Security leads
Need a lightweight inventory before rolling out formal endpoint, IAM, or access-review processes.
Who it is for
Teams where developer machines carry real production trust.
Platform teams
Need visibility into SSH keys, Git signing, MCP config, and team auth posture without blocking developers.
Founder-led teams
Need practical security hygiene before SOC 2, enterprise pilots, or customer security reviews force the issue.
Private alpha
What the alpha includes.
Local inventory
Scanner and dashboard for SSH keys, Git signing posture, GPG key inventory, MCP clients, passkey review surfaces, stale credentials, and risky auth surfaces.
Team collection
Signed export bundles, organization tokens, enrollment profiles, collector daemon, collector health, and browser team dashboard.
Policy state
Configurable policy for approved MCP servers, passkey surfaces, annotations, suppressions, owners, tags, and expirations.
Hands-on onboarding
Manual setup help for design partners so the first product decisions are shaped by real team workflows.
Trust boundary
What it does not collect.
No private key contents.
No token values.
No MCP environment secret values.
No cloud upload unless a team explicitly enables collection.
Access
Request a private alpha slot.
Send your team size, developer environment, and what currently worries you most about key or credential sprawl.