Skip to main content

Shakti — Enterprise Software Evolution

Shakti is an operating system for software evolution. It governs every intent, every agent decision, and every generated artifact through a Merkle-chained audit trail — turning compliance from a quarterly audit scramble into a by-product of shipping.

What makes Shakti different

Single Rust binary

Ship once, verify once, audit once. No Python shim, no Node sidecar, no JAR. shakti serve is the whole product surface. Embedded Postgres option for zero-dependency installs.

12-phase governed SDLC

Every delivery runs through 12 phases from P-1 governance through P8 monitoring. Each phase is a named agent with typed inputs, typed outputs, and a human-in-the-loop checkpoint where risk demands it.

Tamper-evident audit trail

Every agent decision is hash-chained per tenant using SHA-256 + optional Ed25519 signatures. Evidence bundles export as signed JSON that auditors verify offline with shakti audit verify.

Hardware root of trust

Real TPM 2.0 on Linux, Secure Enclave on macOS, SEV-SNP on AMD EPYC. Not HMAC-on-machine-ID. See Hardware attestation.

Bring-your-own LLM keys

Anthropic, OpenAI, Google, AWS Bedrock, Azure OpenAI, Groq, DeepSeek, Mistral, Cohere, Perplexity, xAI, OpenRouter, Ollama, vLLM, LM Studio — all BYOK. Nothing leaves your perimeter unless you configure it to.

Tenant-scoped everything

Row-Level Security per (organization_id, project_id) on every tenant-scoped table. BYOK provider keys, WS fan-out, rate limits, audit chains — all per-tenant. Zero cross-tenant data leak.

Get started

  1. Install Shakti — 5-minute path
  2. Run your first packet
  3. Architecture deep-dive
  4. Operator guide
  5. Security posture

Current release

  • v2.0 — shipping now. Theme 1 (observability foundation) + Theme 4 (Helm distribution) + Theme 5 (collaboration depth) + Theme 6 (agent/LLM depth) + Theme 7 (docs/i18n) complete. Theme 2 (SCIM groups, signed audit bundles, SAML strict, TPM AIK persistence) partially complete; OIDC + WebAuthn land in v2.0.1.
  • Next: Theme 3 (compliance automation ex-FedRAMP) + OIDC/WebAuthn.
  • Not shipping in v2.x: FedRAMP moderate, plugin marketplace, multi-region active-active Postgres, full CRDT on every field, predictive blast-radius. Tracked in the v2.1 backlog.