Your data. Your device. Your audit trail.

RAPP is local-first by design. Agents are plain Python files on disk, auth rides on the identity your team already uses, and every release is a git-pinned, immutable tag. Nothing leaves the device unless you promote it — to your Azure subscription, into your Copilot Studio tenant.

🔒

Data residency

Local-first. On-device by default.

Agents, memory, and soul files live on the user's machine.
Cloud tier is your Azure subscription — data stays inside your boundary.
Air-gapped mode: pair with a local LLM, cut the network, still works.
Per-user memory isolation at Tier 2 via guid-scoped namespaces.

📜

Supply chain

Auditable, pinnable, rollback-able.

Every agent is plain Python code — reviewable, diff-able, committable.
Every release is a git tag (brainstem-v0.12.x). Tags are immutable.
Pin to a known-good version: BRAINSTEM_VERSION=0.12.1.
One-command rollback if a release ever goes sideways.

🆔

Identity

Rides on the IdP you already trust.

Tier 1: GitHub identity (your corp SSO via GitHub).
Tier 2: Azure AD / Entra ID on the function app and storage.
Tier 3: M365 identity flows in via Power Automate — the signed-in user's object ID IS the tenant key.
Zero new accounts, zero shared secrets between users.

What RAPP never does

No telemetry phoning home. The brainstem doesn't call back to us. Period. You control where requests go.

What RAPP never does

No vendor-shared agent registry. Your agents live in your repo, your tree, your cloud. We don't host them centrally.

What RAPP never does

No opaque skill interpretation. Agents are code, not markdown the LLM re-reads. You can read exactly what the agent will do.

The agent is a file. The file is reviewable code. The deployment runs in your tenant, on your identity, against your data. Security review starts with git log — not a spec document.