Security for mandate-driven execution.
SupraOS is not designed as unconstrained automation. It is designed as a mandate-driven execution system where discovery, analysis, agent execution, approvals, and proof happen inside explicit authority boundaries.
Security model
Least privilege by design
Users, agents, connectors, and integrations should receive only access needed for the approved Charter.
Read-only before write
Discovery and Company Scan workflows begin read-only where possible.
Policy before action
High-risk actions require policy evaluation, approval, and evidence before execution.
Clear attribution
Every action should identify whether it was performed by a human, agent, system, or integration context.
Source coverage transparency
SupraOS shows what sources are connected, limited, unavailable, or blind.
Proof by default
Governed execution creates Receipts and Value Ledger updates.
Stage-appropriate honesty
SupraOS does not claim certifications, integrations, or deployment guarantees before they are formally available.
Identity and access
- Single sign-on where available.
- Role-based access controls.
- Human owner for each Charter.
- Separate agent execution identities or execution contexts.
- Access scoped by source, Charter, Work Object, role, and policy.
- Approval events bound to named identities.
- Administrative access restricted and logged.
What SupraOS does not claim by default
- Completed SOC 2, ISO 27001, ISO 42001, HIPAA, DORA, or other certifications unless formally completed.
- Universal integration availability.
- Customer-managed keys unless confirmed in the engagement.
- Autonomous execution without Charter boundaries, approval rules, and policy controls.
Policy and action controls
| Decision | Meaning |
|---|---|
| Allow | Action is permitted inside the current Charter and policy context. |
| Deny | Action violates source, role, policy, or risk boundary. |
| Require approval | Human approval is required before execution. |
| Evidence required | Action cannot complete until evidence is attached or validated. |
| Simulate first | Action requires preview or blast-radius review before commit. |
| Redact / mask | Sensitive material must be hidden or minimized. |
Logs are not enough.
SupraOS should maintain operational logs for system operation and Receipt records for workflow-level proof. Receipts bind intent, authority, approvals, agent actions, systems touched, evidence references, and outcome.
Need deeper diligence?
Qualified evaluators can request security review materials or start with a read-only Company Scan.