Raise the unit of accountability from one team to the whole organization
Claude tells you how much your teams spent on AI. TRW tells you what they actually built with it, whether it was verified against its requirements, and whether it will still make sense next quarter — a record that travels with the work, not a dashboard of who-spent-what. And it runs where you need it — on the developer’s machine, in your own cloud, or fully air-gapped.
Agents proliferated. Org-level accountability did not.
AI coding agents now write across every repo, in every team, on every host. Spend is metered. Access is logged. The work itself — what got built, whether it was verified, whether the knowledge survives — has no record above the level of a single engineer’s session.
every dollar is metered — the work itself goes unrecorded
Spend is measured. Work is not.
You can see seats consumed and tokens billed. You cannot see which requirement an agent built against, or whether a build-check verdict passed before it shipped. The vendor consoles bind a seat to a cost — never a requirement to a verification verdict.
One team is not the organization
A single-team console shows one team’s runs in isolation. It cannot answer the org question: across every team and every host, what was built, what was verified, and where the same problem got re-solved from zero.
Knowledge that evaporates by team
Each team’s discoveries die at the end of a session, or sit in a notes file no other team will ever read. One team’s verified work does nothing to raise the floor for the next. The organization re-pays for the same lesson, team by team.
Governance across time, not governance of access
Every memory and governance product in this space governs access — who used which model, on which seat, at what cost — and is locked to one host to do it. TRW governs work across time: it binds a requirement to whether its build-check verdict passed, across sessions, in a record that travels with the work. It sits below the GRC attesters and above the generators — the layer that records the work so the platforms above it can attest to it.
Access tells you the bill. Work tells you what you bought.
| Dimension | Host-locked access governance | TRW work governance |
|---|---|---|
| Unit of analysis | Users, seats, spend — access metered per host | Requirement bound to a build-check verdict — work recorded across sessions |
| What the record proves | That AI was used, and how much it cost | What was built, whether it was verified against its requirements, whether it still holds |
| Vendor coupling | Locked to one IDE, model, or vendor console | Above any IDE, model, or host via MCP — governance is not hostage to one vendor |
| Where it runs | Vendor cloud, on their terms | Your infrastructure — local, your cloud, or air-gapped |
What ships today for an organization
Every capability below is in the product now. This is the honest evaluation surface for a security and procurement review.
Org & roles
Single-org team workspace — invite teammates by email with a role, create sub-teams, add and remove members
Owner / admin / member / viewer, with cross-tenant privilege-escalation guards
Org / team / membership entities; architecture designed for N-level org hierarchy
Org-scoped analytics summary
Evidence & data rights
Persisted, org-scoped audit trail of org and membership activity
SHA-256 content hash on every record
GDPR JSON export and erasure
Identity & deployment
Per-org API keys; JWT / OAuth / 2FA authentication
trw-mcp and trw-memory run repo-local, telemetry off by default — the work stays on the developer’s machine
On the developer’s machine, in your own cloud, or fully air-gapped
OWASP-hardened, source-available codebase under BSL-1.1 — readable, auditable, license-clear
Run TRW in your environment
Enterprises want the evidence layer inside their own perimeter. TRW is built for that. The open framework runs entirely on your infrastructure today; the platform can be deployed in your cloud or on-prem through the engagement.
Air-gapped
AVAILABLE NOWOpen framework, installed with no network. Zero outbound calls.
On-prem / your cloud
AVAILABLE NOWOpen framework on your own AWS, VPC, or on-prem host. Repo-local memory.
Platform in your cloud or on-prem (BYOC)
ENTERPRISEThe hosted platform / control-plane deployed inside your environment. We deploy with you.
TRW-managed SaaS
OPT-INThe hosted platform, run by TRW. Opt-in; org-scoped audit recorded server-side.
Yes — today. The open framework (trw-mcp and trw-memory) installs with no network, makes zero outbound calls on a default install, and runs entirely on your infrastructure: a laptop, your AWS or VPC, on-prem, or fully air-gapped.
The open framework is repo-local. It runs on the developer’s machine, stores memory locally, and has telemetry off by default. Your code and the engineering record stay on your infrastructure.
Yes — through the enterprise engagement. The hosted platform / control-plane can be deployed in your cloud or on-prem (BYOC). We deploy it with you and scope it to your environment. The TRW-managed SaaS is also available as an opt-in option.
Every record carries a SHA-256 content hash, and we document the integrity model plainly so your reviewers can verify exactly what it guarantees.
Built to be evaluated by your security team
A small, honest surface to assess — source-available where it can be, conservative where data leaves the machine, and explicit about exactly what is enforced and how.
