Evaluate Citadel

Citadel is available for deployment and technical evaluation under engagement. Here is what a serious evaluation looks like and how to get started.

We do not ship anonymous trial accounts. Citadel is deployed into your infrastructure - your repos, your permission model, your governance. A real evaluation means your team has access to the actual artifacts: a working instance you can verify independently, the forge, the knowledge-graph indexer, and the agent identity surface. That is what engagement-based evaluation gives you.

What you can verify

Citadel is designed to be evaluated against claims, not taken on faith. Each of these is verifiable during an evaluation engagement:

Namespace permission boundary: verify path-level access enforcement by supplying a test policy that denies a known path. Confirm the audit feed records the refusal with the correct namespace, principal, and atom. Permissions are expressed as discrete atoms bound to namespace paths - not stored roles - so access boundaries reflect the actual shape of your repositories.
Agent identity audit: verify that agent token lifecycle is distinct from human OAuth sessions. Issue an agent token, rotate it, and confirm the rotation does not invalidate active human sessions. Confirm each agent action appears in the audit feed with agent attribution rather than being folded into a human session.
Knowledge-graph indexer correctness: for a seeded repository, confirm that symbols, files, and decisions land in the knowledge graph with expected node types. Exercise symbol, file, and cross-language edge queries and verify the results match the seeded source tree. The indexer runs at push time - no manual trigger required.
Audit log envelope: audit list --kind 'prefix.**' returns RFC3339-UTC records for the specified kind prefix. Confirm that redaction applies for non-operator callers - field values that carry operator-only context are omitted from the response for standard principals.
MCP tool surface: mcp.tools.call events appear in the audit feed with agent attribution. Issue a tool call through the MCP surface and confirm the resulting audit record carries the agent token identity, the tool name, and the wall-clock timestamp.

What an engagement-based evaluation delivers

A working Citadel instance in your infrastructure with your repositories, your permission model, and your governance requirements
Access to the knowledge-graph indexer and MCP surface against your actual source tree so you can verify the graph shape matches your codebase
Agent identity setup with your own agent tokens so you can walk through token rotation, audit attribution, and revocation independently
Direct access to the team that built the platform - not a solutions engineer reading from a demo script

How to start

Reach out to [email protected] or book a discovery call below. We start with a conversation about your infrastructure, source tree, and what governed agent operations look like in your context - then scope the evaluation to what your team needs to make a real decision.

Ready to start an evaluation?

Book a discovery call to scope a Citadel deployment in your infrastructure.

Book a discovery call

Was this page helpful?

What you can verify

Citadel is designed to be evaluated against claims, not taken on faith. Each of these is verifiable during an evaluation engagement:

Namespace permission boundary: verify path-level access enforcement by supplying a test policy that denies a known path. Confirm the audit feed records the refusal with the correct namespace, principal, and atom. Permissions are expressed as discrete atoms bound to namespace paths - not stored roles - so access boundaries reflect the actual shape of your repositories.

Agent identity audit: verify that agent token lifecycle is distinct from human OAuth sessions. Issue an agent token, rotate it, and confirm the rotation does not invalidate active human sessions. Confirm each agent action appears in the audit feed with agent attribution rather than being folded into a human session.

Knowledge-graph indexer correctness: for a seeded repository, confirm that symbols, files, and decisions land in the knowledge graph with expected node types. Exercise symbol, file, and cross-language edge queries and verify the results match the seeded source tree. The indexer runs at push time - no manual trigger required.

Audit log envelope: audit list --kind 'prefix.**' returns RFC3339-UTC records for the specified kind prefix. Confirm that redaction applies for non-operator callers - field values that carry operator-only context are omitted from the response for standard principals.

MCP tool surface: mcp.tools.call events appear in the audit feed with agent attribution. Issue a tool call through the MCP surface and confirm the resulting audit record carries the agent token identity, the tool name, and the wall-clock timestamp.

What an engagement-based evaluation delivers

A working Citadel instance in your infrastructure with your repositories, your permission model, and your governance requirements

Access to the knowledge-graph indexer and MCP surface against your actual source tree so you can verify the graph shape matches your codebase

Agent identity setup with your own agent tokens so you can walk through token rotation, audit attribution, and revocation independently

Direct access to the team that built the platform - not a solutions engineer reading from a demo script