Built to pass security review.
DevOS runs local-first, never trains on your data, and isolates every workspace. A complete reference for your IT, security and compliance teams.
Private by default. Your data stays yours.
How DevOS handles your code and data, and the controls you keep over both.
No data leaves the developer's machine
Code, memory and the savings ledger run locally. By default, nothing is sent anywhere.
No data leaves your tenant
When you connect the cloud control plane, it stays inside your environment. Journi receives only aggregated statistics and feature requests on opt-in, and you can review exactly what would be sent before anything leaves.
Full control of outgoing calls
Every outbound model call is policy-checked, logged and traceable, so you can see and govern exactly what leaves.
No training on your data
Your code, prompts and activity are never used to train models, or for anything else.
Secret redaction
Secrets are scrubbed before any write or model call.
Keys in your custody
Provider keys live in the OS keychain, never on disk, and can be provisioned to devices centrally.
Your data stays in your tenant, separated by workspace.
Every deployment is single-tenant, so your code and data never mix with anyone else's. Within your tenant, each repository is its own workspace — letting you control which teams and developers can reach which code and memory.
Govern and monitor across your organisation.
The control plane for IT, security and compliance — set policy once and have it enforced everywhere DevOS runs.
Audit log
A complete, tamper-evident record of policy changes and access decisions.
Policy enforcement *
Control which models can be used and check every session against your active policies.
Budget controls *
Set spending limits, enforced centrally and applied in real time.
Admin recovery
Secure recovery paths for administrators to handle exceptional situations.
Usage export
An evidence pack and usage export ready for finance and compliance teams.
SIEM forwarding
Stream events to Splunk, Sentinel or S3 — in build.
* The level of enforcement depends on the agent host. Some hosts support hard enforcement at the network boundary; others apply advisory checks.
Auditable from the source up.
SBOMs for every ecosystem, dependency gates, and a verified installer — the evidence procurement asks for.
CycloneDX SBOMs
Generated for all three ecosystems — Rust (cargo-cyclonedx), Node (cyclonedx-npm) and C# (dotnet CycloneDX).
Dependency gate
cargo-deny enforces advisory, license and source-registry checks (RUSTSEC) on every build.
Memory-safe by construction
Built in Rust with unsafe code disallowed across the entire codebase, removing a whole class of memory-safety vulnerabilities.
Self-contained components
Core components are built in and statically linked — nothing extra for you to install or patch, and no OpenSSL dependency.
Verified installer
The installer checks every file against a known hash before deploying, and is code-signed.
Pinned toolchain
Build toolchains are pinned to versions that include current security fixes, including CVE-2024-24576.
Deploy inside your boundary.
On developer machines, in your own private cloud, or in your data centre, with unattended installer support for Intune, SCCM and MDM.
"Working with AI" — how we drive coding agents at Journi. Six habits, one pre-flight checklist.
Most agent failures come down to two habits: guessing when it should check, and calling a task done before proving it. The DevOS Rulebook is our answer.
Ready for security review?
We'll send the security pack, SBOMs and deployment guide, and walk your team through the architecture.