Trust & governance

It writes to SAP.
You hold the gate.

CSPeach is an AI coding agent that can change your SAP system — that's the point. It stays read-only until you ask. Every overwrite is snapshotted first, every change is isolated to its own transport, syntax-checked, activated, and verified. And you can pin any system to advisory-only, so on that system the agent proposes and never writes.

The write gate

You set how much the agent may do.

One setting decides the agent's reach on each system. It ships at approval-gated — the agent asks before every write. Move it up for speed, down for caution.

Most cautious

advisory-only

Proposes, never writes

The agent reads, reviews and drafts. It shows you the change but cannot apply it. The mode a production system is pinned to.

Default
Balanced

approval-gated

Asks before each write

The agent does the work but pauses at every write, showing you exactly what it will change. Nothing lands without your yes.

Fastest

auto

Writes within the session

For trusted, non-production work. The agent writes without a prompt per change — every overwrite still snapshotted, and every change syntax-checked and verified.

A ceiling you set once holds across the session. Tag a system as production and its write mode is clamped to advisory-only — the agent cannot be talked, prompted or configured past that ceiling mid-session, and even a snapshot restore is blocked on a pinned system. The safe setting is the one that can't be nudged.

The path of a write

Every change takes the same road.

When the agent does change something, it passes through the same gates in the same order — the rules are built into every skill, not bolted on. Here is that road, gate by gate.

R6

Read-only, until you ask default state

Nothing changes on its own. The agent reads your code, runs checks and answers questions. A write happens only because you asked for one.

R7

Snapshot first before every write

Before it overwrites or deletes a source, the agent captures the prior state. There is always a version to go back to — no exceptions, even for a one-line fix.

R8

A plan you approve for multi-object work

When a job touches more than one object, the agent lays out the full plan — object by object — and waits for your go before it starts. No surprise mass changes.

R9

Its own transport isolation

Each session's changes land in a dedicated transport, never mixed with hand-written work. Clean to review, clean to release, clean to roll back.

Checked, then verified R10

After a write, a syntax check runs. If it fails, the run stops — broken code is never activated. After activation, the agent confirms the object really went active, and reports if it didn't.

On the record audit

Every write is part of the session record. Run /export audit and the agent writes out a reviewable file of what it did — the trail you hand to a lead or an auditor.

And a way back. Because every overwrite is snapshotted, a change to existing code can be restored. Press Esc twice to rewind through the write gates — the same ceilings apply, so a restore is blocked on a system pinned to advisory-only.

Whose hands

The agent acts as the developer. No shortcuts.

It works through the developer's own SAP logon — so your system's own controls decide what it can touch, and your audit log names a real person.

Your authorizations, unchanged

The agent connects as the developer's own SAP user and inherits exactly that user's privileges. It cannot reach an object the developer couldn't reach, and it holds no elevated or shared service account of its own.

SAP authorization checks are never bypassed. Whatever your roles allow is the limit; whatever they deny stays denied.

A trail you can hand over

Because the agent acts as the real developer, your change documents and change logs name that person — not a bridge user. The session's own record is exportable on demand with /export audit.

The result is a reviewable account of what changed, in which transport, by whom — the kind of trail a release or audit process expects.

Where the AI runs

You choose the data boundary.

The path to SAP is laptop-direct in every mode. What you choose is where the AI call goes. Two modes are available today; more are on the roadmap.

Managed

Start with our proxy and our Anthropic key. Prompts transit api.cspeach.dev on the way to Anthropic so we can meter usage. The lowest-friction way to begin.

Bring your own key

Set your own Anthropic key once and each developer's LLM traffic goes laptop → Anthropic directly — your prompts never touch our infrastructure. Available now.

The full list of modes — including the SAP AI Hub and local options on the roadmap — plus the full data-flow and a plain telemetry statement, is on the security page.

One more thing, plainly

No badges. Just mechanisms you can check.

This page carries no compliance logos and claims no certifications, because we won't put a badge here we haven't earned. What it describes instead are mechanisms that are live in the product today: the write gate, the snapshot, the transport, the checks, the audit file.

We describe them; your team verifies them. If you want to see the road a write takes for real, take the product tour — it's a real session recording.