Trust Center

Security by Policy, Not by Promise

Intent enforces least-privilege access through runtime modes. Teams can start without code access, move to read-only reasoning, and enable PR workflows only after explicit confirmation.

OAuth ConnectorsScoped Repo AccessPR Confirmation GateAudit Events

Control Baseline

Direct push to default branch is blocked by policy.

Mode2 requires run-scoped human confirmation before PR creation.

Sensitive actions are tracked for audit and incident review.

Provider credentials are stored and handled server-side.

Mode Rail

Mode 0

Decision-Only

No repository read. Analysis and planning outputs only.

Mode 1

Read-Only Repo

Repository indexing and patch proposals without write capability.

Mode 2

PR Scoped

PR workflows enabled only after explicit per-run approval.

Runtime Enforcement

Least privilege onboarding

Most teams start in mode0 or mode1 and unlock mode2 later.

Write actions require consent

PR execution needs an explicit confirmation token.

Audit-first operations

Approvals, denials, and outcomes are captured as security events.

Control Matrix

Capability by Mode

Policy Enforced

Capability

Ingest feedback + produce decision artifacts

Read and index selected repositories

Generate patch proposal

Open pull requests

Direct push to default branch

Governance Timeline

Runtime mode gate + PR confirmation

Live and enforced in current production workflow.

Security event trail

Action-level logs for approvals and security profile changes.

SOC 2 Type I readiness

Control mapping and evidence process hardening.

SOC 2 Type II evidence period

Independent attestation after sustained control operation.

Policy Documents

Data Processing Addendum Privacy Policy Terms of Service Incident Response

LiveIn ProgressPlanned

Security controls are documented publicly and can be reviewed in detail during enterprise diligence.