Designed for regulated finance environments — air-gapped, auditable, and governed by strict role-based access control.
Stateless token auth with short-lived sessions.
Role checks at every API boundary and route.
Per-workspace storage isolation, no cross-tenant access.
Immutable trail of every privileged action.
TLS termination via nginx, HSTS-ready.
Strict origin allow-lists per environment.
No mandatory outbound connections at runtime.
SAML / OIDC on the roadmap for enterprise identity.
| Capability | User | Admin | Super Admin |
|---|---|---|---|
| Upload & RAG chat | ✓ | ✓ | ✓ |
| Manage own workspace | ✓ | ✓ | ✓ |
| Manage users & workspaces | — | ✓ | ✓ |
| Realtime audit trail | — | ✓ | ✓ |
| Runtime & engine config | — | — | ✓ |
| Feature flags | — | — | ✓ |