Trust
Access & permissions
Everything ISAAC can see or say should be intentional. Access control mirrors that philosophy.
Adapters inherit RBAC
Each adapter declares the scopes it needs (read-only repo, write access to tickets, etc.). Admins approve or deny before deployment.
Temporary elevation requests kick off stewardship workflows so nothing escalates quietly.
Memory + kill switches
Long-running agents respect per-surface memory TTLs. Flip a switch and the system forgets an interaction instantly.
Every switch change is recorded with who/when/why, making compliance reviews painless.