Enterprise-grade, by default.
Zero-trust architecture, identity that federates with what you already run, and governance built into the platform. For users and agents alike.
Architected for enterprise control.
A semantic foundation for agents.
A unified knowledge graph models your plants, equipment, products, and processes. Agents reason over relationships and meaning, not raw rows. That is what lets them act safely on real plant data and produce decisions you can trace back to the source.
One authorization model. Users and agents.
Permissions are scoped to the asset hierarchy in your knowledge graph (sites, areas, lines, equipment) and to the actions a role is allowed to take. Agents inherit the scope of the user or service they act on behalf of and can never reach beyond it. The same model governs everything that touches your data.
Every service has its own identity.
Every service authenticates itself before talking to anything else. Traffic between services is encrypted in transit, and stored data is encrypted at rest with unique keys. Human identity flows from your existing single sign-on and is re-validated at every request.
Every outbound byte is initiated from inside the factory.
No external system reaches in. Each pipeline runs from inside your perimeter and declares what data it ships off-site, on what cadence, and where it goes. Anything from "nothing leaves" to "aggregated context only" is configurable, and the decision sits with your team.
Runs where your data lives.
Kubernetes-native, locked down by default.
context/fab runs as a set of Helm-managed services across isolated Kubernetes namespaces, with default-deny network policies between them and TLS rotated automatically. Our security baseline is enforced as policy-as-code: every manifest is checked against the standards we expect, in CI, before it reaches production.
Edge clusters for sites that can’t reach the cloud.
For plants with strict air-gap, latency, or sovereignty requirements, the same stack runs on edge clusters hosted on industrial PCs or smart gateways. Site-local services keep operating during connectivity loss and reconcile with the central plane over encrypted channels when the link returns.
How we build for the enterprise.
Zero trust.
Every request authenticated, every action authorised. No implicit trust between services, users, or agents, inside the cluster or out.
Governance for users and agents.
The same policy model covers the analyst on a dashboard and the agent reasoning over the knowledge graph. Every decision traceable, auditable, and revocable.
SSO and SCIM.
Federates with your existing identity provider. Users, groups, and lifecycle stay in one place. Joiners, movers, and leavers propagate automatically.
Principle of least privilege.
Roles scoped to the data and actions each user or agent needs, and nothing more. Permissions are explicit, time-bound where appropriate, and reviewed on schedule.
Best-in-class AI governance.
Every agent action is logged with its inputs, tools, and context. Guardrails, approvals, and revocation are first-class, not afterthoughts.
ISO 27001 and SOC 2 (soon).
Local data residency (EU-hosted SaaS, or your cloud and geography for enterprise), independently audited information-security management, and full subprocessor transparency. SOC 2 Type 2 on the roadmap.
Local data residency.
Our SaaS is EU-hosted. Enterprise deployments run in your cloud, in your geography.
ISO 27001 certified.
Independently audited information-security management.
SOC 2 Type 2 (soon).
On the roadmap, with full subprocessor transparency today.