The control plane sits before the query runs.
Wren AI does not treat governance as a review step after an answer is produced. The request is resolved through identity, project permissions, semantic definitions, row and column controls, SQL validation, and audit logging before results reach the user.
OIDC and workspace roles identify who is asking.
The MDL semantic layer constrains metrics, joins, and business logic.
RLS and CLS are applied at query time before execution.
SQL and answer lineage are recorded for review.
Inside the policy check
How a prompt becomes governed SQL
01 · The request
“Show Q4 revenue by region”
Session properties are resolved from OIDC — not supplied by the prompt.
02 · Wren Engine
Policies applied before execution
Row filters, column masks, approved joins, and bound parameters — SQL injection is structurally blocked.
03 · Governed SQL
WHERE region = 'EMEA'
The row filter is injected from session context; values are bound, never string-pasted.