📋 Enterprise Documentation

SLA, RBAC & Compliance

Everything your legal, compliance, and FinOps teams need to evaluate Sturna for enterprise adoption. No fluff — just specs, schemas, and honest current state.

Last updated: April 2026 · Version 1.0

Tier Comparison

Sturna offers three tiers. Free is for evaluation. Pro is for production teams. Enterprise is for organizations that require SLA guarantees, custom RBAC, and dedicated support.

Capability Free Pro — $49/mo Enterprise — Custom
Intent submissions / day 50 5,000 / mo Unlimited
Execution SLA Best-effort Priority queue Contractual SLA
Uptime commitment 99.9% target 99.9% SLA + credits
Support response Community 24-hour email 4-hour dedicated
Audit logs 7 days 90 days 365 days + export
RBAC roles Owner only Admin + Operator Admin + Operator + Viewer + Custom
API key scoping Single key Scoped keys Scoped keys + IP allowlist
SSO / SAML Roadmap Q3 2026
Custom domain multipliers + batch config API
SIEM-compatible audit export
Dedicated account manager
Custom contract / MSA
⏱️

Execution SLA

Sturna's auction engine broadcasts each intent to up to 81 specialist agents in parallel. Proposal collection, scoring, and execution happen within defined latency windows per tier.

Bid collection window
< 800ms
Pro & Enterprise (p95)
Agent selection + dispatch
< 200ms
After bids close
Standard intent completion
< 30s
Simple intents (p95)
Complex intent completion
< 120s
Multi-step, deployment class

Latency Windows by Tier

Metric Free Pro Enterprise
Queue wait (p50) Up to 5s < 500ms < 100ms
Bid collection window (p95) 1,200ms 800ms 800ms
Standard intent (p95) Best-effort 30s 30s (contractual)
Complex intent (p95) Best-effort 120s 120s (contractual)
Shield-tier intents (p95) 60s 60s (contractual)
Timeout ceiling 300s 300s 600s (configurable)
ℹ️
Contractual vs. Target: Pro latency figures are operational targets. Enterprise latency figures are contractual SLA terms — missed SLA windows generate credit automatically under the Enterprise agreement.
📡

Uptime Commitment

API & Intent Engine
Operational — targeting 99.9%
Dashboard & Receipt Pages
Operational
Agent Bidding Network
Operational
WebSocket Streaming
Operational

Monthly Uptime Targets

Tier Monthly Uptime Target Max Downtime / Month SLA Credit
Free No commitment
Pro 99.9% target ~43 min No contractual credit
Enterprise 99.9% contractual ~43 min 10% monthly credit per 0.1% missed
⚠️
Exclusions: Scheduled maintenance windows (announced ≥ 48 hours in advance), force majeure events, and outages caused by third-party AI model providers (Anthropic) are excluded from uptime calculations.
🚨

Incident Response

Severity Levels & Response Windows

Severity Definition Pro Response Enterprise Response
P0 Critical Complete API unavailability or data loss 4 hours (best-effort) 1 hour (contractual)
P1 High Core intent execution degraded > 30% error rate 24 hours 4 hours
P2 Medium Performance degradation, non-critical features unavailable 48 hours 8 hours
P3 Low Minor bugs, cosmetic issues Next sprint 48 hours

Escalation Path

📧
Initial Report
Submit via support@sturna.ai or in-app support. Include intent IDs, API key (masked), and error payloads. A reference ID is auto-generated.
🔍
Triage & Acknowledgement
On-call engineer reviews severity. Acknowledgement email sent with ticket ID and assigned engineer name within the response window above.
⚙️
Mitigation
Workaround or hotfix deployed. P0 issues get a dedicated Slack bridge with the Enterprise account team (Enterprise only).
📋
Post-mortem (P0 / P1 only)
Written root-cause analysis delivered within 5 business days. Enterprise customers receive a private post-mortem briefing.
💾

Data Retention

Data Type Free Pro Enterprise
Intent execution receipts 7 days 90 days 365 days
Agent audit logs 7 days 90 days 365 days
Token cost records 7 days 90 days 365 days + CSV export
User account data Duration of account Duration of account Custom retention + GDPR deletion API
Deployment outputs 7 days 30 days 90 days
Post-deletion grace period Data purged from live systems within 30 days of account deletion. Backups purged within 90 days.
🔐

Role Definitions

Sturna uses three built-in roles. Each role maps to a distinct level of access. Enterprise customers can request custom roles via the account team.

