Built on proof,
not promises.
Prompts and responses stay in your workspace. Only hashes go on chain. Keys scoped per agent. Anyone can verify a decision — no API key.
Where we are today.
Honest status. No "coming soon" without dates. Underline-honest about what's in flight vs in place.
What we store, and what we don't.
The chain stores the hash of every prompt and every response — not the content. Your prompts, your responses, your retrieved chunks, your agent's reasoning all stay in your workspace, encrypted at rest. We can't decrypt them. Neither can the chain.
We do store, in our workspace database: the model chosen, the candidate set, the caps you set, the dollar amount, the timestamp. That's what we need to bill, route, and prove. Nothing else.
workspace_db: {
model_chosen,
candidate_set,
caps,
cost,
timestamp
}
on_chain: {
prompt_hash, response_hash, decision_hash
}
never_stored: [prompts, responses, embeddings]
Keys are scoped to one agent each.
Every API key authenticates exactly one agent. Caps, budget, pause toggle, audit trail all live on the agent — not the workspace. If a key leaks, you rotate it in the dashboard and the blast radius is one agent's wallet, not your account.
For production workflows, we recommend rotating keys at the cadence your secret-store enforces. Ours is rotation-agnostic — you can rotate every hour or never, and routing behavior doesn't change.
Long-lived · scoped to one agent
The default. Created when you add an agent. Rotatable, revocable, with budget caps that survive rotation.
Admin · for CI and provisioning
For tooling that needs to spin up agents from a template. Reads workspace-wide; can't bypass agent-level caps.
Verifiable by anyone, no key required.
The audit chain is public. Anyone with an inference id can pull the record — your customer, your customer's auditor, a regulator. They re-hash the canonical payload locally and compare to the chain. We can't change history; nobody can.
This is the difference between "we'll show you a log" and "you can prove it yourself." For agent workflows that touch money or PII or anything subject to scrutiny, this is the bar. read how audit works →
Where we run, who has access.
Production runs on Railway (us-east) with Cloudflare on the edge and Supabase as the system of record. EU and AP regions are on the roadmap and we'll publish them here when they ship — not before.
No engineer has standing production access — only just-in-time and time-bound. All admin actions land on the audit chain in the same shape as customer routing decisions.
Found something? Tell us.
We're in public beta. A funded bug-bounty program with tiered payouts launches with GA — we'll publish the amounts and the triage SLA here when it does. Until then, please disclose responsibly. The chain is the product, so chain-integrity reports get our first attention.
What we care most about.
If you can post a fraudulent routing decision · forge an audit hash · cause a quiet cap downgrade · escape a workspace · or otherwise compromise the trust model — please report it. We acknowledge within one business day and keep you in the loop until it's resolved.
Talk to security.
Real humans answer this address. We respond within one business day.