The full document is in active development. Here's what it will cover when published — and how to get the working draft today.
A complete, threat-modeled security architecture for Permit0's pre-execution policy enforcement.
What we defend against, what we explicitly don't, and the trust boundaries between agent, gate, and execution. The honest list of in-scope and out-of-scope threats — written for engineers and review boards, not marketing.
How the @guard decorator intercepts agent tool calls, how the policy engine evaluates them, and how decisions return a signed capability token before execution proceeds.
Token format (PASETO v4.public), payload binding to argument hashes, constraint envelopes, TTL, replay protection, and the verification path inside the Execution Gateway. Why an adversarial prompt cannot bypass a signed gate.
Global override authority across deployment modes. How customer security teams suspend an agent fleet in seconds, what break-glass auditing produces, and how recovery proceeds without losing audit continuity.
Cloud, managed VPC, and self-hosted modes — the exact data-residency, telemetry, and operator-access guarantees of each. Built for security review boards comparing architectures during procurement.
What Permit0 mitigates: prompt injection, privilege escalation, irreversible mutation, cross-session attack chains, exfiltration via tool calls. What's out of scope: model-internal reasoning attacks, host-OS compromise, network-layer attacks. STRIDE-categorized with explicit assumptions.
Two paths — pick whichever fits your timeline.
The founders are happy to share the WIP architecture document on a 30-minute call and answer security questions in real time. We've done dozens of these — they're substantive, not sales calls.
Talk to founders →One email when this document ships. No newsletter, no marketing cadence — just the link to the published doc.
We'll only use your email to send this single notification.