👑
Admin
Pro + Enterprise
Full control. Manages the account, billing, team members, and all agent configuration. Typically the technical lead or DevOps owner.
  • Submit intents
  • View all receipts & audit logs
  • Manage API keys
  • Configure domain multipliers
  • Add / remove team members
  • Access billing & invoices
  • Export audit logs (Enterprise)
⚙️
Operator
Pro + Enterprise
Day-to-day execution access. Can run intents and review results but cannot modify configuration or manage billing. Suitable for developers or analysts.
  • Submit intents
  • View all receipts & audit logs
  • Generate scoped API keys
  • Configure domain multipliers
  • Add / remove team members
  • Access billing
  • Export audit logs
👁️
Viewer
Enterprise only
Read-only access. For auditors, compliance officers, or stakeholders who need visibility without execution privileges.
  • Submit intents
  • View receipts & audit logs
  • Generate API keys
  • Configure domain multipliers
  • Manage team
  • Access billing
  • ~ Export audit logs (read-only CSV)
📊

Permission Matrix

Action Admin Operator Viewer
Submit intents (POST /api/intent)
Stream intent execution (WebSocket)
View own intent receipt (GET /receipt/:id)
View all team receipts
Access execution history (GET /history)
Access audit log export ~ Read-only
Generate API keys Full scope Scoped only
Revoke API keys Own keys
Configure domain relevance multipliers
Use Shield tier (auctionTier: "shield")
Add / remove team members
Assign roles
View billing & invoices
Manage subscription
Access admin analytics (/admin/*)
🔑

API Key Scoping

API keys are prefixed with octo_. Each key carries a scope that determines which endpoints it can access. Keys are generated via POST /api/register and are idempotent per email address.

Scope Available to Permitted endpoints
full_access Admin only All /api/* endpoints including admin routes
intent_submit Admin, Operator POST /api/intent, POST /api/intent/stream, GET /api/me
intent_read Admin, Operator, Viewer GET /receipt/:id, GET /api/intents, GET /api/me
audit_read Admin, Viewer GET /api/admin/audit, audit export
analytics_read Admin GET /api/admin/metrics, /analytics/*
💡
Enterprise IP Allowlisting: Enterprise plans can lock API keys to specific CIDR ranges. Keys with an IP allowlist reject requests from any source outside the defined ranges with a 403 response and a logged security event.

Key Rotation

Keys do not expire by default. Admins can revoke any key immediately. Revoking a key is irreversible — a new key must be generated. Key rotation is logged in the audit trail with the actor's user ID, timestamp, and IP address.

👥

Team Management

Adding a Team Member

Admins invite users via the Account page or via the API. An invitation email is sent. The invitee signs in and the role is automatically assigned.

HTTP 
POST /api/team/invite
Authorization: Bearer octo_<admin_key>
Content-Type: application/json

{
  "email": "analyst@yourcompany.com",
  "role": "operator"           // "admin" | "operator" | "viewer"
}

Removing a Team Member

Removing a member immediately revokes all their API keys and terminates active sessions. The action is logged in the audit trail.

HTTP 
DELETE /api/team/members/:user_id
Authorization: Bearer octo_<admin_key>

Changing a Role

Role changes take effect immediately. Downgrading from Admin to Operator revokes access to billing and admin analytics endpoints on the next API call — no session restart required.

HTTP 
PATCH /api/team/members/:user_id
Authorization: Bearer octo_<admin_key>
Content-Type: application/json

{
  "role": "viewer"
}
📜

Audit Log Format

Every intent execution produces a signed, immutable receipt accessible at GET /receipt/:intent_id. Receipts are the canonical audit trail. The schema is stable — fields will not be removed without a deprecation notice.

Receipt Schema

JSON Schema 
{
  "id": number,              // Unique intent ID (monotonically increasing)
  "text": string,            // The original intent text submitted by the user
  "status": string,          // "completed" | "failed" | "in_progress" | "pending"
  "created_at": ISO8601,     // Timestamp when intent was received
  "completed_at": ISO8601,   // Timestamp when execution finished (null if pending)
  "duration_ms": number,      // Wall-clock execution time in milliseconds

  "winning_agent": {
    "name": string,          // Agent display name (e.g. "Cypress Scout")
    "emoji": string,         // Visual identifier
    "confidence": number,    // Winning bid score (0.0 – 1.0)
    "domain": string,        // Agent's specialist domain
    "reasoning": string      // Agent's self-reported execution rationale
  },

  "competing_agents": [{     // Top-3 agents that submitted bids (excluding winner)
    "name": string,
    "confidence": number,
    "reasoning": string
  }],

  "result": string | null,   // Execution output (markdown, code, or plain text)
  "error": string | null,    // Error message if status = "failed"

  "cost": {
    "input_tokens": number,  // Total input tokens consumed across all agents
    "output_tokens": number, // Total output tokens generated
    "total_tokens": number,  // Sum of input + output
    "cost_usd": number        // Estimated cost in USD (4 decimal places)
  },

  "meta": {
    "auction_tier": string,  // "standard" | "shield"
    "domain_hint": string,   // Optional domain multiplier used
    "api_key_id": string,    // Masked API key identifier (last 8 chars)
    "user_id": number         // Internal user ID of submitter
  }
}

SIEM Export Format

Enterprise customers can export audit logs in NDJSON format, compatible with Splunk, Datadog SIEM, Elastic SIEM, and Sumo Logic. Each line is a valid JSON object representing a single event.

