Govern AI coding agents at company scale.
Eight capabilities that turn raw agent access into auditable, budgeted, self-hostable infrastructure. Pick one to dive in.
Audit signing chain
Ed25519 signs every audit row. Tamper-evident hash chain. Verify any range cryptographically against your public per-company key.
Read moreSIEM push
Stream signed audit events to Splunk, Datadog, Elastic, Microsoft Sentinel, or S3 WORM. mTLS + JWT, retry with backoff.
Read moreSSO + SCIM
OIDC login from Okta, Azure AD, Google. Optional SCIM 2.0 for full user lifecycle. JIT-provision groups on first login.
Read moreBudgets & cost ledger
Per-team, per-user, per-repo cost visibility with real-time burn-rate. Token cost attributed to the exact prompt. Seat limits plus configurable USD caps that hard-stop, notify, or warn on breach.
Read moreSession replay
xterm-accurate playback with scrubber, bookmarks, lazy keyframes. Your full retention window at your fingertips.
Read moreAir-gapped install
Signed mega-tarball. Customer-supplied license JWS. Caddy internal CA. Optional offline update server, polled - never push.
Read moreAgent workflows
Wire agent and exec steps into a DAG, validate it, run it, and watch the run record live. Starter templates and a visual canvas. Tenant-scoped; node timeout sends SIGTERM.
Read moreSandbox / egress isolation
Opt-in per-company policy to run agent sessions in an isolated network namespace (netns). Egress is denied by default, so an agent can't exfiltrate over the network. Default off.
Read more