// security

Your data is the asset. We treat it that way.

We widen what Rev can do — never the trust boundary. These aren't promises in a policy doc; they're enforced in the code that runs every Rev.

Read-only by construction

Rev reaches your data through a credential scoped to a single workspace, in a transaction that cannot write. Isolation is enforced at the database, not by a prompt.

default_transaction_read_only = on · the credential IS the tenant

One workspace, never another

Every tenant's data is fenced by row-level security that fails closed. The worst case for a leaked credential is seeing nothing.

RLS: FORCE · session_user-scoped · drift-guarded in CI

Humans publish, the agent proposes

Rev never promotes its own output to a trusted fact. A person confirms what gets remembered; untrusted tool output is wrapped and never executed as instructions.

propose → human review → published · tool output is data, not commands

A fleet we never fork

Every Rev runs the same audited agent image, configured at launch from sources of truth outside the sandbox. We roll out, roll back, and canary the whole fleet centrally.

image: pinned · config: injected · rollout / rollback / canary

Security questions, a DPA, or a deeper review? hello@replabs.ai