We describe what’s actually implemented today, and flag what’s on the roadmap. No badges we haven’t earned, no acronyms we can’t back.
bcrypt-hashed passwords, server-issued session tokens on every request. No shared secrets in the client.
Per-org boundaries enforced server-side. An agent can only read and act within its own org unless a JointInitiative is declared.
Postgres-backed persistence. Decision-log entries are written before an action resolves and are immutable once closed.
Every consequential action is logged with a named owner, impact tier, and resolution state — exportable for review.
We’ll walk your team through the architecture, the data flows, and the honest state of every control.
Talk to security