Architecture-level isolation, cryptographic evidence, and database-enforced immutability. Not a checklist — a system.
Principles
No implicit trust between zones. Every transition authenticated, every payload validated, every action logged.
Code generation runs in ephemeral containers with no network, no persistence, no credentials. DMZ quarantines all intake.
Every gate produces a cryptographically signed proof artifact. Auditors get evidence, not stories.
Hash-chained evidence. DB triggers block UPDATE/DELETE. Once written, evidence cannot be modified — not by the app, not by SQL.
Architecture
Every layer exists to block a class of attack. No zone trusts another.
Quarantine & intake scanning
Isolated execution
Orchestration & evidence storage
Controls
Bearer token + tenant header (external). HMAC-SHA256 signing (service-to-service). API keys hashed with bcrypt. 5-min replay window.
PostgreSQL row-level security. Tenant ID set from authenticated session, not request params. DB rejects cross-tenant queries regardless of application logic.
DinD has no outbound NAT. DMZ communicates one-way via message queue. No direct database access from any external zone.
AES-256 at rest. TLS 1.2+ in transit. API keys bcrypt-hashed. Evidence SHA-256 hashed.
DMZ scanning on all submissions. Schema validation at gate 0. Secret detection at gate 4. Dependency audit at gate 8.
Per-key limits by plan tier (50–2,000 req/min). Per-IP defaults (200/min). 429 responses with Retry-After header. No silent drops.
Compliance
| Framework | Status | Coverage |
|---|---|---|
| SOC 2 Type II | Architecture Aligned | Trust Service Criteria CC1–CC9 mapped to gate evidence |
| EU AI Act | Mapped | Articles 9–15 (High-Risk AI) addressed via gate-to-control mapping |
| FedRAMP | In Progress | NIST 800-53 controls addressed through zone isolation and evidence |
| HIPAA | Architecture Aligned | Technical safeguards (§164.312) implemented at infrastructure level |
| ISO 27001 | Mapped | Annex A controls addressed through policy gates and evidence system |
We publish honest status, not aspirational claims. Gate-to-control mapping details in the compliance docs.
Evidence
What makes ADCG different from "we have logging."
Hash-chained evidence: each artifact includes the previous hash, creating a tamper-evident chain from intake to deployment.
DB-level immutability: PostgreSQL triggers block UPDATE and DELETE on evidence tables. Once written, evidence cannot be modified — not by the app, not by SQL.
Exportable proof packages: all gate evidence, file hashes, and policy version bundled for independent review.
Independent verification: auditors can validate the entire hash chain without ADCG access.