NEXUPIRA
Let's talk →
Origin Policy · BYO · sovereignty

Built-in stack: zero Chinese-origin. BYO at runtime: allowed.

A platform is what it can refuse to break. We architect for the bad day, not the demo day.

No Qwen / Aliyun / ByteDance / Baidu / Tencent / Huawei / ECharts / Ant Design / DingTalk / WeCom / Feishu in built-in deps. Customer plugs Custom provider at runtime — configuration-time choice, never the default. Sovereignty does not leave customer deployment.

Sovereignty is not a feature flag — it is the construction. Encryption, isolation, audit, and origin policy are baked into the substrate before any feature ships on top.

  • Per-user namespace
  • AES-256-GCM at rest
  • CSP nonce per request
  • Zero-trust default
  • SAML / OIDC SSO
  • Causal-chain audit log
07.1 Origin Policy · Hard rule · one exception

Built-in excludes. BYO is the exception.

The built-in stack ships zero Chinese-origin technology — no bundled models, UI libs, observability, DB, deployment, npm or python deps. The single exception is customer BYO model at runtime via the Custom provider slot — configuration-time choice, never the default. UI surfaces it neutrally as Custom provider; no origin is celebrated or suppressed.

0A Banned in built-in

Absent from bundled deps, default LLM, and self-hosted observability.

  • Qwen
  • Aliyun
  • ByteDance
  • Baidu
  • Tencent
  • Huawei
  • ECharts
  • Ant Design
  • DingTalk
  • WeCom
  • Feishu / Lark
0B Customer BYO at runtime Allowed exception

Customer configures Custom provider in settings against any OpenAI-compatible endpoint.

1 Customer enters API base + key in Settings · LLM
2 Stored encrypted (AES-256-GCM), user-scoped, never bundled
3 Surfaces as Custom in provider picker — no flag celebration
4 Customer can disconnect at any time — keys drop atomically
WHY

Customers in regulated industries need a clean built-in supply chain. Their own runtime choices are their own.

NO HIDDEN PATHS

No telemetry, no usage analytics, no hidden inference proxies routing through banned origins.

AUDITABLE

Every LLM call, with provider tag, lands in audit log. The customer can verify their BYO endpoint is the actual recipient.

07.2 Security controls · Built-in · per-claim evidence

Every control, every state, honestly labelled.

No security marketing. Built is labelled Built; Partial is labelled Partial. Hover any chip in-product to see the corresponding PR or verified path.

Per-user namespace

Each account gets its own LibSQL namespace. PRAGMA user_version ledger tracks schema. Workspace data, chats, and workflows are isolated by construction.

AES-256-GCM at rest

OAuth tokens, document content, and memory candidates encrypted with AES-256-GCM. Disconnect a service — tokens drop atomically.

CSP nonce per request

Content Security Policy nonce regenerated on every render. Inline-script attacks fail at the policy layer before they reach the page.

Zero-trust default

TLS / mTLS on every internal hop. UPII ingress requires per-instrument key. No allowlisting by IP alone.

SAML 2.0 / OIDC SSO

Enterprise SSO via Better Auth. Identity-provider-backed sign-in for org-wide deployments.

Causal-chain audit log

Tool call → workflow step → memory candidate → notification. Persist queue + guarded write keep evidence intact even on DB stall.

07.3 Workspace · User scope · What lives where

Workspace controls AI scope. User controls identity.

Not all data sits at the same tier. Workspace-scoped is team-shared; User-scoped is personal. Memory Gatekeeper runs in user scope — your memories never leak to colleagues in the same workspace.

Workspace-scoped

  • Documents
  • Chat sessions
  • Workflows
  • Tool catalog
  • Knowledge bots

User-scoped

  • Memories (Gatekeeper)
  • OAuth tokens
  • LLM keys
  • Personal preferences

Sovereignty, by construction.

Self-host the whole spine if you have to. Your data, your decisions, your audit log.

Talk to us → See the architecture