Managed platform
How the service relates to Core.
The Managed Service runs the same agent pipeline as the open-source Core, hosted on Cloudflare. The intelligence is the same code you can read; the service is the operational shell around it — tenancy, identity, audit, and the running of it — so that the people we built it for don't have to stand up PostgreSQL.
The promise: the Managed Service exists so the people we built it for — your mom and dad, the family member who keeps forwarding suspicious emails — get the protection of the Core without needing a developer to run it for them.
The boundary
Core owns the intelligence. The service owns the experience.
| Core (OSS) | Managed Service |
|---|---|
| LLM workflows, RAG, classification, filing logic. | Tenant records, identity and RBAC, audit infrastructure, billing. |
| Single-user developer runtime. | Multi-tenant hosted orchestration. |
| AGPL open-source base. | Private commercial service. |
The service doesn't fork the agent logic — it runs the Core. If you don't trust how a decision was made, the code that made it is public.
Tenant model
Strict by default.
Cross-tenant access requires explicit grants and is auditable. Raw mailbox credentials never sit in application logs.
- Account boundaries for metadata, authorization, and audit events.
- Deny-by-default RBAC with explicit grants for cross-tenant access.
- Reference-handled secrets — mailbox credentials never appear in logs.
Operations
Audited, scoped, recoverable.
Support workflows and destructive actions follow the same audit path that users see.
- Support access is scoped, time-bound, and recorded.
- Destructive actions require dry-run preview and explicit confirmation.
- Incident review uses the same audit log the user sees, with no shadow record.