Skip to content
Enterprise Sight
Book a scoping call →
02 / 06

One engagement. Software, advisory, and the writing it leaves behind.

Six things on the contract. They run together because they have to. The architecture decision is also the audit decision is also the integration decision.

ADVISORY 01 / 06

Architecture and threat-model review

Before any code, we map what your business should expose, to which classes of agent, under what authority. This is where the conversation about scope, identity boundaries, and audit posture happens.

Workshop-led · senior architects · before any code
SOFTWARE 02 / 06

Platform deployment and integration

The platform deploys into your private cloud or self-hosted environment, on the Model Context Protocol standard. Integrated against your existing systems of record. Instrumented for observability and audit from day one.

In your environment · principal + engineers
SOFTWARE 03 / 06

Identity and authorisation

Every call has to answer four questions. Which agent. On whose behalf. With what authority. Against which contract. Scoped permissions, signed credentials, and revocation paths designed in.

OAuth 2.1 · JWT · mTLS · per-call signing
ADVISORY 04 / 06

Compliance and audit posture

ISO 42001 and EU AI Act controls. Transaction logging, policy enforcement, retention rules, and the documentation your risk and compliance teams will sign off on.

ISO 42001 · EU AI Act · SOC 2 Type II
ADVISORY 05 / 06

Senior advisory across the engagement

A CIO or CTO-level partner from kick-off through handover. The same person in the room when you're talking to your CRO, your procurement lead, and your engineering team.

Embedded weekly · executive-level · vendor-neutral
DELIVERABLE 06 / 06

Documentation and handover

Runbooks, architecture decision records, integration docs, and operational training. You don't end up with a server your team can't run.

Runbook · threat model · integration map · roadmap
What's not included

What's not included

We're not selling you an LLM.

Vendor-neutral by design. The architecture serves your stack. No partner programme shaping the build. Use the model provider, vector store, and cloud you already trust.

We don't run a general AI strategy review.

If you're still working out whether agentic commerce matters to your business, that's an earlier conversation in your cycle. We engage when the question is concrete. Agents will be transacting with you, and you need to expose what you sell safely.

It runs in your environment, not ours.

The platform deploys into your private cloud or self-hosted infrastructure. Your data never leaves it unless you choose to connect an external model or service. We can run a hosted instance for a demo, or stand one up where you don't have private-cloud DevOps, but the default is simple. It's yours.

We don't bolt governance on later.

Identity, audit, and compliance are part of the build itself. Designed in from kick-off. If a brief comes in asking us to build it fast and add the governance later, we'll say no.

One contract. One team. One set of decisions that don't have to be relitigated when the build starts.

Read a sample statement of work →