Merkle-chained audit
Every audit entry is hash-linked to the previous entry (prev_hash) and to the
payload it describes. Tampering breaks verification in under a second; the
integrity check is part of every evidence export.
Security
Shakti is designed around a sixteen-layer defence-in-depth model. The headline commitment is simple: every governed decision is signed and chained so you never have to trust us — you can verify every artefact against the chain.
BYOK inference
Your provider keys stay inside your cluster (AES-256-GCM at rest). Shakti never proxies an LLM call through our infrastructure — the adapter runs inside your Helm chart.
SSRF-hardened outbound
Every outbound HTTP call routes through a validated client with a deny-by-default
loopback / link-local / cloud-metadata allowlist. Verified by a workspace-wide
cargo xtask ssrf-audit on every push.
Tenant isolation
Postgres row-level security plus a FORCE-RLS tenant session binding means the middleware cannot forget the org scope. A rogue handler hits a 503, not a cross- tenant read.
GDPR taint tracking
Personal data flows through a tagged channel; the taint map shows where regulated data touches which code path. A v2 UI exposes the map read-only; enforcement is part of the pre-deploy phase.
Supply-chain
Single Rust binary, reproducible builds, cargo-deny in CI, signed release artefacts (cosign). No Electron runtime, no bundled Python interpreter, no silent sidecars.
Responsible disclosure
Found a vulnerability? Email security@sdlc.sh
with a proof-of-concept. We aim to acknowledge within one business day and publish
a fix within the industry-standard 90-day window. Good-faith research is not
litigated; see /.well-known/security.txt for the full policy.
Kick the tires in your own cluster.
Self-hosted Desktop build + 14-day evaluation license. No seat commitment.