Your documents. Your audit. Your keys.

The safe layer every Midcore customer puts in front of their data. DLP on every egress. Per-tenant envelope encryption. Declarative policy. Hash-chained audit. Spaces for teams. Connectors for the rest.

Open the Studio See the policy engine

AES-256-GCM

envelope at rest

5-stage

ingest pipeline

Studio tabs

Tier 2c integration tests

25+

CLI subcommands

DLP

A classifier you can read.

PII, credentials, regulated identifiers — scanned, classified at four tiers (Public, Internal, Confidential, Restricted), and shown to you in real time. The same classifier guards every outbound LLM call. Fail-closed by default. No surprise leaks.

Pipeline

Five stages. Receipts on every one.

Discover, chunk, classify, dedupe, index. Workspace files with glob patterns and mtime cursors so re-runs skip unchanged content. Auto-ingest and retention schedulers. Per-stage metrics, errors, durations. Three reports out of the box — audit trail, pipeline health, current inventory.

Policy

Declarative rules. System rules always first.

Per-tenant rule packs in plain language. SYSTEM_RULES always evaluated first, every time. Default profiles loaded lazily so you can keep the engine fast on small fleets. Fail-closed on egress and execute. Eight routes, twelve guard tests, no shortcuts.

Encryption

Envelope crypto. Per-tenant keys. Per-purpose data keys.

AES-256-GCM at rest. Per-tenant key encryption keys derived from a master root. Per-purpose data encryption keys rotated on schedule. The recipe is standard; the discipline is that it actually ships before anything talks to your data.

Identity & Spaces

Sub-tenant collaboration without losing the audit.

Spaces are sub-tenant groups with role-gated access — viewer, contributor, admin, owner. Members inherit DLP and encryption automatically. Capsule receipts log every operation on a hash chain. Right-to-be-forgotten erasure is a first-class action, not a forum thread.

Connectors

Bring the rest of your data in safely.

Workspace files and GitHub repos today; the protocol is open and the registry is yours. Every sync runs through the full pipeline and the DLP gate before anything is indexed. Schedule, retry, see the errors — all in one tab.

Where you use it

Five surfaces, one knowledge base.

Web Studio

6 tabs: DLP, Pipeline, Reports, Identity, Connectors, Crypto.

VS Code

Activity-bar entry, six commands, real-time sensitivity indicator in the status bar.

CLI

`midcore pkb` with 25+ subcommands. Pipelines, batch ops, scripting — the way operators want it.

Midcore Shell

Activity-bar deep links into Studio tabs and a native detail panel. Works offline.

REST API

Full programmatic access for the integrations your platform team will build before lunch.

Your audit. Your keys.

Open the Studio Read the security note