Pre-write verification
Checks can run before persistence so contradictory writes are caught before they become durable state.
Trust
Security and reliability posture for production agents.
Bilinc is designed for operational predictability: validated writes, explicit failure contracts, auditable history, and restore workflows that keep incidents bounded.
WritesValidated
HistoryAuditable
RecoverySnapshot + rollback
TransportBearer auth + rate limits
Control surface
The guarantees matter before the dashboard does.
Belief conflict handling
AGM-style revise and contract flows avoid silent overwrite when agent memory diverges.
Persistence truthfulness
Write failures surface as failures; operations do not report success when durability fails.
Recovery workflow
Snapshot, diff, and rollback primitives keep restore and incident triage explicit.
Control matrix
| Area | Current posture |
|---|---|
| Auth model | Stdio for local trust boundaries, HTTP transport with bearer token enforcement |
| Abuse controls | Rate limiting and input/resource validation on the tool surface |
| Auditability | Operational state changes are traceable through audit and snapshot flows |
| Observability | Health and Prometheus-compatible metrics endpoints for runtime visibility |
Source-of-truth artifacts
Use the repository as the canonical source for security changes, release deltas, and CI checks.
Data posture
SDK and Cloud have clear responsibility boundaries.
| Boundary | Current posture |
|---|---|
| SDK boundary | The public SDK does not ship local storage internals; hosted data is governed by Cloud workspace and API-key controls. |
| Cloud data | Hosted memory is scoped to authenticated workspaces and billing-backed entitlements. |
| API keys | Runtime credentials are workspace-scoped, revealed once, and then managed as masked metadata. |
| Transport | Public Cloud endpoints are HTTPS and require bearer authentication for memory operations. |
| Retention | Plan-specific retention should be treated as an operational policy, not a truth guarantee. |
| Deletion | Account and workspace deletion requests belong in the support/security workflow until self-serve deletion is shipped. |
Verification boundary
Bilinc improves memory integrity. It does not replace judgment.
What Bilinc can check
Typed writes, validation gates, conflict indicators, provenance, audit history, and recovery state.
What Bilinc does not promise
It does not make every LLM answer true, replace source review, or certify untrusted external claims by itself.
What operators still own
Prompt policy, data classification, approval gates, secret handling, backups, incident response, and access reviews.
Boundaries
Trust stays strongest when the boundary is explicit.
Local trust boundary
The public SDK keeps local storage internals out of the package; Cloud workspaces govern storage, transport, backups, and operator policy.
Hosted Cloud boundary
Cloud access remains entitlement-gated while hosted runtime isolation, billing sync, and support boundaries stay explicit.
Evidence boundary
Verification and recall evidence improve inspectability; they do not turn every answer into automatic truth.
Report sensitive issues privately.
For suspected security issues, account access problems, billing anomalies, or abuse reports, contact ReARC Labs directly instead of opening a public issue with sensitive details.
Ask for the boundary you need.
Enterprise deployments can be scoped for private deployment, SSO/SAML, BYOC/VPC review, audit requirements, retention policy, and SLA/security review before production use.