Architecture, not adjectives.

Credential security

Cloud credentials never touch our application database.

Azure Key Vault, retrieved at scan time, never cached.

Your AWS, GCP, Azure, GitHub, and Okta credentials live in Azure Key Vault — keyed by workspace and provider. Vera retrieves them at scan time, holds them only as long as the scan runs, and discards them. They are never written to our application database, never logged, never persisted in memory between scans.

Evidence integrity

Every evidence pack is cryptographically signed and timestamped.

RSA/ECDSA signatures + RFC 3161 timestamps from six TSAs with automatic fallback.

Each evidence package ships with a per-file SHA-256 manifest, a digital signature (RSA or ECDSA), and an RFC 3161 timestamp from a third-party Time Stamping Authority. The timestamps are legally recognized — DigiCert, Sectigo, GlobalSign, Entrust, plus two backups — with automatic fallback if any TSA is unreachable.

Infrastructure access model

Read-only by construction. Source code is never persisted.

GitHub App with no write scopes. Cloud APIs called read-only. Code scanned in memory, then deleted.

Our GitHub App manifest does not request administration:write — Vera cannot modify your repositories. When she finds a config issue, she returns guidance with a deep link. Code scans pull source files into memory for secret and pattern matching, store the findings, and discard the source. Cloud scans use native provider SDKs — no shell execution, no CLI dependencies.

Data isolation

Workspace boundaries are enforced on every query — by construction.

AsyncLocalStorage execution context filters every database call by workspaceId.

Every service call runs inside an AsyncLocalStorage context that carries the active workspaceId. The data layer rejects any query that doesn't include workspace filtering — there is no path to read another tenant's data, even by mistake. Foreign-key constraints between Organization → Workspace → ComplianceProgram make the boundary structural, not a runtime hope.

API security

Enterprise API keys are hashed, time-safe, and IP-scoped.

BCrypt at rest, timing-safe comparison, CIDR allowlists, per-key scopes, tiered rate limits.

API keys are stored as BCrypt hashes; verification uses constant-time comparison so attackers cannot enumerate keys by timing. Each key carries a scope (read-only, signing, admin) and an optional CIDR allowlist (IPv4/IPv6) so production traffic must come from approved networks. Production error responses are sanitized — no stack traces, no Prisma errors, no internal paths.

AI agent governance

Vera cannot ship policy, accept risk, or dismiss findings autonomously.

Role-based tool access, risk-tiered approval gates, and a full audit trail on every invocation.

Vera's tools are gated by role (ADMIN / REVIEWER / VIEWER / TESTER / AUDITOR / EMPLOYEE) and by risk tier. The legally consequential actions — approving a policy, accepting a risk, dismissing a finding — always require an explicit human approval. Every tool call goes through createAuditedTool(), which records who triggered it, with what parameters, and what the result was.

Audit logging

Every API call, every signing operation, every agent action is logged.

Logged at the boundary, redacted of secrets, structured for fieldwork.

API requests record method, path, status, duration, IP, user agent, and request ID. Signing operations record algorithm, TSA URL, serial number, and verification result. Agent actions record tool name, parameters (with secrets redacted), result, and actor attribution. The audit log is itself SOC 2 evidence — auditable proof that AI agent authority is documented and constrained.

Encryption

AES-256-GCM at rest, HTTPS in transit, signed URLs for evidence access.

Symmetric encryption for sensitive blobs. Time-bounded URLs for object storage.

Sensitive data at rest — share passwords, customer signing keys, BYOK envelopes — is encrypted with AES-256-GCM. Evidence in object storage is served via signed URLs that expire in 15 minutes and are scoped to a workspace prefix. There are no plaintext endpoints; HTTPS is required everywhere, with HSTS preload.