Trust & security posture

How fastpace handles trust

Honest current-state. fastpace is in design-partner phase — so this page tells you what's true today, what's in flight, and what's on the roadmap. No certifications we don't hold; no claims we can't substantiate.

Need the customer-facing artifact-driven version with self-serve evidence requests? Visit the trust portal at trust.fastpace.net →

Principles

What you can hold us to today

These are operating principles, not certifications. Each one is structurally enforced by the product, not just promised on a marketing page.

Local by construction

Skills, agents, hooks, and the local UI all run on the developer's machine. The audit signal lives in the repo. No fastpace-hosted SaaS sits in the data path for the core product.

No telemetry

fastpace ships zero telemetry. We don't collect usage analytics, error reports, or session data. Updates are explicit (`npm update -g @fastpace-ai/fp` then `fastpace update`).

Open source where it matters

The CLI, skills, agents, hooks, and local UI are open source. Anyone — including your security team — can audit the runtime that touches your code.

No silent guardrail weakening

Every guardrail change is approved by the operator and logged to the hash-chained audit log. We will not silently weaken your audit signal — and you can verify it with one command.

Data flows

Where your data goes

The honest version. Plus the prove-it commands so you don't take marketing copy at face value.

Source code
Stays on the developer machine and in your repo. Never transits a fastpace-operated service.
Prompts & context
Pre-prompt redaction strips secrets and sensitivity-tagged content. The redacted prompt then goes directly from the developer machine to the AI runtime you chose. fastpace doesn't proxy this call.
Audit log & manifests
Hash-chained, signed, written to your repo at fastpace/audit.log and fastpace/manifests/. Never transmitted off the machine.
Org dashboard summaries
If the optional self-hosted org dashboard is enabled, each repo agent emits signed audit summaries (counts, hashes, trends) — not code, not prompts, not responses. The aggregation server runs behind your firewall.
Prove it from the terminal

walks the hash-chained audit log and reports any tampering since install.

lists every agent, runtime, MCP server, and identity active on this machine.

packages ADRs, audit.log, manifests, and AI-BOM into one auditor-ready tarball.

Attestations

Where we are on certifications

Honest about timing. We will not claim certifications we don't hold. Below is current status; security questionnaires are answered under NDA.

Framework
Status
Target
Notes
SOC 2 Type I
in progress
Q3 2026
Audit initiated; report available under NDA on completion.
SOC 2 Type II
planned
Q1 2027
Follows successful Type I closure plus 6 months of operating period.
ISO/IEC 27001
planned
Q2 2027
Scoped to fastpace org dashboard infrastructure.
ISO/IEC 42001
planned
Q4 2027
AI management system certification — fastpace as both subject and tooling.

Need a security questionnaire (SIG, CAIQ, custom) answered? Email security@fastpace.net. Turnaround under 5 business days.

Self-mapped framework coverage shipped

Distinct from the external attestations above: fastpace ships a validated mapping doc (fastpace/docs/framework-mapping.md) tying every primitive — F0.1 cryptographic identity, F0.2 hash-chained audit log, F0.3 discovery manifest, F0.4 agent identity, F0.5 prompt redaction, F0.6 inventory, F1.1 run manifest signing, F1.3 circuit breaker (with fleet-wide baseline), F1.6 least-privilege bootstrap, F1.10 sensitivity-tagged context, F1.11 approved-runtime registry, F1.12 sanctioned-install attestation (with Sigstore bundle envelope), F1.13 org dashboard, F1.14 RBAC + SAML envelope verifier, F2.1 reliability score, F2.3 provenance-signed commits, F2.4 AI-BOM, F2.5 continuous control monitoring, F2.6 trusted data taps, F2.7 red-team harness, F2.8 Drata/Vanta push, F2.9 pre-merge audit gate, F2.10 AI risk register, F2.11 org-wide policy engine, F2.12 open audit schema — to the controls in NIST AI RMF, ISO/IEC 42001, EU AI Act, SOC 2, ISO 27001, and GDPR. Each row points at the artifact that demonstrates the control.

