WeArePrimitives

Infrastructure you own.
Ecosystems you don't have to build.

Deploy the WRP stack on your hardware. White-label the portal. Bring your tenants into a fully sovereign compute ecosystem.

Talk to Sales → Enterprise overview

8

Primitive types

1B

P8 token supply

$0.01

Fixed peg (USD)

NixOS

Node standard

What we mean by sovereign

Your infrastructure. Your data. Your tenants.

"Sovereign compute" means the WRP platform stack runs on servers you control — not on infrastructure operated by WeArePrimitives. Your tenant data never passes through our systems. The platform we provide is software, not a service.

The only shared infrastructure is the WRP chain itself — the settlement and registry layer. Everything above the chain can be self-hosted. The white-label portal gives your tenants a branded experience with no visible connection to WeArePrimitives.

Security posture

Post-quantum. Zero-trust. Fully auditable.

Post-quantum storage

Keistr

pqcproxy uses ML-KEM-768 + X25519 hybrid key encapsulation. All data at rest in Garage is AES-256-GCM. Upgrade from passthrough to fully encrypted with a single config flag — no credential changes for your tenants.

Zero-trust edge

Cloudflare Access

Cloudflare Access validates identity at the network edge before any request reaches a container. Unauthenticated requests are rejected before they touch your infrastructure.

OpenBao secrets governance

Signet

Every secret flows through OpenBao with a full audit trail. Signet adds cross-context grant delegation, TTL-scoped access, secret masking, and cert chain revocation cascades above OpenBao.

FLAC field-level access control

Three-axis scoring

Fields are scored on user sensitivity, org sensitivity, and governing body stance. Role-to-tier mapping means consistent permission enforcement across every app your tenants deploy.

NixOS-certified nodes

Reproducible

Every node runs a content-hashed NixOS configuration pulled from the ops bucket at boot. Node enrollment, config drift detection, and update propagation are fully automated.

Immutable audit trail

WORM

All access events touching FLAC-scored fields and Accord-gated transfers are written to versioned S3-compatible object storage with object lock. Tamper-evident for SOC 2 and HIPAA.

White-label portal

Your brand on every screen your tenants see.

Custom domain

portal.yourcompany.com — Cloudflare tunnel + TLS, zero WeArePrimitives DNS

Custom branding

Logo, colour tokens, email templates — all configurable per enterprise tenant

Isolated auth realm

authentik Tenant: separate login flows, MFA policy, session lifetime, email domain

IdP federation

Okta · Azure AD · ADFS · LDAP · any SAML 2.0 IdP

Group sync

SCIM or LDAP sync keeps org membership consistent with your enterprise directory

Marketplace control

Restrict which Primitives are visible to your tenants — curate your own app store

Regulated tier

Dedicated authentik instance for HIPAA-covered entities and FedRAMP scope

Auth chain

User browser
Your IdP (Okta/Azure)
authentik Tenant
Cloudflare Access
SuperTokens (per app)
App backend (FLAC)

Unauthenticated requests never reach a container. Enterprise IdP federation means your users authenticate with credentials they already have \u2014 no new account creation.

Contact

Talk to the platform team.

Enterprise deployments are scoped with the platform team. Reach out with your infrastructure requirements, tenant scale, and compliance needs \u2014 we'll put together a deployment plan.

[email protected]

WHAT TO INCLUDE

Your infrastructure target (OVH, bare metal, cloud, or mixed)
Expected tenant count and growth profile
Compliance requirements (HIPAA, SOC 2, FedRAMP, GDPR)
Existing IdP (Okta, Azure AD, ADFS, or other)
Timeline and any hard deployment dates