Praxa

Security

Senior-grade work needs senior-grade security posture.

Praxa is built on the assumption that an autonomous agent in your systems must be more constrained, more audited, and more observable than a human contractor would be.

Principles

01

Bot-user auth, not credential scraping

Praxa never asks for a real human's password, OAuth refresh token, or session cookie. Each integration is installed as its own Praxa-provisioned bot user with explicit, scoped permissions. When a person leaves the company, no Praxa-side credential needs to be rotated; their bot remains, the human is gone.

02

BYOK LLM, customer-owned keys

Customers paste their Anthropic, AWS Bedrock, or GCP Vertex credentials. Keys are encrypted at rest with a workspace-scoped key (AES-256-GCM, 96-bit IV per ciphertext, AAD-bound to workspace + provider). The workspace key is itself encrypted via a tenant-scoped KMS data key. Praxa cannot decrypt keys outside a runtime invocation.

03

Tenant isolation enforced in code

Every database row, object key, and memory fact carries a workspace_id. Cross-tenant reads are blocked at the query layer with a typed WorkspaceScopeError. Enterprise customers receive a dedicated tenant where this isolation is at the infrastructure layer (separate Postgres database, separate KMS key, separate object store bucket).

04

Audit log on every action

Every Skill action records input → reasoning → considered alternatives → confidence → output. The audit log is append-only, integrity-protected, and queryable by the customer for the full retention window (90 days standard, contracted on Enterprise). You can replay any decision the Skill made.

05

Architectural enforcement, not policy

Constraints — tool allowlist, trigger source, memory namespace, sub-agent dispatch — live in the runtime middleware, not in prompts or docs. Violations throw typed errors before the LLM is ever called. Prompts can be wrong; middleware refuses.

06

Self-pausing on quality regression

Every Skill carries a published acceptance rate threshold. If the rolling rate drops below it, the Skill pauses itself and notifies the configured channel — Slack, email, or PagerDuty. A human must review and explicitly resume.

Audit log shape

The decision log as a first-class artifact.

The audit log is the contract. Every Skill action is a single immutable record with the full context the agent had.

  • Append-only — no edits, no deletes.
  • Integrity-protected with hash-chained signatures.
  • Queryable by Skill, run, time range, or trigger.
  • Streamable to your SIEM via signed webhook.
audit_event · v1 JSON 
{
  "auditEventId": "ae_01j...",
  "skillId":      "sk_01j...",
  "runId":        "rn_01j...",
  "trigger":      "github.pull_request.opened",
  "input":        { "prNumber": 1284, "repo": "..." },
  "reasoning":    [
    "Diff touches payments/checkout — high-risk surface.",
    "Author has 0 prior PRs in this directory.",
    "Tests cover happy path; no failure-mode coverage."
  ],
  "alternatives": [
    { "action": "approve",        "score": 0.42 },
    { "action": "request_changes","score": 0.83 },
    { "action": "escalate_human", "score": 0.71 }
  ],
  "confidence":   0.83,
  "output":       { "verdict": "request_changes", "comments": [...] },
  "tools_used":   ["github.read.diff","github.comment.pr"],
  "duration_ms":  4218,
  "occurred_at":  "2026-05-26T14:18:09.182Z"
}

Data residency

Where customer data lives.

  • Skill tier Shared multi-tenant Postgres in us-east-1, workspace-isolated rows, encrypted at rest with AWS-managed KMS keys.
  • Enterprise tier Dedicated tenant in your region of choice (US, EU, AU). Optional self-host in your own AWS account with annual license.
  • LLM data Never stored by Praxa. With BYOK, every prompt + completion lands in your provider account. We see only the redacted audit log fields you keep.
  • Retention 90-day default for audit + run logs; contracted on Enterprise. Customer-initiated erasure runs a hard delete within 7 days.

Compliance

Programs and posture.

SOC 2 Type II
Roadmap — Q4 2026
Audit firm engaged; first observation period begins after platform GA.
GDPR
Compliant by design
Workspace-scoped data, explicit retention windows, customer-initiated export and erasure.
HIPAA
Available on Enterprise
BAA available; BYOK Bedrock in customer's HIPAA-eligible AWS account is the recommended path.
AWS Marketplace
Available on Enterprise
Custom Private Offers per customer for EDP burn-down.

For your security team

Security questionnaire?

We answer them in days, not weeks. Send your standard questionnaire plus an NDA — we have a populated knowledge base.

Talk to security Read the architecture