The mapping is the input the auditor reads first. External attestations (above) certify the operating environment; the mapping certifies what each fastpace install does. The fastpace aibom generate --release <tag> output is the per-release attestation envelope (CycloneDX-AI flavor) that goes into a regulated software supply chain alongside SBOMs. The new fastpace gate check --format github drops straight into a GitHub Actions workflow to block merges that lack provenance, audit-chain integrity, or a fresh AI-BOM.

Sub-processors

Who we share data with (almost no one)

Because the core product runs locally, the sub-processor list is short. Updated when changes occur; subscribe to be notified.

Provider
Purpose
Region
GitHub
Source code repository for the open-source project. fastpace itself does not transit customer code through GitHub.
US
Cloudflare
DNS + static asset delivery for fastpace.net marketing site.
Global edge
Anthropic / OpenAI / Google pass-through
NOT a fastpace sub-processor. fastpace mediates the developer's direct call to the AI runtime they choose; data flows are governed by the developer's own contract with that provider.
n/a
Vulnerability disclosure

Reporting a security issue

We treat security reports seriously and will not take legal action against good-faith researchers operating within this policy.

How to report

Email security@fastpace.net. Encrypt with our PGP key (fingerprint published below) for sensitive details.

PGP fingerprint: (published on GitHub repo · key ID forthcoming)

What we commit to

  • Acknowledgement within 48 hours.
  • Initial triage within 5 business days.
  • Public credit (if desired) once the issue is resolved.
  • No legal action against researchers acting in good faith.

Out of scope

  • Issues in the AI runtime itself (Claude / Codex / Gemini) — report to the runtime vendor.
  • Social engineering of the fastpace team.
  • DoS / volumetric attacks against fastpace.net.
Threat model

What fastpace is and isn't designed to defend against

Threat models that overpromise are a security smell. Here's a focused STRIDE-style read on the fastpace agent — public artifact, updated when the model changes.

What fastpace defends against
  • Prompt-time data leakage — pre-prompt redaction strips secrets and PII before any prompt leaves the machine.
  • Autonomous agent misuse — declared scope, blast-radius limits, behavioral circuit breaker.
  • Audit-log tampering — hash-chained entries with per-install signing key. fastpace verify reports any tampering.
  • Common destructive commandsrm -rf /, git reset --hard, curl | sh and similar are blocked by the dangerous-command-guard hook.
  • Force-pushes & main-branch commits — push-guard and branch-guard refuse them when guardrails are enabled.
  • Supply-chain drift — dependency-alert blocks new dependencies outside approved scopes.
  • Shadow AI categorization — discovery manifest at well-known paths so your security stack finds fastpace announcing itself.
× What fastpace does not defend against
  • A compromised developer machine. If the machine is owned, fastpace's identity keypair and signing infra are owned with it. Pair with endpoint defense.
  • Insider exfiltration. A developer with full access can copy code, prompts, or context out of band. This is an organizational policy problem.
  • AI model behavior in general — hallucinations, biased outputs, misaligned responses. fastpace can detect some of this (via correction-event tracking on the roadmap) but doesn't make the model itself safer.
  • Sophisticated targeted prompt injection in untrusted content the developer pastes in directly. The injection-scanner hook helps for fastpace-mediated content but not for arbitrary editor input.
  • Compromise of the AI runtime vendor. If Anthropic or Google is breached, that's their incident response, not ours.
Incident reporting

If we have an incident, you'll hear it from us

Customer notification within 72 hours of confirmation, regardless of jurisdiction. Status page at status.fastpace.net (forthcoming). Subscribe to security@fastpace.net for direct notifications.

Need more depth?

Architecture deep-dive, security questionnaire, threat model walk-through, roadmap under NDA — all available on request.

Email security@fastpace.net → See the compliance page →