Register

Security

DataGrout is built with security at every layer — from transport-level mutual TLS to runtime policy enforcement and cryptographic workflow verification. Every tool call is authenticated, authorized, policy-checked, and auditable.

security@datagrout.ai

Authentication

Four authentication methods, all enforced before any tool call reaches upstream integrations.

Access Tokens Per-agent bearer tokens with instant revocation.
OAuth 2.1 Client credentials and authorization code + PKCE flows with short-lived JWTs and automatic refresh.
Mutual TLS (mTLS) Certificate-based identity via the DataGrout CA. After one-time bootstrap, agents authenticate at the TLS layer with no secrets in transit.
Single Sign-On (SSO) Sign in with Google or GitHub. Team and enterprise SSO providers coming soon.

Runtime Security

Semantic Guards

  • Side effect controls (none / read / write / delete) enforced before execution
  • Destructive operation blocking — prevents delete, drop, purge, and truncate
  • Scope verification — agents can only access their configured integrations

Dynamic Redaction

  • Automatic PII detection — emails, phone numbers, SSNs, credit cards, addresses
  • Configurable masking strategies per field (scramble, apron, mask, fixed-length)
  • Server-side only — agents never see original sensitive values

Policy Cascade

  • Monotonic policy inheritance — child policies can tighten but never loosen restrictions
  • Server → integration hierarchy with per-integration overrides
  • Complete audit trail for every policy decision

Cognitive Trust Certificates

  • Ed25519-signed proof that workflows are cycle-free and type-safe
  • Budget verification — workflows cannot exceed credit limits
  • Tamper-evident certificate chains — child CTC IDs are covered by the parent signature

Transport Security

TLS Everywhere All connections use TLS 1.2+ with modern cipher suites. No plaintext transport is accepted.
Client Certificate Identity mTLS identities are X.509 certificates signed by the DataGrout CA with ECDSA P-256 keys. Auto-discovery and rotation are built into the Conduit SDK.
Credential Isolation Integration OAuth tokens and API keys are encrypted at rest and scoped per-user. Agents never see upstream credentials.

Network Security

Restrict access at the network layer before any authentication or policy check runs.

IP Whitelisting Limit incoming requests to specific IP addresses or CIDR blocks. Any request from an address outside the allowlist is rejected before it reaches your integrations.
Automatic Kill Switch Credentials are automatically revoked the moment they are used from an unrecognized IP address. Stops lateral-movement attacks without requiring manual intervention.

Cadence — Intelligent Loop Detection

Cadence goes beyond simple time-window deduplication. It understands the consequence of each tool call and detects whether the world state changed between identical calls — distinguishing a stuck agent loop from a legitimate retry or repeated query.

Consequence Tiers Every tool is automatically classified by its declared side-effect metadata. Tiers are derived from existing tool annotations — no configuration needed.
Read Queries and lookups get lenient thresholds — multiple identical reads are allowed before triggering a warning.
Write Create and update tools get a confirmation gate after the first execution with identical arguments.
Destructive Delete, send, and irreversible tools get a hard block on repeat calls with no state change.
State-Change Awareness A monotonic sequence counter tracks every tool completion in the session. If another tool ran between two identical calls, the world state changed and the second call is allowed. If nothing changed, it’s a loop.
Time-Window Backstop The traditional debounce layer remains as a secondary defense. Configure per-outcome rules (success/error) with adjustable time windows for additional protection.
Zero Credit Cost Blocked calls are rejected before credit checks or upstream execution. Duplicates never consume credits or trigger side effects. Write-tier gates return isError: false with structured guidance so agents can adapt.

Approval System

Require a human sign-off before sensitive tool calls execute. Configurable per server so you can enforce oversight exactly where you need it.

Approval Modes

  • Manual — require explicit approval from configured approvers before execution
  • Automatic — allow execution without human review when risk level is low

Quorum Controls

  • Configurable quorum — require one approver or a majority of the approval group
  • Single-rejection blocking — any approver can veto a pending tool call
  • Scoped by operation type — approvals can be required only for writes or deletes

DataGrout Certificate Authority

The root of trust for all platform identities and trust artifacts. Two separate key types serve distinct roles: ECDSA P-256 for X.509 client certificates (mTLS identity) and Ed25519 for signing Cognitive Trust Certificates, rule packs, and machine-client JWTs. The P-256 CA key is held in an AWS KMS hardware security module (FIPS 140-2 Level 2) — private key material never leaves the HSM.

HSM-Backed X.509 Signing Client certificates are signed via the AWS KMS Sign API using ECDSA P-256. The CA private key exists only inside a FIPS 140-2 validated hardware module — no key material in memory, on disk, or in environment variables.
Ed25519 Trust Signatures CTCs, governance rule packs, and machine-client JWTs are signed with Ed25519. Certificate chains are tamper-evident — each parent signature covers its child CTC IDs.
Identity Registration Agents submit a public key and receive a platform-signed certificate. The agent's private key never leaves the client machine.
Auto-Discovery The Conduit SDK discovers certificates automatically from environment variables, ~/.conduit/, or a custom directory.
Certificate Rotation Agents rotate using their existing mTLS identity — no token needed for renewal. 30-day short-lived certificates eliminate the need for revocation lists.

Infrastructure

Hosting Deployed on AWS with automated releases and health monitoring.
Data Encryption Encrypted at rest (AES-256) and in transit (TLS 1.2+). Integration credentials use application-level encryption.
Secrets & Key Management Runtime secrets in AWS Secrets Manager. CA signing key held in AWS KMS (FIPS 140-2 L2 HSM) — private key material never leaves the hardware module.

Compliance

We are actively working toward formal compliance certifications. For current security posture details or to request a security questionnaire, contact security@datagrout.ai.

Responsible Disclosure Report security vulnerabilities to security@datagrout.ai. We respond within 48 hours.
Security Questionnaires Enterprise customers can request our security questionnaire and architecture overview.