The compliance is in the envelope. The app is just cargo.
Every control a regulator cares about — access, encryption, audit, data residency, kill switch — is enforced by the envelope that wraps the app at the VPC boundary, not by the app itself. So the app can be mediocre, un-hardened, never designed for on-prem, and it still lands secure, governed, and provably compliant. What the auditor reviews is the envelope, which is fixed and disclosed. That's why a bad app deploys safely — and why the audit is the same every time.
Can't exfiltrate
The app never touches the network. Only redacted, structure-only projections cross the membrane.
Can't exceed the treaty
Every action passes a 30-check policy gate enforced inside the customer's own VPC.
Instantly killable
A dual kill switch the customer holds — and the operator cannot override.
Provably compliant
Ships with its own multi-framework audit package. Hand it over; the auditor never digs.
It runs today. Not a deck — a working system.
Every load-bearing claim is demonstrable end to end, live — on a real file, a real workload, and a real MCP server.
# the embassy in the customer's VPC — admit → govern → execute in-VPC → project only a redaction leaves; the raw data never moves dual Recall the customer's kill switch — the operator cannot override it embassy dials OUT to the hub zero inbound ports in the customer VPC a real MCP server runs in-VPC the hub is blind both ways — it never holds a key self-audit package, one command live attestation + every framework, handed to the assessor ✓ the IP never leaves, because the inference never sees it
The same governance hardened for the DoD — dialed down for your HIPAA workload.
"Not in your cloud" is the deal every regulated buyer kills today. Legation is the answer — and it ships with the security questionnaire already filled out.