> ## Documentation Index
> Fetch the complete documentation index at: https://docs.formal.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# What is Formal?

> Learn about Formal's AI-powered Privileged Access Management solution for modern data-driven organizations

export const G = ({term, anchor, children}) => {
  const href = anchor ? `/docs/glossary/index#${anchor}` : `/docs/glossary/index`;
  return <a href={href} className="glossary-link" style={{
    textDecoration: "underline",
    textDecorationLine: "underline",
    textDecorationColor: "#6b7280",
    textDecorationThickness: "1px",
    textUnderlineOffset: "2px",
    color: "inherit",
    transition: "text-decoration-color 0.2s ease",
    borderBottom: "none"
  }} onMouseEnter={e => e.target.style.textDecorationColor = "#fff"} onMouseLeave={e => e.target.style.textDecorationColor = "#6b7280"}>
  {children || term}
</a>;
};

## Introduction

Formal is an AI-powered Privileged Access Management (PAM) solution designed for modern, data-driven organizations. It provides a secure, transparent, and policy-driven way to control how identities (AI agents, users, and machines) interact with sensitive systems such as databases, SSH, Kubernetes clusters, and APIs.

At the heart of Formal is the <G anchor="connector">Connector</G>—a protocol-aware proxy that you deploy within your own network. All requests flow through this Connector, which allows teams to enforce security and compliance policies directly in the data path. Clients talk through the Connector to access <G anchor="resource">resources</G>.

Using the <G anchor="control-plane">Control Plane</G>, you gain visibility into the requests, responses, and <G anchor="session">sessions</G> going through the Connector. You can then write <G anchor="policy">policies</G> that are evaluated against the traffic going through the Connector to perform actions (<G anchor="masking">masking</G>, blocking, filtering) against requests, responses, and sessions.

## Examples

You can use Formal to restrict the kinds of SQL queries your engineers can make to your databases while masking and redacting the data as it leaves the DB:

<Diagram
  diagram={`
sequenceDiagram
participant Engineer
participant Formal Connector
participant PostgreSQL Database

Engineer->>Formal Connector: SELECT * FROM pii
Formal Connector->>PostgreSQL Database: SELECT id, email FROM pii limit 5
PostgreSQL Database-->>Formal Connector: {id: 123, email: "user@example.com"},{id: 456, email: "user2@example.com"}
Formal Connector-->>Engineer: {id: 123, email: "****@******.com"}

`}
/>

You could enable local Github MCP servers to make some HTTP requests to the Github API but not others:

<Diagram
  diagram={`
sequenceDiagram
participant GitHub MCP Server
participant Formal Connector
participant GitHub API

GitHub MCP Server->>Formal Connector: POST /repos/pulls
Formal Connector->>GitHub API: POST /repos/pulls
GitHub API-->>Formal Connector: 201 Created
Formal Connector-->>GitHub MCP Server: 201 Created

GitHub MCP Server->>Formal Connector: PUT /repos/pulls/merge
Formal Connector-->>GitHub MCP Server: 403 Forbidden

`}
/>

You can monitor SSH sessions to your bastions for anomalous behavior and have Formal automatically classify the risk level:

<Diagram
  diagram={`
sequenceDiagram
participant Engineer
participant Formal Connector
participant EC2 SSH Bastion
participant Formal Control Plane

Engineer->>Formal Connector: Engineer to connect over SSH to "Bastion" EC2
Formal Connector->>EC2 SSH Bastion: SSH connection allowed, forward connection
EC2 SSH Bastion-->>Formal Connector: Connected
Formal Connector-->>Engineer: Connected

Engineer->>Formal Connector: rm -rf /var/log/*
par
    Formal Connector->>Formal Control Plane: Session Risk Level: 5
and
    Formal Connector->>EC2 SSH Bastion: rm -rf /var/log/*
end
EC2 SSH Bastion-->>Formal Connector: Command executed
Formal Connector-->>Engineer: Command executed

`}
/>

## Get started

<CardGroup cols={2}>
  <Card title="Deploy a Connector" icon="server" href="/docs/guides/getting-started/quickstart">
    Deploy your first Connector and start streamlining access to your databases
    right away.
  </Card>

  <Card title="Add a Resource" icon="database" href="/docs/guides/core-concepts/resources">
    Connect your first database to Formal in less than five minutes.
  </Card>
</CardGroup>
