Smithers
Request Access Sign In
Trust Posture

Designed for hostile code.

We operate on the principle that AI-generated code and arbitrary workflow execution are inherently untrustworthy. Smithers's architecture provides total isolation between execution environments and strict access boundaries with GitHub.

GitHub Boundaries

Smithers operates entirely as a GitHub application. We do not require long-lived Personal Access Tokens (PATs) or generic service accounts. Permission scope is tightly bound to what is necessary to orchestrate chained Pull Requests and report status checks.

Requested Smithers App Permissions

Scope Access Level Reasoning
Pull Requests Read & Write Required to create, update, and manage the base branches of the PR chain.
Commit Statuses Write Only Required to post workflow outcomes and block merges if a check fails.
Contents Read Only Required to parse stack configurations and read code for AI agent workflows. Smithers never writes directly to your mainline branches.
Members Read Only Required to sync team access to the active Smithers seats.

Sandbox Execution

Smithers workflows do not run on generic shared CI runners. Every workflow executes within an ephemeral Freestyle VM sandbox. This mechanism guarantees that rogue agents or malicious test suites cannot escalate privileges, exfiltrate neighbor data, or escape the runtime.

[ PR Event Trigger ]
MicroVM Boot (< 100ms)
Hardware Virtualization Boundary
Execute Workflow logic/Agents
[ Terminate & Purge Instance ]

Network Isolation

Workflows are executed without inbound network access. Outbound access can be explicitly denied or permitted on a per-workflow basis in the `smithers.ts` configuration file.

Secrets Management

Secrets required for workflows (such as database URLs, LLM API keys, or external deployment tokens) are aggressively protected.

Zero-Knowledge Storage:

Smithers stores environment secrets encrypted at rest using envelope encryption (AES-256-GCM) with customer-specific KMS keys. We cannot read your plaintext secrets. Secrets are only injected into the hypervisor environment at the exact moment of workflow execution and are immediately redacted from any captured console output.

Data Retention Policies

We do not train our own AI models on your source code. Your Intellectual Property remains yours.

  • Source Code: Checked out ephemerally inside the VM and destroyed upon workflow completion.
  • Logs: Retained for 30 days on Pro plans (2 years on Enterprise) for debugging purposes, then permanently dropped.
  • AI Generation History: Transmitted to LLM providers via zero-data-retention endpoints (where available) and not logged by Smithers infrastructure longer than the active workflow lifespan.

Auditing & Compliance

The Smithers platform is designed to seamlessly integrate with enterprise compliance posture.

For Enterprise customers, all actions performed by users (logging in, creating workflows, viewing secrets, modifying billing) and by the Smithers system (dispatching workflows, mutating GitHub states) are written to an immutable Audit Log which can be streamed directly to Datadog or an AWS S3 bucket.