Trust & security
Security is architecture, not a slide. Here is what we ship in public repos, what we do not claim, and how to report issues responsibly.
Rethunk.Tech builds Bastion and Rethunk.AI for organizations that need an evidence path from operator intent to edge behavior - not a black box that happens to log sometimes. This page summarizes publicly documented controls; it is not a substitute for your own risk assessment or contract terms.
Shipped themes (high level)
- Chain of command on the wire: Bastion does not command theatres directly; edge hosts mediate via the control plane (see the C2 docs in the Bastion meta-repo).
- PKI / mTLS: Bastion-managed CA and manager enrollment patterns are documented for operators (HUMANS).
- Attributable intent: optional directive signing, hash-chained master-intent audit sidecar, and related SATCOM telemetry - described in maintainer docs and the glossary.
- IRONLAW policy gate: file-backed policy on ingest, reconcile, and replay; not a claim of full automated legal omniscience (security hardening roadmap).
- Edge terrain bounds: structural workspace policy on the edge (L1) as documented for theatre deployments - not kernel sandboxing unless and until those specs ship.
What we do not claim
The bastion-ironlaw repository is doctrine and schemas first - not a hosted enforcement service. Bastion's integration is the file-backed gate today; a full runtime evaluator for every action class is roadmap work, tracked publicly. IRONLAW does not replace your legal team or your chain of command.
Reporting security issues
Doctrine / schema integrity (bastion-ironlaw): follow SECURITY.md in that repository.
Bastion application and edge behavior: use the security policy published on the relevant implementation repository (e.g. GitHub Security for the meta-repo) or contact [email protected] for routing.