Trust & Controls

You stay in control.

Handing an AI agent access to client production orgs is a real decision. Speakeasy is built so you can grant trust gradually, see everything it does, and keep a human on the final say.

Progressive trust

You don't have to trust production on day one.

Start by letting Speakeasy answer questions. Move to investigation, then sandboxed building, then approval-gated deploys — widening what it can touch only as far as you're comfortable.

Stage 1

Ask

Ask plain-language questions about any connected org and get answers grounded in its real metadata and data.

Your control

Read-only. No changes are ever made in this mode.

Stage 2

Diagnose

Hand Speakeasy a request and it investigates, traces the root cause, and presents findings with evidence.

Your control

Investigation runs read-only against production; you review the findings before anything is built.

Stage 3

Build

Speakeasy implements and tests the change in an isolated execution environment, not your live org.

Your control

Work happens in a disposable scratch org or a dedicated sandbox you designate — never directly in production unless you choose that mode.

Stage 4

Deploy

Validated changes are promoted to production and the result is documented.

Your control

Production deployment requires your explicit approval. Nothing reaches production without a human approving it.

Stage 5

Automate

For orgs you configure for it, let Speakeasy carry routine work further on its own.

Your control

Opt-in per org. You choose disposable scratch-org autonomy or direct-production autonomy, and approval gates stay on unless you turn them off for that org.

The controls

What keeps it safe.

Each of these is a real part of how Speakeasy works — not a promise for later.

Scoped data access

Investigation reads org metadata and records read-only against production. Changes are written only in the execution environment you select for that org.

Encrypted credentials

Salesforce credentials are encrypted at rest with AES-256-GCM. Plaintext secrets are never stored.

Per-request credential scope

Each request runs against the specific credentials you allow. The agent can only act within the access you grant — not across every connection you hold.

Human approval gates

Production deploys are gated. The agent must have an explicit human approval — recorded on the request — before it can deploy or activate in production.

Tenant isolation

Every tenant's organizations, credentials, and history are isolated. One client's data is never visible to another.

Full audit trail

Every turn, tool call, finding, approval, and deployment is recorded — so any action can be traced back to who approved it and why.

Before-state capture

Before changing existing metadata, Speakeasy records the prior state so a change can be reverted if it does not behave as expected.

Revocable connections

Access is credential-based. Remove a credential or disconnect an org and Speakeasy immediately loses the ability to act on it.

Transparent AI model

Speakeasy runs on Anthropic's Claude models via the Claude Agent SDK. We tier models by task and tell you what runs where.

Human approval

Nothing reaches production without you.

When Speakeasy is ready to change a production org, it stops and asks. It presents a decision card — its confidence, the plan, the exact components it will create, modify, or delete, and the risks — and waits for your call.

  • Production deploys are blocked until a human approves them.
  • You see the proposed plan, the affected components, and the risks first.
  • After deploy, the request waits in “Ready for Final Review” until you mark it complete.
Approval Required
88% confidence
I found the root cause and prepared a fix. Review the plan before I deploy to production.

Grant the Standard User profile read access to Custom_Field__c.

Components

  • modifyFieldPermissionsStandard User → Custom_Field__c (read)
Risks: Field becomes visible to all Standard User profile members.
Approve & deployMake changesReject
Approve, reject, or provide instructions...

Data handling

How your data is handled.

The honest version: here is what we can state plainly today.

Encrypted credentials

Salesforce credentials are encrypted at rest with AES-256-GCM. We never store plaintext secrets.

Tenant isolation

Each tenant's organizations, credentials, and history are isolated. One client's data is never exposed to another.

Full audit trail

Every turn, tool call, finding, approval, and deployment is recorded, so any action can be traced back to who approved it.

Transparent AI model

Speakeasy runs on Anthropic's Claude models via the Claude Agent SDK, with models tiered by task.

What we won't claim: we don't make promises we can't back up. If you need specific data-residency, retention, or model-training commitments for a pilot, ask us directly and we'll give you a straight answer rather than marketing copy.

Run your whole book of client orgs from one place.

We're building the admin.