被策略拦下的出境尝试(防控成效)。均为审计链元数据聚合,不含内容明文。Total egress 1,284 · 37 blocked. "Blocked" = egress attempts stopped by policy before forwarding. Metadata aggregation only — no content plaintext.
境内 / 境外分布Domestic / overseas
✓ 境内✓ Domestic412 · 32%
⚠ 境外⚠ Overseas872 · 68%
出境明细清单(逐请求取证证据)Per-request egress detail (forensic evidence)
时间Time员工Staff部门DeptProvider地区Region跨境X-border处置DispositionRequest ID
06-24 09:41:07王 XXW. XX战略投资部Strategyanthropicus-east⚠ 境外⚠ overseasreq_8f3a…c41
06-24 09:38:52李 XXL. XX研发中心R&Danthropiceu-west⚠ 境外⚠ overseas△ 已拦截△ blockedreq_2b7e…90d
06-24 09:35:18赵 XXZ. XX数据科学组Data Scizhipucn-north✓ 境内✓ domesticreq_5d20…7af
已载 200 条 · 客户端 CSV 取证导出(RFC4180 + UTF-8 BOM)。逐请求清单是个保法 / 数据出境评估的呈堂证据。200 loaded · client-side CSV forensic export. The per-request ledger is court-ready evidence for PIPL / data-export review.
07 / 09护栏 · 输出侧拦截 · 默认停用Guardrails · output-side · disabled by default

护栏与输出侧拦截:DLP 与外发内容在出域前按策略集逐条裁决,「首次命中」生效、全不命中落默认动作。出厂默认全部停用(record-not-enforce),启用执行需合规授权;裁决计数在启用前恒为 0,所有动作经防篡改取证留痕。「改道」为保留态、本期不执行(导览不展示提示词重路由)。Guardrails & output-side interception: outbound content is adjudicated rule by rule against a ruleset before leaving the domain — first match wins, default action backstops the rest. Shipped disabled by default (record-not-enforce); verdict counts stay zero until enabled, and every action is written to tamper-evident record. "Reroute" is reserved and not executed this cycle.

// GUARDRAIL · DLP & EGRESS INTERCEPT 护栏策略Guardrail Policies record-not-enforce新增策略集New ruleset

裁决语义:策略集 = 一组规则,按优先级升序「首次命中」;命中规则的动作生效,全不命中则落策略集「默认动作」。裁决计数见合规总览看板的 policy.* 卡(启用执行前为 0)。改动经策略缓存传播,写入后约数十秒内生效。Adjudication: a ruleset is a list of rules matched first-hit by ascending priority; the matched rule's action applies, otherwise the ruleset's default action. Verdict counts appear on the dashboard's policy.* cards (zero until enforcement is enabled). Changes propagate via cache within tens of seconds.

策略集Rulesets
名称Name版本Ver默认动作Default状态Status更新Updated
默认护栏集Default guardrails
gr_ruleset_a1c4
3阻断block已停用disabled06-20 14:03
外发 DLP 集Outbound DLP
gr_ruleset_7f20
1阻断block已停用disabled06-11 08:55
Agent 出域防护Agent egress
gr_ruleset_b3e9
2放行allow已停用disabled06-18 10:12
规则(默认护栏集)Rules (default ruleset)
优先级Prio名称Name动作ActionSource护栏类Class
100阻断提示注入Block injection阻断block部门 研发、风控dept: R&D, Riskinjection:override
110外发含敏感词警示Warn on PII警示warn复合 ANDcomposite ANDprohibited:pii
120Agent 出域白名单Agent allowlist放行allowagent_label: finance-bot
130(改道 · 保留)(reroute · reserved)改道(保留)reroute (reserved)
内置注入类:injection:override / extract / roleplay / obfuscation;prohibited:* 为自由录入。「改道」为保留未启用——本期不执行改道,提交一律置空。Built-in injection classes: override / extract / roleplay / obfuscation; prohibited:* is free-form. "Reroute" is reserved & not executed this cycle.
08 / 09★ 护城河★ moat按人头成本归因 / ROIPer-head cost attribution / ROI

把网关唯一持有的计量台账,按部门归因成「谁花了多少」。所有成本都是入库时的字节精确快照——绝不重算价;未命中价目的请求诚实剔除、单列「未计价」。「按人头 license 对比」的席位单价是可配置假设值,明确标注非真实采购报价。全程部门级粒度,不点名到人。云端方案不做计费——这是我们的差异化。The metering ledger only a real gateway holds, attributed by department into who spent what. Every cost is the byte-exact ingest-time snapshot — never re-priced; unpriced calls are honestly excluded and surfaced separately. The per-head license comparison uses a configurable assumed seat price, clearly flagged as not a real quote. Department-level throughout, never named to an individual. Cloud tools don't do billing — this is our differentiation.

