Obelisk
Every privileged action leaves a receipt.
Obelisk is the trust and capability layer for an AI-era studio — founder identity, scoped agent grants, and signed intent receipts on the actions that matter.
What you get
A focused update path for Obelisk.
Obelisk treats trust as something you can prove, not something you assume.
Founder identity stops depending on a saved password. Agents — Claude, Codex, MCP tools, CI, service accounts — become first-class identities with scoped grants and blast-radius budgets, instead of holding broad raw secrets they never should have touched.
Before a tool acts, it's registered and risk-scored. When something sensitive happens — a deploy, a database change, a domain move, a payment, a secret rotation — Obelisk writes a signed intent receipt. You don't take anyone's word for it. You read the proof.
On trusted paths, it mostly disappears. The ceremony shows up only when authority is unclear, a secret is stale, or an action is unsigned — the moments that deserve a second look.
This isn't a password app and it isn't a safety dashboard with no teeth. It's a control room for trust decisions across every project in the studio, built to detect failure conditions early and enforce the answer.
Tell us where you want Obelisk first.