Security is a product feature. Not a checkbox.
Four invariants that hold whether one agent calls or a fleet does. Plus a frank list of what we do not claim. The fastest way to build trust with a security buyer is to surface the boundary, not hide it.
The proof stack
Trust, but verify offline. Three artifacts compose into a single offline-verifiable economic event.
signed receipt
gateway pipeline
audit chain
Four invariants
Zero custody
We never hold funds. Receipts are signed via a Signer port; production implementations are KMS / HSM-backed, not in app code, not in env. Ephemeral signers are refused in production without explicit override.
Zero leakage
A 24-pattern leak scanner runs over every artifact before it can leave the gateway. Bodies are sha256-hashed by default. Bearer tokens, signed URLs, storage refs, JWT shapes, PEM headers, and DB credential URIs all fail the scan.
Tamper-evident
Receipts are Ed25519-signed and indexed. The audit log is append-only and hash-chained per provider. Proof bundles verify offline against a published public key — no contact with us required.
Bounded by design
Every external surface uses a single bounded enum vocabulary, mirrored across CLI, docs, and this site. If a capability cannot be expressed in that vocabulary, it does not ship.
Operator-gated external lanes
Four lanes are shipped end-to-end against an emulator or test harness; the live tenant run requires real operator credentials we do not hold.
| Lane | Status | Pending |
|---|---|---|
| x402 funded settle on public testnet | operator-gated | funded testnet wallet + USDC |
| GCS live bucket export | operator-gated | operator-supplied GCP service-account key |
| Alertmanager live tenant | operator-gated | operator-supplied URL + token |
| External signed-webhook receiver | operator-gated | operator-supplied URL + HMAC secret |
What we do not claim
Boundary register
- We do not claim SOC 2, ISO 27001, HIPAA, or PCI certification.
- We do not claim official Okta, Entra, or Google SAML certification.
- We do not claim official SCIM 2.0 conformance certification.
- We are not externally operator-verified end-to-end yet.
- We are not enterprise GA. Design-partner alpha only.
- No customer logos, names, revenue, or benchmark figures.
- No live x402 funded settle (needs funded wallet + USDC).
- No live GCS bucket export (needs operator-supplied service-account key).
- No live Alertmanager tenant run (needs operator-supplied URL + token).