Enterprise
The trust package for technical and procurement reviewers — with an honest view of what is and isn't yet verified.
Trust package
| Document | What it covers |
|---|---|
| Architecture Overview | System design, components, data flow |
| Risk Assessment | Technical + operational risks and mitigations |
| Security Whitepaper | Security model, controls, supply-chain integrity |
| Procurement FAQ | Licensing, support, continuity, vendor-risk answers |
Built-in enterprise capabilities
RBAC, MFA, JWT/sessions, audit logging, field-level encryption, vault mode, mTLS,
rate limiting, multi-tenancy, and OpenTelemetry/Prometheus observability — all in
core. Admin surfaces ship via @streetjs/admin-ui
(RBAC, audit logs, user management, multi-tenancy).
Supply-chain integrity
Every release is published with npm provenance and a CycloneDX SBOM; official plugins are Ed25519-signed and verified against an embedded trust key. CodeQL, secret scanning, and dependency review run in CI.
Honest readiness
StreetJS does not overstate enterprise readiness. Compliance materials (SOC 2 / HIPAA / GDPR / PCI) are control mappings, not audited attestations; there is no third-party penetration test or certification yet, and the project is early on community and production proof. See the Gap Analysis and Readiness Assessment for the unvarnished view, and the Go-To-Market Roadmap for the ROI-ranked path to security audit, pen-test, and SOC 2 readiness.
Talk to us
For procurement or partnership questions, open a GitHub Discussion or see Contact.