the pipeline

Five stages. One signed decision. No orphaned sessions.

Every identity change — joiner, mover, or leaver — routes through the same deterministic pipeline. The parse step is the only place a language model touches the decision; everything downstream is structured data, OPA policy, signed packets, and tamper-evident logs.

why this exists

The bill for a manual offboarding.

Six portals. Four HR tickets. A checklist in Notion that nobody reads. Licenses still billing weeks after someone walked out the door. It's a tax you pay every time a contract ends.

cost
$487/ exit

Industry baseline for a single manual IT offboarding — labour only, no license waste.

time
4–8 hrs

IT + HR coordination across disconnected admin consoles, per departing employee.

drift
2–5 days

Typical window between a termination notice and the last portal finally revoked.

audit
0 of 6

Portals that produce a tamper-evident, SOC 2-ready audit trail out of the box.

the pipeline

The five stages, in order.

01 / Parse

Gatekeeper

Natural-language intake from Slack, Teams, a webhook, or an HR ticket. Gemini distills the raw text into a structured IntentPacket with a confidence score. Adversarial inputs (prompt injection, schema hijack) are caught by a deterministic post-filter before the packet enters the rest of the pipeline.

gemini 2.5 · fastapi · redis
02 / Verify

Metadata

Parallel lookups against HRIS (BambooHR and Workday today; Rippling on the roadmap), your asset system, and every connected portal. Three questions answered: is this person really terminated, what do they still own, and does the HRIS agree with the requester?

bamboohr · workday · rippling
03 / Score

Risk

Signals combine into a deterministic, explainable score: privileged account, production ownership, HRIS disagreement, recency, dollar value. Above 0.75 it routes to HITL; above 0.95 it blocks. Every component of the score is in the audit log.

structured scoring · explainable
04 / Gate

Policy (OPA)

Open Policy Agent evaluates every decision against your tenant's Rego. Allowed actions are then signed with a per-tenant HMAC-SHA256 key so the executor never runs an unsigned packet. The signing key lives in Vault; the doer fetches it just-in-time per execution. (Asymmetric Ed25519 signing — so a compromised doer cannot forge — is on the near-term roadmap.)

opa · rego · hmac-sha256
05 / Execute

Doer Agent

Fetches a 60-second JIT credential from Vault, calls each portal's API in parallel, and writes a SHA-256-chained event to the Zero-Trust WORM ledger for every action. Soft phase (deactivate + revoke sessions) is immediate; hard phase (delete) defers 5 minutes so reinstate-on-mistake works.

vault · kafka · playwright · opa
the packet

What the executor actually receives.

Each downstream call is driven by a single signed packet. Here's the shape:

{
  "intent_id": "01J9F2W3Q5R7T9V1X3Y5Z7B9",
  "intent_type": "offboard",
  "target_identity": {
    "email": "john.doe@acme.com",
    "hris_id": "bh-4471"
  },
  "actions": [
    {"system": "okta",       "verb": "deactivate"},
    {"system": "m365",       "verb": "block_signin"},
    {"system": "github",     "verb": "remove_from_org"},
    {"system": "slack",      "verb": "deactivate"},
    {"system": "zoom",       "verb": "delete"},
    {"system": "salesforce", "verb": "freeze_with_grace_30d"}
  ],
  "risk_score": 0.41,
  "opa_decision": "allow",
  "issued_at": "2026-05-17T03:14:24Z",
  "signature": "hmac-sha256:7f2ac91ed604b3e1...",
  "tenant_id": "acme-prod"
}

The same packet shape carries a provision (new-hire grant) or modify (role change) intent — only the intent_type and actions differ. Offboarding is validated end-to-end against a live tenant; the joiner, mover, and access-review paths are code-complete and in active validation, dark behind feature flags until each connector is flipped live.

design partners · q3 2026

See it run on your stack.

A 20-minute screen-share. We point a sandboxed tenant at your test directory. You watch a real offboarding go from Slack message to six portals revoked in under fifteen seconds — or we stop early and you have nothing to evaluate.

Book the demo

Or read the security model first.