Built to survive your security review.
Spire is not SaaS. It deploys into your AWS account. Your code never leaves your VPC. Every operation is recorded in an immutable audit trail with HMAC-sealed integrity.
Infrastructure you own and operate.
Your AWS account
Deployed via Terraform into your AWS account. ECS Fargate for compute, DynamoDB for state, Cognito for authentication, KMS for encryption. You own every resource. Your team reviews every line of IaC before it runs.
Your Bedrock models
LLM inference runs against your AWS Bedrock contract. Model-agnostic — any Converse-compatible model (Claude, Llama, Mistral, Nova) assigned to any pipeline stage. Your tokens, your quota, your model choices, controlled through Terraform.
Your VPC boundary
Source code is cloned into ephemeral workspaces inside your VPC. Agent execution happens in-process through the Bedrock Converse API — no external subprocess calls, no traffic leaving your network. Spire does not host customer data or see customer source code.
Your identity provider
Enterprise SSO via Microsoft Entra, Google Workspace, Okta, or any SAML/OIDC provider. Authentication through your Cognito user pool — Spire never stores credentials. Break-glass protections ensure access even if your IdP is down.
16 immutable turn types. Every decision recorded.
The Context Database captures every decision the platform makes. Four categories. Sixteen types. Queryable by execution, phase, agent, outcome, or human override.
Agent output, phase contracts, gate transitions, iteration markers, execution plans, artifact references
Task assignments, completions, failures, reassignments, evaluations, coordination messages
Human overrides and approvals — every human decision is first-class evidence
Baseline snapshots and updates — the project's knowledge lineage
11 patterns scanned. Redacted before storage.
Every agent input and output is scanned for 11 common secret patterns — API keys, tokens, connection strings, private keys — and redacted before storage or forwarding. Scans run on prompts, outputs, and knowledge extraction.
SOC 2, HIPAA, ISO 27001 report generation.
Spire generates control-framework reports your auditor can use as evidence. The Audit Ledger is independently verifiable with configurable retention. See compliance architecture details
Deep compliance architecture.
The Compliance page covers the Audit Ledger in detail — sealed events, integrity properties, the auditor experience, and offline verification. Built for your CISO’s technical evaluation.
Walk through the security model with your team.
We do architecture walkthroughs on real deployments, with your security team present, in your AWS account. The fastest way to answer a security question is to answer it in your own environment.