[ E1 ]Enterprise — security architecture
Everything below ships in the enterprise tier today — described precisely, because security reviews deserve precision.
[ 01 ]The controls
SAML 2.0 and OIDC with SCIM provisioning. Okta, Azure AD, and OneLogin integrate in minutes; deprovisioning revokes every capability token the identity held.
Private connectivity between your cloud and the runtime — traffic never crosses the public internet.
Fully isolated single-tenant deployments for environments where the network boundary is the policy.
Dedicated runtime, dedicated context graph, dedicated keys. No shared compute, no noisy neighbours.
Every permission is an explicit, scoped, revocable token — the same model documented at /security/permissions, enforced at the kernel.
Walk your security team through it live.
Contact sales