The Fort
Request walkthrough

Security & governance

Control is part of the product, not an afterthought.

Owner-held sensitive values stay out of public artifacts, access is scoped, and proposed work is not treated as accepted just because an agent produced it.

The review gates

Every request runs the gates.

Scroll to send a request through the rail. A request that arrives without evidence is stopped at Verify and routed to review — refusal is a feature.

request
  1. Scopequeued
  2. Evidencequeued
  3. Planqueued
  4. Writequeued
  5. Verifyqueued
  6. Handoffqueued
Refused A request lacking evidence is stopped at Verify and routed to review — it does not pass.

What each gate means

Six checkpoints, each with a job.

01 · scope

Scope

Work is bounded to an intended module, file set, or investigation before it begins. No unscoped sprawl.

02 · evidence

Evidence

Claims must be backed by sources and checks. Missing evidence is grounds for refusal, not a guess.

03 · plan

Plan

The intended change is made explicit before writing, so the operator can see what is about to happen.

04 · write

Write

Changes happen inside the agreed boundary and against approved capabilities — never broad, unscoped access.

05 · verify

Verify

Output is checked against evidence and boundaries. If verification fails, the work is refused.

06 · handoff

Handoff

Decisions, proof, and context are preserved as project memory so the next run starts informed.

Owner-controlled posture

Authority stays with the owner.

Sensitive values are owner-held and stay out of AI-readable artifacts. Access is scoped and default-deny. Proposed work is never accepted simply because an agent produced it — acceptance is an explicit human decision.

The Fort aims to make AI agents useful inside a controlled development process, not to bypass that process.

Refusal paths by design

When context or authority is missing, the system is built to refuse rather than improvise. A refusal is a correct, expected outcome — it protects the project from confident-but-unfounded changes.

Verified Needs evidence Review required Refused

Honest limits

What we deliberately don't claim.

Trust with a skeptical technical audience is built by being precise about limits.

Not "autonomous"

Agents operate inside a controlled, reviewable process.

Not "guaranteed secure"

Security is a posture and a discipline, not an absolute promise.

Not "fully automated"

The operator decision is a required, explicit step.

Not "no risk"

The aim is to make risk visible and reviewable, not to deny it.

Not live yet

This is a private rebuild; access is discussion-based.

Next step

Review the control model with us.

The gates and posture are best discussed against your real workflow.

Request a walkthrough