An AI-native git forge - repos, knowledge graph, and agent identity in one governed substrate.
Citadel is a single self-hostable Go monolith that combines a git forge, a knowledge-graph indexer, and an agent identity layer in one governed substrate. Repositories, the graph derived from them, and the agents that act on them share the same permission model and the same audit surface - so there is no seam between source control, code intelligence, and AI agent operations. Everything is governed end to end.
Paths are first-class citizens in Citadel authorization. Permissions are expressed as discrete atoms bound to namespace paths, not stored roles - so access boundaries reflect the actual shape of your repositories and projects rather than a flat role matrix.
AI agents carry their own identity through agent tokens issued, rotated, and revoked via authenticated API surfaces. Agents are first-class principals in the permission model, not bolt-ons to human OAuth sessions - every agent action is attributable and auditable through the Model Context Protocol (MCP) surface.
As code lands, Citadel indexes repositories into a knowledge graph with symbol, file, walk, impact, fulltext, and cross-language edge queries. Agents and operators can traverse the graph through HTTP endpoints and MCP tools without rebuilding it from scratch.
Citadel ships as a single Go monolith with the frontend bundled as an in-repo subdirectory. There is no microservice mesh to operate. Self-hostable in your own infrastructure, including air-gapped and on-premises environments.
Citadel is built for regulated-enterprise, sovereign, and defense-adjacent environments where running a forge on someone else's infrastructure is not an option. Air-gap and on-premises deployments are explicit design requirements, not afterthoughts - the single-binary shape and the air-gap install scripts exist because the target environment demands them. If your procurement or security posture requires a forge you control completely, from source storage to inference audit trail, Citadel is the substrate.
Existing forges, knowledge-graph tools, and agent identity systems are separate products with separate permission models and separate audit surfaces. Connecting them requires integration work that reintroduces the seams you were trying to close. Citadel combines forge, knowledge-graph indexer, and agent identity in one system, governed end to end, so the evidence path from a commit to an agent action to an audit record is unbroken. That is an unsatisfied category - not a feature addition to any existing product class.
Citadel deploys into your infrastructure - your repos, your knowledge graph, your governance. We do not offer anonymous trial instances or shared evaluation environments. Evaluation means a real deployment, scoped to your environment, so your team can verify the permission model, the agent identity surface, and the knowledge-graph indexer against your actual source tree and your actual security requirements.
Start an evaluation engagementReady to evaluate Citadel?
Book time with the team to scope a deployment in your infrastructure.
Was this page helpful?
