Verify us. Don't take our word.
Busymate DevTools sees your production traffic, so trust has to be checkable — not claimed. Roles enforced by the database, an append-only audit trail on every surface, and a vault that physically cannot leak a secret.
Trust you can verify, not just read
The same guarantees that let an AI agent act on real infrastructure: row-level security everywhere, real least-privilege RBAC, an append-only audit trail, and a write-only vault.
Enforced in the database, not the UI
Every table is gated by row-level security, so the same role limits hold identically on the dashboard, REST, WebSockets and MCP. There is no back-door surface where the checks were forgotten.
Least privilege, for real
Seventeen independently gateable sections, each with separate view and edit switches, composed into custom roles. Give a contractor Devices-view without Scripts-edit — precision instead of admin-or-nothing.
Who did what, when — everywhere
An append-only audit trail records every action on every surface, including direct database access. Tail it live, filter it, diff changes, and share a permalink to the exact event in question.
Secrets that can't be read back
The vault stores keys encrypted and write-only. There is no reveal button — not for admins, not for the AI, not for anyone. A secret goes in once and is only ever used, never shown.
AI with guardrails
Agents act only within the caller's role, destructive tools require an explicit confirmation, and every action they take is permanently logged. Autonomy, with a paper trail.
Related: MCP server for AI agentsthe AI debugging assistantpartner SSO integration
Questions evaluators ask
Is RBAC enforced in the UI or the database?
In the database — every table is row-level-security gated, so the same role limits hold on the dashboard, REST, WebSockets, and MCP alike.
Can an admin read back a stored secret?
No. Secrets are stored write-only in an AEAD-encrypted vault; there is no reveal button for anyone, including admins and AI agents.
Is there an audit trail for AI-agent actions?
Yes — every action an agent takes, including direct database access, is permanently logged in an append-only, cross-surface audit trail with live tail, filters, diffs and shareable permalinks.
Can I give a contractor limited access?
Yes — 17 independently gateable sections each expose separate view/edit switches, composable into custom roles, e.g. Devices-view without Scripts-edit.
Point it at production
Explore the roles, the live audit trail, and the vault in the dashboard — trust you can check, not just read.