// COST ATTRIBUTION & ROI ROI 成本归因ROI / Cost Attribution 下载 CSVCSV刷新Refresh
总成本(计量快照)Total cost (snapshot)
$3,210.48
本期活跃用户Active users
128
在册启用员工Enabled employees
214
未计价请求Unpriced
37
部门成本排行Cost by departmentTop
研发中心R&D$1,142.60
客服与运营Support/Ops$688.20
数据科学组Data Sci$512.04
市场部Marketing$343.18
(未归因)(unattributed)$96.06
按人头 license 对比Per-head license compare
席位单价(假设)Seat price (assumed)
$30 / 人月mo
整体按席位采购(估算)If bought per-seat
$5,136.00
实际计量成本(快照)Actual metered
$3,210.48
估算节省Est. saving
$1,925.52 · 37%
席位利用Seat usage
128 / 214
席位单价为可配置假设值,非真实采购报价;实际成本为计量入库快照,已剔除 37 笔未计价请求。Seat price is a configurable assumption, not a real quote; actual cost is the ingest-time metered snapshot, with 37 unpriced calls excluded.
09 / 09取证启用态势 · 合规前置Forensic Posture · compliance-first

全量内容审计默认关闭——由服务端双钥(env 开关 + 法律确认句柄)守护,控制台无权翻动。默认态我们呈现的不是空表,而是「双钥合规启用 · 治理就绪指引」:审批人、法律依据、员工告知、留存期四步封缄核对,合规前置后方可由运维在服务端启用。即便采集关闭,防篡改链仍可重放验真——这是不出域、防篡改的取证职责。Full content audit is off by default, gated by a server-side two-key control (env switch + legal-ack handle) that the console itself cannot flip. The default state shows not an empty log but a two-key enablement readiness checklist: approver, legal basis, employee notice, retention — all sealed before operations turns it on. Even with capture off, the tamper-evident chain stays replayable.

// FORENSICS POSTURE 取证总览Forensics Overview 全量内容采集 · 未检出留痕capture · none detected
双钥合规启用 · 治理就绪指引Two-key enablement · readiness就绪 2 / 42 / 4 ready

全量内容审计为默认关闭(合规双钥保护)。下方四步为启用前的治理就绪核对;启用本身是运维在服务端的双钥动作,本控制台无法代办。勾选仅为本地核对(不落库,刷新即重置)。Full content audit is off by default (two-key sealed). The four steps below are a pre-enable governance checklist; enabling is a server-side dual-key action operations performs — the console cannot do it. Checks are local only (never persisted).

审批人Approver
数据安全负责人 / 法务双签批准全量内容留痕,留档审批人与批准日期。Data-security lead / legal co-sign approval; record approver & date.
✓ 本地已核✓ checked
法律依据Legal basis
明确个保法处理的合法性基础;涉境外 provider 须附数据出境评估。PIPL lawful basis; cross-border transfer assessment if overseas providers.
✓ 本地已核✓ checked
员工告知Employee notice
已经员工手册 / 告知书向员工明示内容留痕的范围与目的(知情同意)。Inform staff of scope & purpose of capture via handbook / notice.
未填pending
留存期Retention
确认内容保留天数(默认 180,PIPL 第 19 条)符合最小必要,到期自动擦除。Confirm retention days (default 180, PIPL Art. 19) — minimal & auto-erased.
未填pending
采集关闭时仍然 LIVE 的取证职责Forensic duty that stays LIVE even with capture off
链校验Chain verify
LIVE
审计记录(运维/认证封存)Audit (ops/auth seals)
LIVE
防篡改链深(全量)Chain depth (all)
48,217
防篡改链含运维 / 认证封存事件,采集关时仍可重放校验;内容明文专屏(DLP / 出境)随采集一同启用。「未检出」指本窗口无内容留痕,非服务端开关的权威读数。The chain covers ops / auth seal events and stays replayable with capture off; content-plaintext screens (DLP / egress) enable together with capture. "None detected" means no capture this window — not an authoritative read of the server switch.
导览结束 · 开始Tour complete · get started

把员工外部 AI 的证据,
留在你自己的网络里。
Keep the evidence of employee AI use
inside your own network.

你刚看完九屏控制台。其中三件事是云端方案结构上做不到的——这正是钧衡的护城河。预约一次私有化演示,我们用你的合规、数据出境与 AI 成本场景走一遍。You've just seen nine console screens. Three of them are things cloud tools structurally can't do — that's WAN.NOW's moat. Book an on-prem demo and we'll walk your compliance, data-egress and AI-cost scenarios.

★ 防篡改取证链★ Tamper-evident chain

一键全链重放验真 + 可打印法律证物,任何人可离线复算。One-click full-chain verify + printable legal exhibit, recomputable offline by anyone.

★ 数据出境台账★ Egress ledger

境内 / 境外逐请求 SoR,个保法与数据出境的呈堂证据。Per-request domestic/overseas SoR — court-ready for PIPL & data-export.

