Tamper-evident audit logs, sandboxed execution, and human approval gates are table-stakes hygiene any serious agent runtime ships. What is harder to fake: an Apache 2.0 kernel anyone can read, a monthly P&L anyone can audit, and a founder whose GitHub handle is the same one that signs every commit. See /forge/benchmark for the moat audit.
The controls on this page are necessary, not sufficient. Our defensible moat lives elsewhere: the multi-year intel graph (Polymarket priors, whale-wallet patterns, news embeddings, calibration curves) and the 6-hook deterministic inference router. Benchmarks — including the cases where we lose — are published openly with reproducible methodology.
Read the honest moat auditStandard enterprise hygiene primitives — we publish ours for transparency, not as a unique differentiator. Five primitives are live in the Kairon Forge kernel right now; every claim below references a specific file in the open-source kernel or a named admin surface, so nothing is aspirational on this list.
Every Guardian-mediated action — approval, agent step, MCP tool call, replay — emits an immutable, hash-chained audit row. Operators can export the chain as JSONL or CSV for SIEM ingestion; the chain itself is verifiable independently of Kairon-controlled infrastructure.
Untrusted skill-pack code executes inside a WebAssembly sandbox with bounded CPU time, bounded memory, and no ambient filesystem or network. Per-customer concurrency caps keep one tenant from starving another at the runtime layer.
Every /admin and /api/admin surface is guarded at three independent layers: the edge proxy checks admin_role on the JWT, the server-side layout calls getAdminCaller() and redirects on miss, and each per-route handler runs requireAdmin() or requireModerator(). One missing layer is caught by the other two in CI tests.
Issued API tokens are stored only as sha256 hex hashes in the kairon_os_api_tokens table. The plaintext is returned to the user exactly once at issue time. A database compromise yields hashes, not credentials; rotation is one row update.
Every gRPC and REST call through the kernel emits a per-RPC OpenTelemetry span with tenant + caller + outcome attributes. Spans chain into the streaming + sandbox layers so a single audit row can be correlated to its underlying compute trace.
Six items on the dated procurement roadmap. Each carries a target quarter rather than a “soon” badge so a procurement reviewer can plan around the schedule and a security buyer can hold us to it.
The Trust Center roadmap above tracks procurement artifacts (SOC2, pen test, bug bounty). This section tracks the kernel itself. Four primitives ship in Phase 3 alongside the compliance work.
Replace the current in-memory + SQLite audit pool with a Rust-native persistent store (sled / rocksdb candidate) wired into the kernel event log. Tamper-evident hash chains are preserved across the boundary; the read-model projection into Supabase guardian_logs remains the customer-visible surface.
First-class streaming on the gRPC + REST dual transport: server-streaming for audit-tail subscriptions, client-streaming for batched event ingest, and bidi for the sandbox execution channel. Both transports remain bound to :9000 with the same Bearer auth and per-IP rate-limit middleware.
Runtime verification that an installed skill pack carries the intel-graph scopes its manifest declares. On install + on each agent step the kernel checks the user tier against required_intel_scopes; missing scopes return 402 with the upgrade hint and never silently degrade behaviour.
Audit-log root anchors and skill-pack publisher signatures move to hardware-key signing (YubiHSM 2 candidate). Each audit checkpoint and each marketplace pack release ships with a verifiable signature that does not depend on a Kairon-controlled software key.
EU Representative engagement is in flight. Until a named EU Representative is contracted, GDPR Art 27 / EU AI Act inquiries route through eurep@kairon.trade. Acknowledged within two business days. Target contracting quarter: Q3 2026.
Replay-from-checkpoint, native sandbox, RBAC/MFA, rate limiting, and OpenAPI generation are commodity B2B hygiene any team can ship. Read our honest moat audit for what makes Kairon Forge genuinely different.