Bounded AI operations with Git as the audit layer
Contentrain security is built around bounded agent operations, Git auditability, branch review, role-scoped Studio access, provider boundaries, encrypted keys, and self-managed deployment paths.
Agent safety
Agents operate through bounded tools
Contentrain does not ask agents to freely mutate a repository. MCP tools define the allowed operations for status, content save, validation, scanning, normalize, branches, and bulk changes.
- Deterministic tool boundaries
- Validation before merge or delivery
- Normalize split into extract and reuse phases
Audit
Git is the audit layer
Content changes can be represented as commits, branches, and diffs. That means teams can inspect who changed content, what changed, and whether validation passed before production delivery.
- Branch-based review
- Diff views for content changes
- Commit history for model and content files
Access
Studio adds role and model-level controls
The Studio codebase includes workspace members, project roles, reviewers, viewers, and model-scoped access paths. The API builds permission context before exposing content operations to users or agents.
- Workspace owner, admin, and member surfaces
- Project editor, reviewer, and viewer roles
- Specific model access constraints
Keys
Secrets and provider boundaries stay explicit
Studio includes AI key management, encrypted key tests, provider abstractions, GitHub integration routes, and usage controls. Teams can choose managed agent paths or BYOA depending on their governance needs.
- Workspace AI key management
- Provider-specific repository operations
- Usage and overage controls
Delivery
Delivery surfaces are governed too
CDN, forms, webhooks, media, and conversation APIs need the same discipline as content editing. Studio exposes those surfaces through project and workspace APIs instead of treating them as unrelated services.
- CDN routes and manifest delivery
- Webhook configuration and dispatch
- Form submissions and media processing
Self-hosting
Self-managed deployment is part of the security story
For infrastructure-sensitive teams, the value is not only features. It is the ability to keep governance close to the systems, providers, and policies the organization already controls.
- AGPL community core
- Enterprise licensing path
- Controlled deployment and operational ownership
Common questions
Does Contentrain let agents edit anything in the repo?
No. The intended workflow is through bounded MCP and Studio tools, with validation, review branches, and explicit provider capabilities.
How does Studio restrict users?
Studio builds workspace, project, role, and model-level permission context before exposing content operations. Review and branch flows add another control layer.
Can sensitive teams self-host?
Yes. The Studio architecture supports self-managed deployment paths and enterprise licensing for teams that need more infrastructure control.
Start local. Scale to Studio.
Build a governed content layer before content becomes product debt.
Developers can start with the MIT packages. Teams can move into Studio when review, roles, delivery, and licensing matter.