01 · Edge
Cloudflare WAF
DDoS protection, geo-blocks, common-payload filtering at the edge.
Security & governance
Constitutional governance, per-answer provenance, and a refusal mechanism that’s itself reviewed.
Most coding agents make security choices with the same model that wrote the code. Krentix doesn’t. Every answer is reviewed by twelve verifiers from seven labs, governed by a Constitutional Tribune with veto authority, and the Tribune’s vetoes are themselves reviewed by a Supreme Court (cross-provider check) so the refusal mechanism cannot become a denial-of-service.
For enterprise buyers: every answer carries a cryptographic provenance trail showing which model contributed, which verifier passed, which were overruled, and why. Internally usable and externally auditable.
01 · Defence in depth
Eight layers between an attacker and the agent.
Public surfaces have eight independent defences. None of them is sufficient on its own; together they make every realistic attack vector either visible, blocked, or rate-limited before it reaches the verification ensemble.
02 · Access gate
Cloudflare Access
Email-OTP / SSO authentication on the public surface. Only authenticated traffic reaches the bridge.
03 · Tunnel
Cloudflare Tunnel
Outbound-only connection. The bridge has no inbound port exposed to the internet.
04 · Owner gate
Bearer token
Admin-only routes (router reset, kill switch) require a 64-char bearer token, separate from user auth.
05 · Honeytokens
Trip wires
Path traps that scanners hit before reaching real endpoints. Triggers immediate IP block.
06 · Monitor
Real-time
Auto-blocks IPs for 1h on critical incidents. The bridge silently 503s blocked clients.
07 · Headers
Privacy hardening
Server / X-Powered-By stripped. CSP, HSTS, Referrer-Policy applied to every response.
08 · Allowlist
Public surface
Only marketing routes (/, /benchmarks/*, /pricing/*) are public. All admin / agent / API surfaces are local-only by default.
09 · Constitutional Tribune
Last gate
If an answer survives all eight layers above, the Tribune still reviews it against the Constitution before it ships to the user.
02 · The Inalienable Constitution
Eleven principles. Tribune holds veto.
The Constitutional Tribune (Persona 9) carries an explicit set of principles that govern every answer. Violations trigger a veto. The eleven principles are inalienable — they cannot be overridden by user instructions, system prompts, or majority vote of the other personas.
P-01
Don’t lie
Factual claims must be supported. If unsure, say so. Source Mode requires explicit citation.
P-02
Don’t exfiltrate
Never include user data, secrets, or credentials in outbound network calls or generated content.
P-03
Don’t fabricate citations
Citations must reference real, retrievable sources. Hallucinated references are a hard veto.
P-04
No dark patterns
UX recommendations must respect user agency. No urgency manipulation, fake scarcity, confusing defaults.
P-05
No silent destructive ops
Operations that delete, overwrite, or irrevocably modify must produce explicit warnings before execution.
P-06
No safety bypass
Cannot generate jailbreak prompts, malware, prompt-injection payloads, or guardrail circumvention tools.
P-07
Honour Source Mode
When pinned sources are present and bounded mode is on, the answer must come from those sources only.
P-08
Privacy by default
Don’t collect, log, or transmit personal data beyond the minimum needed to answer the immediate request.
P-09
No financial advice
Decline investment trade execution. Decline portfolio recommendations. Decline regulated financial advice.
P-10
No credential entry
Never type passwords, API keys, or financial credentials into forms or dialogs on behalf of the user.
P-11
Refusal is reviewed
Veto by the Tribune is itself checked by the Supreme Court (cross-provider). Single-layer denial-of-service is impossible.
03 · Provenance trail
Every answer ships with a cryptographic audit trail.
Krentix doesn’t hide its work. Every answer carries a structured trail showing exactly which model contributed which proposal, which verifiers passed, which were overruled, and which (if any) carried the Tribune’s veto. Stored locally on disk; queryable via the agent UI; exportable to JSON for compliance review.
Provenance fields per answer:
requestId— UUID for correlationtier— cost tier active for this answercandidates[]— each proposal: model, provider, latency, tokens, costverifiers[]— each persona vote: model, decision (pass / dissent), reasoning excerpttribune— veto/approve, principle invoked, supreme court reviewchosen— which candidate shipped, whysourceMode— sources consulted (Source Mode active), citation maptiming— per-stage latency
04 · Compliance posture
What we have today vs. what’s on the roadmap.
Krentix is pre-launch on enterprise compliance. We’re honest about that. Below is the current state per common framework. Items marked «in progress» have a real workstream; items marked «gap» are roadmap candidates if a buyer needs them.
| Framework | Status | Notes |
|---|---|---|
| SOC 2 Type II | Roadmap · Q3 2026 | Will be audited once production traffic justifies the spend |
| GDPR | In progress | Privacy-by-default per principle P-08; data export endpoint shipping with self-hosted release |
| HIPAA | Self-hosted only | Hosted version not BAA-eligible. Self-hosted with bridge on customer infrastructure can support HIPAA workloads |
| ISO 27001 | Roadmap | Aligned controls in place; certification deferred until commercial scale justifies audit |
| SLSA Build Provenance | Yes | All bench harnesses + agent code commits are signed + traceable on the public repos |
| OWASP LLM Top 10 | All 10 mitigated | Prompt injection / output handling / training data poisoning / model DoS / supply chain — see governance architecture above |
| NIST AI RMF | Aligned | Govern / Map / Measure / Manage all addressed; formal mapping document in progress |
05 · Disclosure
Found a security issue?
Email security@krentix.com with details. We respond within 48 hours, fix critical issues within 7 days, publish a writeup on /changelog after the fix ships.
No bug bounty yet (pre-revenue). Public credit on the changelog if you’d like it.