Agents work on your code. You stay in control.

Tembo is built for enterprise security from the ground up. From agent isolation to audit logs and deployment controls, every layer is designed to keep your code, data, and workflows under your control.

Fix react-perf JSX no new object as prop erros···

I’ve completed a thorough search of the repository at /workspace/repo-c31d1f28-7730-4a…fcee0d220248 Here are my findings:

Key Findings

Copyright and Year References

File: /workspace/repo-…/TimezoneMenu/Info.plist

  • Line 32: <string>Copyright 2024. All rights reserved.</string>
  • This copyright notice is hardcoded and should be updated to 2026

Project Version Information

</> Editing File +3 -3Info.plist

Now let me run the linting and formatting checks as required

Running Commands

Perfect! The formatting check passed. The linting warnings are pre-existing and not related to my README change. Now let me commit the changes

git add README.md && git commit -m “Add hi hugo to README”

Summary of Updates Needed for 2026

Copyright Notice (1 location): line 32 should be updated to 2026.

ChangesArtifactsComputerSandbox Logs
23:28:02.234P0 931672: processing on email-notificaiton/notifications
23:28:02.234P0 931672: delivery called email-notificaiton/notifications
23:28:02.234action: disconnect guid: 512c86e2-67bb-405f-b710-d5b812f29c092
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”Open
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”
23:28:02.234time="2025-04-25T23:28:02Z" level=error msg="Integration command failed”

Security principles

Three commitments that shape every decision we make.

Your code stays yours

Code never leaves your infrastructure. Self-hosted deployment means zero data egress. Full air-gap support for the most sensitive environments.

Every action is logged

Centralized audit trails for every agent session: foreground, background, and automated. Full traceability from prompt to pull request.

Humans stay in control

Nothing merges without human approval. Review workflows enforce quality and compliance at every step. Agents propose, humans decide.

Where agents run, and what stays inside.

Isolated runtime

Every agent runs in its own hardware-isolated VM, inside your own AWS, GCP, or Azure account — no shared state, no ambient access.

Your repositories

Repos are cloned into the environment in place, with the right branch and dependencies. Your source never leaves your network and is never stored on Tembo's infrastructure.

Secrets & credentials

Injected per session and scoped to the run. Never written to disk, never logged, never sent to Tembo.

Private networking

Network policies you control: reach internal services and databases directly, or cut outbound access off entirely. Full air-gap support.

Test & build in place

Your test suite, build pipeline, and linters run inside your infrastructure — real verification, nothing sent out.

Full toolchain

The same shell, CLIs, and utilities your developers use, running where your code already lives.

The Tembo stack

Large Language Models

Run any frontier model and switch between them as they improve. Tembo stays model-agnostic, so every agent uses the best LLM for the task at hand.

Agentic Harness

The orchestration that turns a model into an agent through planning, tool use, and multi-step runs. Harness-agnostic, so you’re never locked in.

AnthropicCodexClaude CodeCursorGitHub CopilotOpenCode

Cloud Runtime

Every agent runs in its own isolated cloud VM, preloaded with your repo, tools, and dependencies. No local machine or setup required to start.

AWSGoogle CloudAzure

Context & Connections

Shared context across all your repos, tickets, docs, and the tools you connect, so agents and your team always work from the same picture.

Microsoft TeamsLinearSlackGitHubNotionJira

Product / Control Plane

The control plane that ties every layer together, with one place to deploy, observe, and operate every agent across your whole organization.

Security & Governance

SOC 2 Type II, SSO, and role-based access come built in, with the option to self-host so the entire platform runs inside your own environment.

Tembo

Every layer above brought together in one platform your team owns, deploys, and scales end-to-end, from model to production. That’s Tembo.

Access controls

Granular control over who can do what, from identity to individual API keys.

Single Sign-On (SSO)

SAML 2.0 and OIDC support. Connect your existing identity provider: Okta, Azure AD, Google Workspace, or any compliant IdP.

Role-based access

Define roles for admins, reviewers, and operators. Control who can launch agents, approve PRs, and modify configurations.

Team permissions

Scope access by team and repository. Ensure engineers only interact with agents in their domain.

API key management

Create, rotate, and revoke API keys. Scoped permissions per key. Full audit trail on key usage.

Compliance & certifications

SOC 2 Type II, ISO 27001, ISO 42001, GDPR, and HIPAA — independently audited, with reports available under NDA.

HIPAA
GDPR

Data Encryption

AES-256 encryption at rest. TLS 1.3 for all data in transit.

Session Isolation

Every agent session runs in an isolated VM. No shared state between sessions or users.

Audit Log Retention

Configurable retention policies. Export logs to your SIEM. Meet regulatory requirements.

Data handling

We believe you should know exactly what data Tembo touches, how it is used, and how long it is kept.

Tembo accesses the repositories and context you explicitly configure. Agents read code to perform tasks and write code as output. No data is accessed outside the scope you define.

Data is used solely to execute the tasks you assign to agents: read to perform the work, written back as output. It is never used for any other purpose.

Tembo is model-agnostic — run frontier models from Anthropic, OpenAI, Google, and AWS Bedrock, and switch between them per task. You are never locked into a single provider.

Yes. Connect your own model endpoints or provider keys. In a self-hosted deployment you can run the models inside your own infrastructure, so inference never leaves your network.

Only the prompt and the code context required for the task is sent to your configured provider for inference. Your repositories, secrets, and internal data stay in your infrastructure, and nothing is ever used to train models.

Session data is retained according to your configured retention policy. Default retention is 90 days for audit logs. Session artifacts (diffs, logs) can be configured for shorter or longer retention.

You can request deletion of all data at any time. For self-hosted deployments, data never leaves your infrastructure and deletion is under your control. For cloud deployments, we honor deletion requests within 30 days.