Trust posture

Security model in plain English

Agentina runs autonomous agents on hardware you operate. We treat that responsibility seriously: signed releases, signed licenses, hashed secrets, append-only audit, and a runtime that fails closed.

Architecture

What lives where

Your server runs a lightweight agent. Everything else stays in our cloud.

Your Server

✓ Lightweight agent binary (~2 MB)

✓ Runs as unprivileged user

✓ HTTPS heartbeat only

✓ No inbound ports

✓ No database access

Your source code and repositories stay on your machine. The agent never uploads code unless you explicitly configure a task to do so.

HTTPS

⇄

TLS 1.3

Our Cloud

☁ Control Plane (license + heartbeat)

☁ Task orchestration engine

☁ Agent Studio dashboard

☁ Customer portal

☁ Database (encrypted at rest)

Customer data is isolated per-tenant. We never access your server directly.

The promises

Concrete, verifiable, and the same on day one as on year ten.

✓

Every release is signed

Agent + Control Plane tarballs are signed with an Ed25519 key the agent holds in its baked-in trust set. The agent refuses to launch a binary whose signature does not verify, including its own auto-updates.

◉

Every license is bound

Licenses are RS256 JWTs scoped to a customer + organization, with optional machine-fingerprint binding. Tampering breaks the signature; copying to a new machine fails fingerprint verification.

✗

Revocation is real-time

A revoked license stops working at the next heartbeat (≤60s). The agent transitions terminal locally — no need for the control plane to be reachable for the revocation to apply.

↻

Append-only audit

Every admin action — license issuance, revocation, role change, password reset — produces an immutable audit_log row tagged with actor, IP, request ID, and outcome. Never updated, never deleted.

Identity & secrets

How credentials live

Admin authentication

Operators sign in with email + password. Passwords are hashed with scrypt (N=2^15, r=8, p=1) — the parameters travel with the hash so cost can be rotated without invalidating existing accounts. After 5 failed attempts the account is locked for 15 minutes.

Sessions are 32-byte random tokens stored sha256-hashed. The cookie carries the plaintext; a database leak never leaks live sessions. Sliding 8-hour TTL with a hard 30-day ceiling. Deactivating an admin revokes every live session immediately.

Customer authentication

Customer-portal users use the same hash + session model as admins, with a separate customer_sessions table so the two surfaces never share state.

Service accounts

The control plane accepts a long-lived bearer token for CI / scripts. The token is sha256-compared in constant time and tagged in audit as kind="system" so service-account actions never look like operator actions.

Activation tokens

Agents bootstrap with a single-use act_* token. On redemption the token records the agent fingerprint and is marked spent — re-using one is rejected and audited.

Runtime

What the agent does and does not do

Permission boundary

The agent runs as a dedicated unprivileged user (agentina). It does not require root, does not require sudo, and never escalates. Self-update writes to its own install prefix only.

Outbound network

The agent only initiates connections — it does not listen. All traffic is HTTPS to your configured control plane and distribution origins. No telemetry to third parties; no calls home to us in self-hosted mode.

Local data

Task state and event journals live under the agent's install prefix. Sensitive fields (auth headers, secrets, tokens) are redacted before they reach disk or logs by a pino redaction policy that ships with every release.

Fails closed

If the license is missing, expired, revoked, or fingerprint-mismatched, the agent transitions terminal and stops accepting new work. Existing in-flight tasks are allowed to finish; nothing new starts.

Hardened by default

Multi-layer protection

Every layer independently enforces licensing and integrity. No single bypass point.

🔗

Machine Binding

5-component hardware fingerprint (CPU, motherboard, disk, MAC, hostname) with weighted scoring. Moving the install to another machine is detected automatically.

🛡

Runtime Tamper Detection

SHA-256 hash of the runtime is computed on every heartbeat and sent to the control plane. Modified binaries are flagged and quarantined.

✍

Signed Updates

Every release is cosign-signed with KMS-backed keys. The installer refuses unsigned or tampered packages. Downgrade attacks are blocked.

🔐

Integrity Verification

Per-file SHA-256 manifest checked at startup. Any modification to the runtime files prevents the agent from starting.

🧬

Enforcement Mesh

4 independent license checks that must ALL pass. Patching one function does not bypass the others. No single point of failure.

⏱

Signed Grace State

Offline grace timer is HMAC-signed and machine-bound. Cannot be extended by editing files, restarting, or rolling back the clock.

🔑

Single-Use Tokens

Activation tokens are consumed atomically. Each token can only be used once, on one machine. Second attempts are rejected immediately.

📡

Encrypted Communication

All agent↔cloud traffic uses TLS 1.3. The agent only initiates outbound HTTPS connections — no inbound ports required.

🚫

Fails Closed

If the license is invalid, expired, revoked, or tampered, the agent stops accepting work. It never fails open.

Common questions

What customers ask us

QCan you access my server?

No. The agent only makes outbound HTTPS connections to our cloud. We have no SSH access, no inbound connections, and no way to log into your machine. The agent runs as an unprivileged user with no sudo access.

QWhat data is collected?

The heartbeat sends: agent version, machine fingerprint hash (not the actual hardware details), uptime, and a self-integrity hash. No source code, no file contents, no repository data is transmitted unless you explicitly configure a task to do so.

QWhat happens after my trial expires?

The agent gracefully stops accepting new work. No data is deleted, no services are disrupted beyond the agent itself. You can convert to a paid plan or request an extension, and the agent resumes immediately.

QCan I uninstall at any time?

Yes. Run "systemctl stop agentina && systemctl disable agentina" and optionally remove /opt/agentina and /var/lib/agentina. No residual processes, no hidden services, no data sent after uninstall.

QIs my source code safe?

Your source code stays on your server. The agent reads it locally to perform tasks (like code analysis or bug detection) but does not upload it anywhere. Task outputs (like reports) are stored on your machine.

QWhat if your cloud goes down?

The agent has an offline grace period (24 hours by default). During outages, it continues running in-progress work. When connectivity is restored, it reconnects automatically. No manual intervention needed.

Compliance

Where we are, where we're going

◷

SOC 2 Type II

Type I controls in place; Type II observation period scheduled for the second half of 2026. Vendor questionnaire available on request — see contact below.

⚖

Data residency

Self-hosted: you choose the region, full stop. Cloud: US-east only today; EU + AU regions Q3 2026. No data is replicated cross-region.

📋

DPA / GDPR

Standard DPA available for Pro and Enterprise tiers. We are a data processor for license + telemetry metadata; we never see the contents of work tasks unless you ship them to us.

◈

Backups + DR

Daily snapshots of the control-plane database with 30-day retention. Restore drills run quarterly. Self-hosted operators run their own backup policy — recommendations in the runbook.

Disclosure

Found something? Tell us.

Responsible disclosure

Email security@digcub-lab.com with a description, reproduction steps, and your preferred contact for follow-up. We will acknowledge within 2 business days and keep you posted through resolution.

We do not currently run a paid bug bounty. We will credit you publicly with permission, and we are happy to provide a written acknowledgement for your portfolio.

For non-security questions: sales@agentina.digcub-lab.com

Want our vendor questionnaire?

Email sales — we'll send the latest answers + a sample DPA the same business day.

Email sales See pricing