Architecture Overview

The Corporation is a governance kernel that stores all corporate data in bare git repositories. Every entity, whether LLC or C-Corp, is a git repo. Every operation is an atomic commit. Every audit trail is git log.

Crate structure

The platform is split into five crates:

corp-core     — Domain types, auth primitives, scope definitions (no I/O)
corp-storage  — EntityStore + WorkspaceStore, git/Redis/S3 backends
corp-auth     — JWT encoding/decoding, Argon2 API key hashing, Axum extractors
corp-server   — Axum HTTP server, route handlers, OpenAPI spec
corp-cli      — Rust CLI (corp), local oneshot mode via corp-server

corp-core has no I/O at all. All persistence lives in corp-storage. corp-auth and corp-server depend on both. corp-cli can talk to a running corp-server over HTTP or embed corp-storage directly for local operation.

Runtime topology

Three interfaces share the same storage and domain logic:

┌──────────────────┐  ┌──────────────────┐  ┌──────────────────┐
│   HTTP API       │  │   Rust CLI       │  │   CLI local      │
│   (corp-server)  │  │   (corp-cli,     │  │   oneshot        │
│   Axum + Tokio   │  │    remote mode)  │  │   (--local flag) │
└────────┬─────────┘  └────────┬─────────┘  └────────┬─────────┘
         │                     │                      │
         └─────────────────────┼──────────────────────┘
                               │
                  ┌────────────▼────────────┐
                  │  corp-storage           │
                  │  EntityStore /          │
                  │  WorkspaceStore         │
                  └────────────┬────────────┘
                               │
                  ┌────────────▼────────────┐
                  │  Bare Git Repos         │
                  │  (gix — pure Rust)      │
                  │  or Redis + S3          │
                  └─────────────────────────┘

All three interfaces produce identical storage commits for identical operations. The git repositories are the database.

In local mode (corp --local or corp --data-dir), the CLI embeds corp-storage directly and operates on bare git repos without a running server. This is how corp form create --local works.

Technology stack

Component	Technology
Backend	Rust 2024 edition, Axum 0.8, Tokio
Git library	gix 0.72 (pure Rust — no libgit2)
Storage backends	Bare git repos (default), Redis/Valkey + S3
Serialization	serde + serde_json
Auth	HS256 JWT (24 h default) + Argon2id API keys
Scopes	34 scopes, checked via `ScopeSet`
Observability	tracing + tracing-subscriber

Core invariant

Every side effect in the system requires all three:

Intent: a typed request describing what should happen.
Decision: a deterministic policy evaluation that approves, blocks, or requires a human obligation.
Receipt: an immutable record with request and response hashes.

The gate function is:

execute_intent(intent_id, idempotency_key) → Receipt

No corporate state changes without passing through this gate. No exceptions.

Execution flow

Agent / Human / API
       │
       ▼
  Create Intent
       │
       ▼
  Policy Evaluation ──→ Blocked (tier violation, missing obligation)
       │
       ▼
  Human Obligation? ──→ Wait for fulfillment
       │
       ▼
  Execution Attempt
       │
       ▼
  Adapter (git commit, external API call)
       │
       ▼
  Receipt + Audit Event
       │
       ▼
  State Updated (git commit on entity repo)

Production services

The system runs as a set of Docker services:

Service	Role
caddy	Reverse proxy, auto HTTPS
backend	Rust/Axum governance kernel (corp-server)
chat-ws	WebSocket chat interface

All corporate data lives in the git_data volume mounted into the backend container.