NDJSON — SIEM Export 
{
  "event_id": "evt_a1b2c3d4",
  "event_type": "intent.completed",
  "timestamp": "2026-04-13T09:00:00.000Z",
  "actor": {
    "user_id": 42,
    "api_key_id": "...abc123",
    "ip": "203.0.113.55"
  },
  "resource": {
    "type": "intent",
    "id": 1234
  },
  "outcome": "success",          // "success" | "failure"
  "duration_ms": 4250,
  "cost_usd": 0.0018,
  "agent": "Cypress Scout"
}
ℹ️
Export API: Enterprise: GET /api/admin/audit/export?format=ndjson&start=2026-01-01&end=2026-04-13. Returns a streaming NDJSON response. Date range capped at 90 days per request.
💰

Token Cost Breakdown

Every intent execution records token consumption and estimated USD cost. This data is available in the receipt, the history API, and the Pro/Enterprise cost export. FinOps teams can use this for chargeback, showback, and budget forecasting.

Cost Fields

Field Type Description
cost.input_tokens integer Tokens consumed as context (intent text, agent prompts, prior conversation)
cost.output_tokens integer Tokens generated in the execution response
cost.total_tokens integer Sum of input + output tokens
cost.cost_usd float (4 dp) Estimated USD cost using published Anthropic pricing at time of execution

Cost Aggregation API

Enterprise customers can query aggregated costs by user, date range, or team for chargeback and budget tracking:

HTTP 
GET /api/admin/analytics/cost-summary
  ?start=2026-04-01&end=2026-04-13
  &group_by=user_id           // "user_id" | "day" | "agent"

Authorization: Bearer octo_<admin_key>

// Response:
{
  "period": { "start": "2026-04-01", "end": "2026-04-13" },
  "total_cost_usd": 12.4832,
  "total_intents": 1847,
  "breakdown": [
    { "user_id": 42, "cost_usd": 7.21, "intents": 982 },
    { "user_id": 57, "cost_usd": 5.27, "intents": 865 }
  ]
}
🌍

Data Residency & Processing

Infrastructure Location

Component Provider Region
Application server Render US-East (Ohio)
PostgreSQL database Neon US-East (AWS us-east-1)
AI model inference Anthropic API US (Anthropic cloud; see Anthropic's data processing agreement)
Email delivery Postmark US

Data Flow

Intent text is transmitted to Anthropic's API for agent inference. This means intent content is processed by Anthropic's infrastructure under their Data Processing Addendum (DPA). Sturna does not send customer data to any other third-party AI providers.

⚠️
EU Data Residency: Sturna does not currently offer EU-region data residency. All data is stored and processed in US-based infrastructure. Enterprise customers with EU data residency requirements should contact the team before signing — this is on the roadmap for Q4 2026.

Data Transmitted to Anthropic

Data Type Sent to Anthropic? Notes
Intent text Yes Used for agent bidding and execution
Domain context / product grounding Yes System prompt enrichment
User email / API key No Never included in prompts
Billing information No Handled entirely by Stripe
🛡️

SOC 2 Readiness

📋
Honest current state: Sturna does not have a completed SOC 2 Type II audit as of April 2026. We are documenting current controls here so security teams can assess posture. Formal SOC 2 Type II is on the roadmap for H2 2026.

Security Controls (Current)

Encryption in transit (TLS 1.2+)
Implemented
Encryption at rest (AES-256 via Neon + Render)
Implemented
API key hashing (bcrypt)
Implemented
Immutable intent receipts (append-only)
Implemented
Rate limiting on all public endpoints
Implemented
Audit log with actor, timestamp, IP
Implemented
Security headers (X-Content-Type, X-Frame-Options, etc.)
Implemented
Parameterized queries (SQL injection prevention)
Implemented
Formal SOC 2 Type II audit
Roadmap — H2 2026
Penetration test (third-party)
Roadmap — Q3 2026
HIPAA / HITRUST
Not applicable
GDPR DPA available
Available on request

📬
Need a security questionnaire filled out or a custom DPA? Email security@sturna.ai with your requirements. We aim to respond within 2 business days.

Ready to go Enterprise?

Talk to us about contractual SLAs, custom RBAC, dedicated support, and volume pricing.

💬 Talk to Sales