Datab's security posture is grounded in three principles: bounded agency for the AI agents, audit-first design for every state change, and explicit data residency. The Node is on-premise; the audit log is local; the data is the institution's.

Bounded agents (Orula + Gu)

Orula and Gu run behind five enforcement layers — Atlas identity, prompt guard, policy engine, approval queue, and audit log. Every impactful action requires explicit human approval; nothing auto-executes high-impact work. The agents' reward score penalizes unsafe behavior; there is no learning loop in RC1.

Identity + trust (Atlas)

• Per-institution NIN-hashed registry.
• Atlas HQ federation only over mTLS-authenticated gRPC.
• Consent gate on every cross-node lookup.
• Audit log records every write-back from HQ.

Data residency + privacy

• The Postgres database is on the Datab Node — never replicated to a Datab-hosted cloud.
• The Atlas HQ sync is opt-in; institutions that prefer not to federate keep their data fully on-node.
• NDPA-conscious by design: PII is hashed before any cross-node reference.

Hardening + runbooks

Operator security hardening (SSH posture, firewall, fail2ban) is documented in docs/security/ssh-hardening.md. Five incident-response runbooks live under docs/security/runbooks/: unauthorized admin access, database export attempt, node compromise, lost recovery credentials, snap channel downgrade.

Disclosure

Security disclosures go to hello@databsystems.comwith subject line SECURITY. Please do not file security issues in a public tracker.