Philosophy

The problem

Corporate data is trapped in opaque SaaS platforms. Your articles of incorporation live in one service, your cap table in another, your tax filings in a third. None of them talk to each other. None of them give you your data in a format you can actually use. And none of them provide a verifiable audit trail — you trust them because you have to, not because you can prove anything.

When AI agents enter the picture, the problem gets worse. An agent operating a corporation needs structured, auditable, machine-readable access to every piece of corporate state. “Log in and click through a UI” does not work for agents. “Download a PDF” does not work either. The mechanical governance work that makes up the bulk of corporate operations — filing deadlines, cap table updates, board consent generation, compliance monitoring — cannot be delegated to agents without a system that is agent-native by design.

The insight

Git already solves every hard problem in corporate data management:

• Every change is a commit with a SHA hash, timestamp, and author.
• Multi-file commits are atomic.
• Draft resolutions can live on branches and merge when approved.
• Ed25519 signatures prove who did what.
• Standard tools such as git log, git diff, and git clone already work on corporate data.
• JSON files in a tree do not need database migrations.
• git clone gives you the full record.

A corporation is a set of documents, ownership records, financial transactions, and governance decisions. Git stores documents, tracks ownership of changes, records transactions atomically, and preserves the full history of every decision. The mapping is natural, not forced.

Design principles

Your data is yours

Corporate state belongs to the legal entity — not to a platform, not to a vendor, not to us. Every piece of corporate data is a JSON file in a git repo you own. No vendor lock-in. No data export requests. No “please email support to get your records.” git clone gives you the full, portable record. Migrating away is a configuration change, not a support ticket.

Git is the database

No PostgreSQL. No Redis. No DynamoDB. The bare git repository is the single source of truth. This sounds radical until you realize that a corporation’s data is document-shaped (not query-shaped) and the access pattern is “read current state, append new state” — exactly what git does.

Intent / Decision / Receipt

Every side effect requires a typed intent, a deterministic policy decision, and an immutable receipt. That is the minimum structure needed for agents to operate under human governance. The intent says what should happen, the decision says whether it should happen, and the receipt proves it happened. The pattern also guarantees safe failure: an intent can exist without a decision, and a decision can exist without a receipt. Each stage is independently verifiable. No agent error leaves the entity in an inconsistent state.

Human obligations, not approvals

The system does not have a generic approval queue. Instead, it identifies the narrow set of actions that legally require a natural person — signing formation documents, filing with the state, attesting to tax returns under penalty of perjury — and creates typed obligations with evidence requirements and sufficient lead time. Humans govern; agents execute. Everything mechanical flows through without a human bottleneck, and nothing fiduciary flows through without one.

Three interfaces, one kernel

HTTP API, Rust CLI (corp), and local oneshot (corp-server call) are thin layers over the same governance kernel. They produce identical git commits for identical operations. If you form an entity via API and inspect the cap table via CLI in --local mode, the data is the same because it is the same git repo. There is no separate “local” data model and “remote” data model — the storage layer is the same either way.

Transparency over trust

With commit signing enabled, every operation produces a cryptographically signed git commit with actor identity in the trailer. Any participant can verify any claim by inspecting the repository — cap table accuracy, filing completion, the full authorization chain for any equity event. “Trust me” is never the answer; “verify it” is always available. “Trust but verify” becomes “verify, and here is the cryptographic proof.”

Branch-based governance

Complex governance workflows such as draft resolutions, multi-party approvals, and contested mergers map naturally to git branches. Create a branch for a proposed action, let stakeholders review it, and merge when authorized. The merge commit becomes the approval record.

Auditability is a system invariant

Every agent action produces a signed, immutable record in the entity’s git repository. There are no silent mutations, no off-the-record operations, no actions that bypass the commit log. The git history is the corporate record — not a mirror of it, not a summary of it, but the record itself. Completeness is enforced by the architecture, not assumed from good behavior.

Scoped authority

No agent operates with unbounded authority. Scope is defined in the entity’s governance configuration — which domains an agent may act in, which actions it may take, what thresholds it may not exceed — and enforced by the policy gate at execution time. An agent that attempts to exceed its scope is rejected before any state changes. Scoped authority makes delegation safe.

Reversibility by design

Any agent action that cannot be undone requires human authorization before execution. Reversible actions — drafting a document, updating an internal record, queuing an obligation — agents handle autonomously. Irreversible actions — submitting a state filing, executing a transfer, registering an equity event — require an explicit human sign-off. The maximum cost of an agent error is bounded by the reversibility of its autonomous actions.