The posture behind the product.

A full trust page lives downstream of the CTO doc and tracks every specific control. The commitments below are the spine: these are the claims any Cassiel-owned surface meets today.

Atomic audit.

Every mutation batches its governance write and its audit entry in a single database transaction. Failed mutations still write an audit row before throwing — operators see not only what was committed but also what was refused.

Workspace scoping.

Every API surface and every MCP tool resolves the acting workspace before it reads or writes. Scoped lookup helpers prevent cross-workspace existence leaks.

Edge-enforced access.

Auth runs on every protected request at the edge. No browser-only gates. No client-side trust.

Signed release artifacts.

Every published release is HMAC-SHA256 signed and verified at serve time. Study workers refuse to serve an artifact whose signature doesn't match.

Retention lock.

Release artifacts sit on R2 with indefinite retention lock. Log artifacts retain 365 days. Operators cannot bypass retention without an account-level admin action, and admin actions are themselves audit-logged.

Transport-distinguishable audit.

Every write carries its actor type — user, cli, agent, workflow. Every operation is attributable. An agent action and a human action leave different fingerprints in the log.

Zero PII at the edge.

Public study surfaces relay payloads through the platform without persisting. ESLint refuses to compile a runtime that imports a database client.

Caveat — R2 bucket lock.

Cloudflare's lock is closer to S3 Governance mode than Compliance mode. An account admin can remove the rule. Cloudflare audit logs capture the removal; SHA-256 integrity hashes in D1 detect tampering independently. For insider-proof guarantees, we can add cosign signing on top.

Questions?

Security questionnaires, SIG-Lite responses, and detailed control documentation are all available on request at security@cassiel.app.