The point of AI remediation is trusting it at 3AM. That trust isn’t a promise — it’s five enforced layers between any actor and your clients’ endpoints.
Each layer holds independently. A compromised network still can’t forge a command; a stolen cert still can’t run arbitrary code; a valid signed command still faces the risk gate before it touches an endpoint.
The decision engine scores every proposed action across multiple dimensions — blast radius, reversibility, tenant policy, confidence. The score decides the path:
The audit trail is hash-chained — each entry cryptographically references the previous one, so tampering is detectable, not deniable.
AI decisions log their full reasoning chain. When a client asks “what happened at 3AM?”, you show them — diagnosis, risk score, action, validation, outcome.
Row-level security is enabled and forced on every tenant-scoped table. The application role carries NOBYPASSRLS — even a bug in our own code can’t cross tenants. Missing tenant context returns zero rows, not all rows.
Per-tenant token budgets are enforced in the orchestrator. At 100% of budget, the platform automatically downgrades to on-device local AI — triage keeps working, the bill doesn’t grow. Bring any OpenAI-compatible provider: Claude, GPT, Ollama.