FixControl
Security

Built so AI can act without anyone losing control

FixControl is a governance layer. The AI proposes a change; your policy and your people decide whether it goes ahead; and every decision is written to an audit trail you can replay. Isolation, approval and audit are built into how it works.

Tenant isolation enforced by Postgres RLSHuman approval by defaultTamper-evident audit trail
AES-256-GCM secretsRow-level security, strict modeHash-chained audit logOIDC SSO + SCIMTwo-person rule
Tenant isolation

Every customer operates in an isolated environment

Isolation is enforced in three layers: the request authenticates, the application filters to your tenant, and Postgres row-level security has the final say — running in strict mode, which hosted production refuses to boot without. No single mistake takes the wall down.

Layered enforcement

Authentication, tenant filtering and Postgres row-level security all have to agree before a row is returned. A query that arrives without a tenant context reads zero rows rather than someone else's data.

No cross-tenant reads — even by URL

A user in another tenant can't open your issues, emails or codebases, even from a direct link, and knowledge search stops at the tenant boundary.

Credentials scoped to your tenant

Provider tokens and secrets are encrypted with AES-256-GCM and stored in rows only your tenant can read.

Staff access is audited

A cross-tenant read by FixControl staff runs through the same isolation path, needs a written reason, and lands in your tenant's audit log.

Governance

Human approval before high-risk actions

By default, nothing ships without a recorded human decision. Where a tenant turns on more autonomy, that choice is explicit, bounded by policy and written to the audit log.

Approval gates on risky work

A plan, a risky patch, a deployment or a customer-facing reply stops at a gate until someone approves it, rejects it or asks for changes.

A frozen decision ledger

Each verdict freezes who decided, in which role, over which evidence, under which policy version and through which channel, so a decision can't be quietly rewritten later.

Two-person rule for destructive actions

A destructive admin action needs a token one admin mints and a different admin spends — single-use, short-lived, rate-limited and audited.

No silent external writes

A write to Slack, Jira or GitHub goes through a governed outbox that retries on failure and shows the failure when it can't recover. Nothing reaches an outside system without leaving a trail.

Three autonomy levels, each one opt-in
  1. 01

    Suggested only

    Default

    The AI prepares the work; an operator releases it. This is where every tenant starts.

  2. 02

    Auto-draft

    Opt-in

    The AI drafts the artefact ahead of time; an operator still releases it.

  3. 03

    Auto-apply, policy-scoped

    Opt-in + guarded

    Released without an operator click — off unless a tenant turns it on, bounded by policy and loud in the audit log. It never becomes the default for an existing tenant.

Evidence

Every recommendation is explainable

An approver shouldn't have to take the AI's word for anything. Each recommendation carries the evidence it rests on, and it is verified before the decision, not after it.

Evidence behind every proposal

A plan or patch cites the documentation, tickets and code it drew on, so the reviewer can see what it's based on and why.

Sandbox verification first

A proposed change runs in an isolated sandbox, and its results travel into the approval before anything touches your repository.

Evidence lineage in the timeline

The mission timeline links each decision back to the evidence it was made on, from intake through to deployment.

Capability-level integration health

Connection status is tracked per capability, so a broken write path shows as broken instead of hiding behind one green checkmark.

Auditability

Replay every operational decision

The audit log is tamper-evident: each entry is hash-chained to the one before it, per tenant. Change a single row and every hash after it stops matching — which export-and-verify then catches.

Tamper-evident chain

Each audited event records the actor, the action, the target and the fields it changed, hash-chained so history can't be edited without leaving a break.

Signed audit export

Your tenant's CSV export ships inside a signed envelope, so a verifier outside FixControl can re-check the chain on their own.

Mission replay

A mission keeps its whole timeline — intake, triage, plan, verification, approvals, delivery — so you can reconstruct how any outcome happened.

365-day retention by default

Audit events are kept for a year by default. Even if that setting is lowered, a hard 90-day floor refuses to delete anything younger.

Deliberate limits

What FixControl won't do, on purpose

A few capabilities are left out deliberately. Leaving them out is what keeps the governance promise honest.

No auto-merge

A patch arrives as a pull or merge request; merging it stays a deliberate operator action.

No silent autonomy

A new automation level never switches itself on for an existing tenant. You opt in to it, under a policy you set.

No cross-tenant analytics

There is no shared-insights surface across tenants. A cross-tenant operation needs platform-admin scope and is audited.

No half-measure MFA

MFA runs through your OIDC identity provider rather than a weaker password-based version we'd have to build ourselves.

Platform practices

The baseline underneath

The uneventful parts, handled continuously.

TLS everywhere

Certificates are managed automatically at the edge, and traffic stays encrypted in transit.

Encrypted secrets

Provider tokens and secrets are encrypted at rest with AES-256-GCM.

Session control

Sessions last 24 hours, can be revoked everywhere at once, and sign with keys that rotate on a schedule.

Enterprise identity

OIDC SSO carries MFA from your identity provider, and SCIM 2.0 provisions and deprovisions accounts automatically.

Password hygiene

Local passwords are stored only as bcrypt hashes, so there is nothing to recover in plain text.

Signed webhooks

An outbound webhook carries a timestamped HMAC-SHA256 signature, so the receiver can confirm it's genuine and not a replay.

Security FAQ

Can the AI ship a change without anyone approving it?+
By default, no — nothing ships without a recorded human decision. Where a tenant enables more autonomy, that choice is explicit, bounded by policy and written loudly to the audit log.
Will my customers see that I use FixControl?+
No. Replies go out from your own support address, and there is no “Powered by” badge.
Which FixControl staff can access my data?+
A small support team, only for explicit incident investigation and after you approve it. Every staff access is written to your tenant's audit log.
Is the audit log resistant to insider tampering?+
Every entry is hash-chained to the one before it, so changing any row breaks every hash after it. The export is signed, so a verifier outside FixControl can re-check the chain independently.
How do I enforce MFA?+
Through OIDC SSO with your identity provider — Okta, Azure AD or Google Workspace. A weaker local-password MFA is intentionally left out.

Security questions deserve real answers

The full security documentation walks through isolation, identity, the audit chain, incident response and the deliberate limits in detail.