Custosa
See the demoRequest access
Docs

Documentation

Last updated: June 13, 2026

An overview of how Custosa is designed, organized by area. Full developer documentation and the API reference are available to design partners.

01Architecture

Foundations
  • System overviewCore design principles, positioning, and the threat model.
  • Product & delivery modelControl plane and data plane; Cloud vs on-premises.
  • Data layerPostgreSQL store, caching, and migrations.
  • Transport & authREST, gRPC, and streaming; API keys, mTLS, and OIDC.
  • Secrets & configFile, environment, Vault, and KMS; the gateway configuration system.
Policy & inspection
  • Policy languageThe Custosa DSL and how it compiles to Cedar.
  • Clearance latticeData classification and constant-cost clearance comparison.
  • Context-filter pipelineThe PASS / FILTER / REDACT worker pipeline.
  • Content inspection engineRegex- and NER-based entity recognition with entity-level verdicts.
  • Structured-data field verdictsPer-field PASS / REDACT on structured records.
  • Relationship resolverPlanned adapters for SpiceDB, LDAP, Azure AD, and OpenFGA.

02Evidence & compliance

Evidence
  • Evidence & compliance layerVerdict-only evidence and the cost-savings model.
  • Cedar @satisfies annotationsMapping enforcement to compliance controls.
  • Evidence Report APIExporting and querying sealed evidence.
  • GDPR audit hookThe structural placeholder for future GDPR support.
Integrations & operations
  • Proxy-gateway wiringReverse-proxy mode for FHIR R4 and similar.
  • X12 EDI proxy adapterField-level verdicts over X12 claims.
  • Agent & OIDCAgent-to-gateway protocol and OIDC token verification.
  • OperationsObservability, the CLI, deployment, and testing.
  • HIPAA incident moduleBreach assessment workflow.

03Get the full documentation

Detailed developer documentation, the API reference, and a quickstart are available to design partners. If you are evaluating Custosa, request access and we will get you set up.