Security Center · updated July 14, 2026

Security should leave a paper trail.

We spend first on controls that stop incidents—not badges that imply they can’t happen. Until independent attestation makes economic sense, we show our work and state exactly what has and hasn’t been independently verified.


Current posture

What is true today.

No certification shorthand. These are scoped product facts, their verification state, and the boundaries customers should plan around.

Independent attestation
Not yet performed. Govna does not claim SOC 2 or ISO certification.
Availability design
Production is fixed at two tasks across two availability zones. Deployment evidence and commercial approval remain required before any contractual uptime SLA.
Recovery objectives
Application RPO: 6 hours. Audit archive RPO: 1 hour. RTO: 4 hours.
Data path
Govna processes MCP tool metadata, arguments, and results only as required for policy and dispatch. It is not a chat or prompt gateway.
Identity
Invite-only access and provider-neutral OIDC/SAML are supported; human authentication never replaces Govna authorization.
Incident communication
status.govna.io is hosted independently from the application path.

Control model

Boundaries that fail closed.

Admin policy sets the ceiling. User consent narrows it. Snapshot approval and guardrails narrow it again. No downstream provider can widen access.

01 / IDENTITY

Durable organization ownership

People may change identity providers without transferring product ownership. Organizations support multiple owners, role separation, and immediate membership revocation.

02 / MCP

Exact-session grants

Each session binds organization, profile, connector identity, approved tools, audience, and the shortest applicable duration ceiling.

03 / CHANGE

Connector drift review

New tools stay hidden, removed tools stop, and materially changed schemas pause until an administrator approves a new snapshot.

04 / GUARDRAILS

Pre- and post-dispatch hooks

Built-in or customer-selected providers may deny, require four-eyes approval, or apply constrained transforms. Enforcing failures deny the call.

Proof ledger

Claims with receipts attached.

“Implemented” means covered by repository evidence and internal verification. It does not mean independently audited.

ID and claimControlEvidence and status
AUD-001
Tool calls fail closed when audit intent cannot be committed.
Durable intent is committed before connector dispatch. Implemented · internally verified
Gateway enforcement and PostgreSQL adapter contract tests · as of 2026-07-14
AUD-002
Every dispatched call has correlated intent and terminal receipts.
UUIDv7 call correlation across append-only audit events. Implemented · internally verified
Local PostgreSQL intent/completion integration test · as of 2026-07-14
TEN-001
Tenant-owned records are isolated in the database.
Organization keys, forced RLS, and transaction-local actor context. Implemented · internally verified
pgTAP RLS policy suite · as of 2026-07-14
CON-001
Connector updates do not silently expand existing grants.
Versioned snapshots pause changed tools and hide new tools. Implemented · internally verified
Connector drift state-machine tests · as of 2026-07-14
GRD-001
Guardrails can deny, require approval, or safely transform MCP traffic.
Default-deny pre/post dispatch pipeline with schema revalidation. Implemented · internally verified
Guardrail aggregation, SSRF, disclosure, and gateway tests · as of 2026-07-14
REC-001
Pilot recovery objectives are six-hour RPO and four-hour RTO.
Daily managed backups plus six-hour encrypted logical exports. Implemented · internally verified
Recovery configuration and restore-exercise runbook · as of 2026-07-14
PRV-001
Product analytics honors DNT, Global Privacy Control, and consent.
Provider-neutral telemetry gate blocks analytics unless allowed. Implemented · internally verified
Telemetry privacy contract tests · as of 2026-07-14
ARC-001
Historical audit exports use retention-protected object storage.
KMS-encrypted S3 Object Lock with dual JSONL/Parquet export. Implemented · internally verified
OpenTofu plan and archive format tests · as of 2026-07-14
WEB-001
Outbound product events use one signed, durable webhook contract.
CloudEvents 1.0 outbox delivery with ordering, bounded retry, dead letters, and audited replay. Implemented · internally verified
pgTAP delivery suite and Rust worker/transport contract tests · as of 2026-07-14
EXT-001
Independent penetration testing is required before production use.
Production readiness gate and remediation tracking. Planned · not yet verified
Pending external engagement · as of 2026-07-14

Responsible disclosure

Found something wrong?

Email security@govna.io. Include impact, reproduction steps, and a safe way to contact you. Do not access another tenant’s data or disrupt service.

Read security.txt · Current status and incidents