Explicit principals
Humans, agents, services, and system jobs are distinct identities with distinct ownership and grants.
Security architecture
Onterix is being designed around explicit principals, same-or-stricter source access, data-plane credential isolation, destination-aware protection, exact-action approvals, and reconstructable evidence.
Security invariants
Baseline tenant isolation, permission checks, approval enforcement, redaction, idempotency, and audit integrity are intended as platform security foundations—not optional shortcuts.
Humans, agents, services, and system jobs are distinct identities with distinct ownership and grants.
On-behalf-of access intersects the subject, actor, client, credential, source, and tenant policy.
When a source can express permissions, the runtime cannot manufacture broader authority.
Agent hosts and model providers never receive downstream connector credentials.
Approval authorizes one eligible, versioned payload and cannot expand the execution boundary.
Audit records safe summaries, hashes, versions, findings, and refs—not blind copies of sensitive payloads.
Evidence chain
A useful audit record connects identity, source permissions, client trust, protection findings, policy, transformations, approval, execution, and outcome without leaking the sensitive values it is meant to protect.
Customer-controlled plane
Strict deployment modes are intended to keep the content-bearing execution path and its sensitive operational state in the customer environment.
Trust status
The architecture and deployment modes on this site are target commitments under active implementation. Onterix does not claim certifications, service levels, production availability, or verified client and connector coverage that have not been completed.
| Area | Current public status | How we present it |
|---|---|---|
| Runtime | Runnable Phase 0 scaffold and fixtures | Private preview development |
| Connectors and clients | Readiness varies; reference and target paths | Labeled per surface |
| Deployment modes | Target architecture; not generally available | Planned |
| Compliance certifications | No public certification claim | Not claimed |
| Production SLA and recovery | Internal targets, not a customer SLA | Not claimed |
Security review
Design partners receive a scoped architecture and security review tied to the workflow, connectors, data classes, providers, and deployment boundary being evaluated.