Identity that fits
SSO/SAML, SCIM, role mapping. Spaces inherit org identity at the OS level — no per-Space onboarding.
Enterprise
Same OS. Your rules.
The free Construct your team uses, hardened for the constraints your org actually has. SSO, audit, policy, air-gap, private distribution — all at the operating layer, not bolted onto a single Space.
What you get
Six pillars.
Policies you set once
Org-wide model routing, capability allowlists, autonomy ceilings, and per-Space overrides where you need them.
Audit you can defend
Every action the Operator takes is logged with who, what, where, and which model. Exportable, queryable, kept.
Local + air-gap
Run Spaces with local models only. The same SDK, the same Operator, the same UI — without a single byte leaving the perimeter.
Private Spaces
Build internal Spaces for the workflows nobody outside your org will ever see. Distribute privately, not to the public Space Store.
Support that owns it
Dedicated SLAs, named contacts, priority routing on incidents, and quarterly reviews on what the Operator is doing for your team.