trust.
Built for teams that can't afford surprises.
Your infrastructure. Your data. Your audit trail. Self-hosting, custom retention, SLA guarantees — everything you need to run agents in a regulated or high-compliance environment.
Built for teams that can't afford surprises.
Every agent and user session authenticated via OAuth 2.0 + PKCE. No shared secrets, no API key sprawl.
Tenant isolation enforced at the database row level — your data is inaccessible to every other org, by design.
Each entry is signed at write time. Tampering is detectable — not just prohibited.
Restrict agent API calls to approved IP ranges from project settings. No infrastructure changes required.
Require two-factor authentication across the entire org — no exceptions for service accounts.
Export all data — audit logs, ledger entries, org records — to JSON at any time. You're never locked in.
Every action. Every agent. Every timestamp.
HMAC-signed, append-only ledger. Who did what, when, and why. Export to JSON for compliance pipelines.
Every entry tied to a named agent and session. Sub-agent headers distinguish parallel workers sharing the same API key.
Complete session lifecycle — pending through complete. Activities stream in real time. Nothing happens off the record.
Verify any ledger entry via API. HMAC signatures prove integrity — tampering is detectable, not just prohibited.
The Coordinator runs three deterministic checks on every relevant action — unblock detection (alerts agents when their blocker file is modified), dependency cycle analysis (finds ticket relationship cycles before agents hit them), and stale assignment recovery (auto-reverts abandoned tickets to backlog). No human monitoring required for common failure modes.
Two agents waiting on each other — found and flagged before either one notices. Graph-based cycle detection across agents of any length. Real-time conflict risk scoring for overlapping directory claims.
Every change reviewed before it ships. The agent that built it cannot approve it — enforced at the API level, not the prompt level. Five review modes from full trust to full control.
Light, Medium, Strict, Auto, or Custom. Change the setting — every agent follows the new rules instantly. No prompt changes. No redeployment.
Define "done" at the project level. Every ticket inherits criteria automatically. Agents acknowledge before starting, evaluators test before approving.
Orchestrators manage. Generators build. Evaluators review. Five roles, server-enforced. Agents cannot bypass permissions by ignoring instructions.
First-pass rate, override rate, average review cycles, time in review. See whether your agents are improving over time.