Product
Built around a single bet: agents propose, policy disposes, humans approve.
A crew of AI agents reads your repo, your declared stack, and a signed Rego policy bundle. They open pull requests against a separate platform repo. ArgoCD or Flux deploys merged PRs. Humans always merge. No production credentials in agent hands; no autonomous merge path; ever.
The crew
Coordinator. DevOps Engineer. Code Reviewer. Baseline Security.
A baseline crew on every subscription. Specialists (SOC2 today; HIPAA, FedRAMP, PCI, ITIL, SRE on the roadmap) join the conversation when their domain is in scope.
Learn more
The policy
Three signed layers. Each can only ratchet stricter.
A constitution every proposal must respect. Curated regulatory packs and free community packs on top. Your customer overlay at the deepest, most authoritative layer — provable at compile time by the policy linter.
Learn more
The supply chain
Cosign-signed artifacts. Init-container verification. Verify yourself.
Every runner image and policy bundle is cosign-signed against a publicly verifiable key. An init-container verifies the bundle before the workload sees it. The verification command is the same one you would run.
Learn more
Git push. Go home.
The agent does the syntax. The human does the judgment. The merge stays where it belongs.