Security and Compliance

Tenant and org boundaries are resolved through the canonical bootstrap and policy layers. Marketplace visibility, access objects, and release channels do not bypass tenant controls.

WorkOS provides the identity and org signals. NOME enforces the isolation boundaries at every service layer: platform, gateway, spine, and client.

NOME uses AST-based shell command parsing for risk classification — structurally evaluating commands before execution instead of relying on string matching.

Tools are classified into risk tiers (read/write/danger). Dangerous operations trigger approval workflows. The tool policy matrix defines governance per tool.

The file permission system operates on cascading configuration with strict precedence. The most restrictive protection level wins when multiple rules match.

noAccess blocks all operations on sensitive files (.env, keys, credentials). readOnly permits inspection but blocks modifications. Hardcoded rules ensure the system fails safe.

NOME explicitly separates audit/compliance trails from product telemetry. Evidence, approvals, and run receipts serve compliance review. Telemetry and eval traces serve product improvement.

This separation is a structural rule, not a policy preference. Merging these streams would compromise both compliance integrity and experimentation freedom.

Connector OAuth tokens and sensitive platform state use encrypted token persistence through the platform's secret records infrastructure.

SCIM bearer tokens are stored only as hashes. Key rotation is available through the control plane without backend surgery.

Every NOME run produces receipts, tool call logs, approval records, and artifact references. These constitute the evidence chain for compliance review.

The evidence pass and run receipt system is designed for SOC2, HIPAA, and dedicated VPC deployment security reviews.