AI in your SAP landscape — without giving up control.
Written for the IT leader who has to forward this page to their security team. Five principles, no exceptions.
Production is out of reach
The pipeline's bot user is scoped to your DEV system only. Transports move forward through your standard release process, gated by your people. Nothing in the pipeline can write to production — by architecture, not by policy.
Humans gate every change
A senior developer must review and approve every pull request before merge — and merge is the only path to a transport. There is no auto-merge, no AI-approves-AI, no bypass.
Your code never leaves your org
Source code lives in your GitHub org and your SAP system — never in ours. Model traffic flows through a LiteLLM gateway we control and you can inspect. No customer data is ever used to train models.
Deploy where you're comfortable
The orchestrator runs on GCP Cloud Run by default, or in your own cloud or VPC. Connectivity into your DEV landscape uses Tailscale — private, zero-trust, and auditable.
Everything is auditable
Every action — who asked, what was generated, who reviewed, what shipped — is attributable, logged, and exportable. Your auditors get a cleaner trail than most human-only processes produce.
Questions your security team will ask
Where does our data live, and what leaves our environment?
Your source code stays in your GitHub org and your SAP system. The orchestrator processes issue text and code diffs in flight; it does not maintain a copy of your repository or business data at rest. Deployment in your own cloud or VPC is available if your policy requires it.
Which model providers are used, and under what terms?
Claude (Anthropic) and Codex (OpenAI), accessed through a LiteLLM gateway under enterprise terms — meaning no training on your data. The gateway gives you one place to see, restrict, or swap model traffic.
How are credentials handled?
The SAP bot user is created by your team, scoped to DEV, and revocable by you at any time. GitHub access uses a scoped app installation, not personal tokens. Secrets live in the platform's secret manager — never in code or logs.
What happens if we terminate the engagement?
You revoke the bot user and the GitHub app, and you're done. Everything that shipped — code, tests, pipeline configuration, audit history — is already in your systems and stays there.
Get the full security overview
We'll walk your security team through the architecture, credential model, and audit trail — engineer to engineer.