Security
Built to be the most cautious thing in your stack.
When you route an action through Sevra before the provider call, the guard returns a deterministic verdict and no execution token on Block. Protected paths and failure handling bias the integrated path toward approval or refusal, not silent execution.
Posture
The posture, point by point.
These are the shipped boundaries of the integrated guard path, including where configuration or external credential scope remains part of the security model.
Isolation
Eligible code reproductions and attempted code fixes run in an ephemeral Vercel Sandbox that is stopped after the run. Money reproduction is separate: configured refunds and payouts replay only in the tenant's own Stripe test mode. Neither pipeline changes the gate verdict.
Least privilege
Sevra uses the credentials and scopes an operator configures. The effective boundary is the external credential itself; Sevra does not mint broader provider privileges on an agent's behalf.
Fail closed
Unknown action classes without a matching policy, and unruled money actions, cannot default to Allow. Deterministic floors make them Require approval or Block. If the proactive guard cannot evaluate or persist a decision, it returns Block and no execution token.
Protected paths
Shipped defaults require approval on payment and ledger paths, and block auth, treasury, and data-loss paths. A matched protected path is a verdict floor that an agent policy cannot weaken; entitled operators can configure the registry.
Secret handling
Provider credentials saved through Sevra configuration are AES-256-GCM encrypted and masked in the console. Stripe reproduction redacts key-shaped material, and diagnosis excludes secret-named repository paths. Do not submit secrets in action or incident text.
Application audit record
Each routed decision and its reasons persist on the guard request. A would-be Allow requires its initial gate-event write. Some hold, block, and approval annotations are best-effort, so the lifecycle stream is not presented as complete, cryptographically immutable, or tamper-proof.
Data boundaries
A control layer, not a new home for your data.
When integrated before execution, Sevra reads the submitted fields needed for a decision and retains the resulting record and case-file artifacts. It is not a new system of record for your application. Sevra software does not hold, receive, or transmit funds; execution remains on customer-controlled systems.
Retained
because the control layer requires it
- The action proposed, its target, and the agent that proposed it.
- The verdict and the reasoning behind it.
- Case-file artifacts for escalations, including available diagnosis and reproduction records.
- The policy and scopes you configured.
Boundaries
what the current product does and does not claim
- Your funds. Sevra decides and records the routed request; it never holds, receives, or transmits money.
- A full copy of your application or customer data as a system of record.
- Configured provider credentials in plaintext in the dashboard; stored values are encrypted and masked.
- A blanket no-model-data claim. When diagnosis is enabled, selected case and repository context is sent through the configured AI gateway.
In practice
What this means on a bad day.
An unknown class without a matching policy, or an unruled money action, cannot default to Allow. Deterministic floors make it Require approval or Block. An internal evaluation or persistence failure returns Block without a token. The application record then shows the decision data Sevra successfully persisted and the approval outcome, when present.
Compliance
Sevra does not currently claim a formal compliance certification or a completed independent penetration test. This page describes implemented product controls, not a certification or audit opinion.
Responsible disclosure
Found a weakness? Email security@sevra.dev. Do not include credentials or private customer data. Include only the detail needed to investigate the issue.
Run an agent on money operations without holding your breath.
Tell us where your agents touch money. We will help you scope the access tight and keep the gate in front of it.