SDSESecurity PlatformQatar National Super App
State of Qatar · Phase 1 · Staging

SDSESpec-Driven Security Engineering for the National Super App

A mission-critical platform that hardens the Qatar National Super App by combining a coordinated agent workforce, the full control-framework library, and a tamper-evident evidence pipeline.

SDSE is being delivered in europe-west1 today and is engineered to migrate cleanly to an NCA-aligned Qatari project with no architectural change — security work is captured as specs, not opinions.

Zero Trust by defaultSub-2s agent responsesQatar data sovereignty
Open the dashboards Read the guide
9
Specialist Agents
Coordinated by a lead orchestrator
5
Control Frameworks
NCA ECC · NIST · ISO · PDPPL · Qatar NIA
100%
Workload Identity
No long-lived JSON keys in CI
WORM
Evidence Bucket
Tamper-evident retention for 7 years
What this platform does

A coordinated workforce, not a single chatbot

SDSE replaces the “one AI assistant” pattern with a coordinated team of nine specialists under a single orchestrator. Every output is reviewed and every claim is cited.

Spec-driven design
Every architecture, policy, and control is grounded in a written spec with explicit, cited authority — never opinion.
Agent workforce
A coordinated team of specialist agents handles threat modelling, compliance mapping, IaC and review under a lead orchestrator.
Evidence-first
Every claim is backed by an artefact landing in a WORM evidence bucket — config snapshots, attestations, logs.
Sovereign-ready
Built to migrate cleanly to NCA-aligned Qatar infrastructure with no architectural change, only credential and project re-binding.
Quickstart

Three ways to get started

Step 1
Meet the agents
Open the agent workforce and see what each specialist does — from the lead orchestrator down to the adversarial reviewer.
Browse agents →
Step 2
Check the dashboards
Watch live system health, recent agent activity, and how much of each control framework is covered by in-flight work.
Open dashboards →
Step 3
Read the operating guide
The full operating manual — how to ingest a framework, query an agent, gather evidence, and run a production shift.
Read the guide →