★ 按人头成本归因★ Per-head cost

网关唯一持有的计量台账,给 CFO 一份「谁在烧」的账。The metering ledger only a gateway holds — a CFO-grade "who's burning it" bill.

内容审计默认关闭、合规前置 · 内容不出域 · 内部代号 aegiscontent-audit OFF by default · content stays on-prem · codename aegis

关于本导览与产品About this tour & the product

常见问题Frequently asked

逐条诚实回答——更多对标中国监管的问答见合规问答库Honest, one by one — more, mapped to China regulation, in the compliance Q&A.

钧衡 / WAN.NOW 的产品导览展示了哪些功能?What does the WAN.NOW product tour show?
逐屏展示管理控制台的九个真实视图:态势主页、影子 AI 发现、使用分析(应用×意图)、逐条会话审计、防篡改取证链一键验真、数据出境台账、护栏与输出侧拦截、按人头成本归因、取证启用态势。每屏忠实复刻产品真实视图,数据为脱敏演示。Nine real console views, screen by screen: situation home, shadow-AI discovery, usage analytics (apps × intent), per-conversation audit, one-click tamper-evident chain verification, the cross-border egress ledger, guardrails & output-side interception, per-head cost attribution, and forensic-enablement posture. Each screen is a faithful rendering of the real view, with anonymized demo data.
钧衡和 WitnessAI 等云端 AI 治理方案有什么不同?How is WAN.NOW different from cloud AI-governance tools like WitnessAI?
钧衡私有化部署、内容不出企业内网,并且有三件云端 SaaS 形态结构上难以提供的能力:防篡改取证链一键验真(出具可打印法律证物、任何人可离线复算)、数据出境境内/境外逐请求台账(个保法 / 数据出境合规证据)、按员工/部门的真实成本归因与计费WAN.NOW is self-hosted and keeps content inside your network, and offers three things cloud SaaS structurally can't easily match: one-click tamper-evident chain verification (a printable legal exhibit anyone can recompute offline), a per-request domestic/overseas egress ledger (evidence for PIPL / data-export compliance), and per-employee/department cost attribution and billing.
钧衡默认会记录员工与 AI 的对话内容吗?Does WAN.NOW record employees' AI conversations by default?
不会。全量内容审计与 DLP 默认关闭,由服务端双钥(环境开关 + 法律确认句柄)守护,控制台无权开启。启用前须完成审批人、法律依据、员工告知、留存期四步治理就绪核对(合规前置);即便采集关闭,防篡改链仍可重放验真。No. Full content audit and DLP are off by default, gated by a server-side two-key control (env switch + legal-acknowledgment handle) the console cannot flip. Enabling first requires a four-step readiness checklist — approver, legal basis, employee notice, retention period. Even with capture off, the tamper-evident chain stays replayable.
钧衡怎么证明审计记录没有被篡改?How does WAN.NOW prove its audit records weren't tampered with?
审计记录串成 SHA-256 / 国密 SM3 哈希链。一键全链重放即可逐条比对前向哈希链接与内容哈希:通过则盖「封」字钢印并出具可打印的《链验真报告》,任一处被篡改则盖「断」破章并精确定位断点;链头还可发往外部公证锚。结论只含位置与哈希断点,不含任何对话明文Records are chained with a SHA-256 / SM3 hash chain. One click replays the whole chain, comparing every forward-hash link and content hash: a pass stamps a "Sealed" chop and issues a printable verification report; any tamper stamps a "Broken" chop and pinpoints the break; the chain head can also be published to an external notary anchor. The verdict carries only positions and hash breaks — never any conversation plaintext.
钧衡支持国产大模型接入和数据出境合规吗?Does WAN.NOW support domestic LLMs and data-export compliance?
支持。网关提供原生 OpenAI 协议入站,可把 Codex 等客户端统一路由到国产大模型(DeepSeek / Kimi / 通义 / 智谱);数据出境台账按部门 / 员工 / Provider 记录境内/境外逐请求,作为个保法与数据出境评估的证据。(国产上游路由代码已建、默认关闭,运营登记 key 后启用。)Yes. The gateway offers native OpenAI-protocol inbound and can route clients like Codex to domestic models (DeepSeek / Kimi / Qwen / GLM); the egress ledger records domestic/overseas per-request by department / employee / provider as evidence for PIPL and data-export review. (Domestic-upstream routing is built and off by default, enabled once an operator registers keys.)
导览里的数据是真实的吗?Is the data in the tour real?
不是。所有数字与名称均为脱敏演示数据。但每一屏的结构、标签、指标与状态都忠实取自产品真实视图;在建能力(意图 ML 模型、提示词重路由、国密 TLCP 传输等)均诚实标注「尚未交付」,我们不把在建当已有卖。No. All figures and names are anonymized demo data. But every screen's structure, labels, metrics and states are taken faithfully from the real product views; in-progress capabilities (intent-ML model, prompt reroute, SM TLCP transport, etc.) are honestly marked "not yet shipped" — we don't sell work-in-progress as done.