Trust is architectural.
OmniSentient is built on the principle that trust must be enforced in code, not in policy. Every guarantee below is system-verified — observable in the audit ledger, blockable at the API layer, structurally impossible to bypass.
Current security posture
Each signal below is verified at runtime. Status is computed from the platform's own audit ledger — not self-attested.
All mutative operations (POST, PATCH, DELETE, PUT) are blocked at the API layer for viewer-role users. Role resolved from verified JWT claims only — never from request bodies.
Every database query is scoped by org_id at the query layer. Supabase Row Level Security (RLS) enforces the same boundary at the DB level — defense in depth.
All system events are written to an append-only audit table. Entries include UTC timestamp, actor identity, correlation ID, and module origin. No edits, no soft-deletes.
All authenticated sessions use HMAC-signed JWTs with expiry enforcement. Tokens stored in httpOnly cookies — never in localStorage.
Double-submit cookie CSRF tokens on all state-mutating endpoints. SameSite=Lax cookie policy as a secondary defense layer.
What we read, what we don't.
Dependency manifests (package.json, requirements.txt, go.mod, pom.xml). Workflow run logs. Webhook event metadata.
Application source code outside identified vulnerability paths. Secrets, credentials, environment variables. Private repository content beyond the minimum required for the scan.
No force-pushes, no direct commits, no merges. All remediation requires a Pull Request and a human approval gate. Zero-write principle.
How we respond.
Report security issues to security@omnisentient.ai. We acknowledge within 24 hours and publish a CVE if warranted.
All platform-level incidents create a ledger entry with UTC timestamp and actor identity. Status updates published at /status.
Affected organizations are notified within 72 hours of confirmed breach. Forensic audit exports available on request for compliance filings.
Structural properties of the audit ledger.
These are not policies that can be toggled off. They are how the ledger is built.
Actor Attribution
Every entry records the verified GitHub identity of the actor. Anonymous writes are blocked at the database constraint level.
UTC Timestamps
Stored and rendered in UTC. Relative time tokens ("4m ago") are computed at render time from the source UTC value — never stored as relative.
Correlation IDs
Every incident, audit event, and system action carries a correlation_id linking it to its causal chain. Investigation is graph traversal, not text search.
Want to review the architecture?
The architecture page documents the full system stack, data flow, and security principles.