Local-first open framework
The open framework — trw-mcp and trw-memory — runs repo-local with telemetry off by default. A default install makes zero outbound calls, so it runs on your infrastructure today: a laptop, your AWS or VPC, on-prem, or fully air-gapped. The work and the memory stay where you put them.
Source-available, OWASP-hardened
trw-mcp and trw-memory ship under BSL-1.1 — source-available and readable end to end, so your security team can read the code they are evaluating. The open packages present a clean, OWASP-hardened surface for a standard OSS vendor review.
Credential hygiene and identity
Per-org API keys and JWT / OAuth / 2FA authentication. Roles carry cross-tenant privilege-escalation guards on every boundary. Secrets are not logged.
Isolation and record integrity
Tenant isolation is enforced at the application layer, with cross-tenant privilege-escalation guards on every role boundary. Every record carries a SHA-256 content hash. We document the integrity model in plain terms so your reviewers can verify exactly what it guarantees.
The evidence source attesters attest against
TRW is the engineering-side record your GRC platform attests against — readiness, not a certification. We map capabilities to control families with “aligns with” and “maps to,” never “certified.” Not legal advice.
The stack: generators on top — Claude Code, Cursor, Copilot — produce the work. GRC attesters above — Credo AI, Modulos — attest to it. TRW sits between: below the attesters and above the generators, the layer that records what was built and whether it was verified, so the platforms above it have something true to attest to. TRW does not replace your GRC platform; it gives it evidence.
EU AI Act
Maps toAligns with audit-trail and transparency readiness. Whether AI-assisted coding is high-risk is an open question we do not assert.
NIST AI RMF
Maps toMaps to Map / Measure / Manage practices via phase-gated runs, requirements traceability, and a persisted audit trail — a readiness signal, not a certification.
ISO/IEC 42001
Maps toAligns with the AI-management-system evidence expectations — run governance, role ownership, documented reversion. TRW supplies the underlying record, not the certificate.
Proof by practice, not by logo
TRW is built with TRW. The post-generation lifecycle — the team product, the role model, the audit trail, and the memory layer — is exercised every day on this monorepo. These are tracked repo metrics from that work, not effectiveness claims.
Sprints
882+
recorded internal sprint cycles on this monorepo
PRDs
2,862+
requirements tracked through phase-gated runs
Tests
20,266+
tests present across the codebase
Learnings
3,469+
active learnings captured and recalled across sessions
No customer logos and no outcome-lift numbers — just the record of building TRW with TRW. If you want to evaluate the mechanism on your own org, that is what the design-partner program is for.
Questions a security and procurement review will ask
Yes. The open framework (trw-mcp / trw-memory) installs with no network, makes zero outbound calls on a default install, and runs entirely on your own infrastructure — laptop, AWS, VPC, on-prem, or fully air-gapped. The platform can be deployed inside your environment through the enterprise engagement.
For the open framework, no — it is repo-local with telemetry off by default. For the TRW-managed SaaS, it is opt-in; when you use it, org-scoped audit and telemetry are recorded server-side, which is what enables the org-level record. The choice is yours, per surface.
A single-org team workspace with an owner / admin / member / viewer role model, sub-teams, per-org API keys, and a persisted org-scoped audit trail — on a data model designed for N-level hierarchy. If enterprise identity federation (SSO / SAML / OIDC, SCIM) is a hard requirement, talk to us about fit for your environment.
The open framework, yes — it is repo-local and runs entirely on your own infrastructure today. The hosted platform can be deployed in your cloud or on-prem (BYOC) through the enterprise engagement.
We assert no certification. TRW is the engineering-side evidence source attesters attest against — readiness, not a certification. We map to NIST AI RMF and align with ISO/IEC 42001 and EU AI Act audit-trail / transparency readiness, using “aligns with” and “maps to.” Whether AI-assisted coding is high-risk is an open question we do not assert. Not legal advice.
Isolation is enforced at the application layer, with cross-tenant privilege-escalation guards on every role boundary. We document the isolation model in plain terms rather than implying more than it guarantees.
Each record carries a SHA-256 content hash, and we state the integrity model exactly as it is so your reviewers can verify what it guarantees.
Org rollout is a design-partner motion scoped per case, so the honest answer is a conversation rather than a number. Talk to us about org rollout fit and we will scope it to your case.
No — it is complementary to both. TRW sits above the generators (Claude Code, Cursor, Copilot) via MCP and below the GRC attesters (Credo AI, Modulos): it records the work so the platforms above can attest to it. It does not generate code, does not lock you to one vendor, and does not replace your GRC tool.
Govern the work, not the spend — across your whole organization
A requirement bound to a verification verdict, knowledge that compounds and is governed, above any host via MCP, running on your own infrastructure, and ready for the evidence your attesters attest against. If your organization is running AI coding agents across multiple teams, the next step is a conversation about rollout fit.