Built to be verified.
Citadel asks you to connect source code, agents, and automation. Here is exactly what that means for your data, your audit trail, and your control.
Source code handling
Code pushed to src.land is indexed on-push to build the knowledge graph (symbols, callers, cross-language edges). Indexing runs inside the platform; no third party receives your source. On-prem installs run the indexer entirely on your hardware.
Data use and training
src.land does not train any model on your code or repository content. The knowledge graph is used to serve search and MCP queries; it is not shared with external AI providers for training or fine-tuning.
Audit log and retention
Every human push and agent read lands one append-only audit row. Retention tiers: 90 days (Free), 365 days (Pro), 2,555 days (Enterprise). Audit rows are queryable by namespace, actor, and action.
MCP and agent token scopes
Agent tokens are scoped per action and namespace and are individually revocable. The RFC 8628 device grant powers headless CLI flows. No token carries broader permissions than the namespace it was minted for.
Self-host posture
src.land ships as a single Go binary with an offline Ed25519 license. No phone-home required. Air-gap installs are supported. Wazuh and fail2ban are built in for intrusion detection. A FIPS build tag is available for regulated environments.
Identity and open standards
Authentication uses OAuth 2.1 with auth-code plus PKCE-S256, WebAuthn discoverable-key passkeys, RFC 7591 dynamic client registration, and RFC 8414 authorization-server metadata. MCP agents connect over the 2025-11-25 streamable HTTP transport. SCIM 2.0 (RFC 7644) handles provisioning. Ed25519 signs offline licenses.
Current limitations
No formal SOC 2 report, ISO 27001 certificate, or independent penetration test report is available at this stage. The audit log is append-only at the application level; it is not cryptographically tamper-evident or WORM-locked at the storage layer. These limitations will be addressed as the platform matures toward enterprise certification.
Evaluate before you commit
See the audit trail in action.
Push one repository and inspect the audit log, the knowledge graph, and the agent token surface before you decide.