Token scope
Scope is visible on every request — not buried in logs.
Scope denials and role denials surface as separate, legible signals. Your team knows instantly whether the fix lives at the token level, the namespace policy, or the repo grant.
LOOM.
Security
You should never have to guess why access failed.
Scope, role, verification, and attribution — surfaced with the same clarity as your repository state. Every denial is explicit. Every grant is auditable.
Denial states
No opaque 403s. No guessing which layer said no.
When access fails, Loom tells you exactly why — scope denied or role denied, and at which level. The distinction is precise and immediately actionable.
Signed states
Cryptographic proof sits beside every change.
States carry signatures. The UI surfaces verification alongside attribution — so you know whether a state was machine-authored, human-reviewed, and signed, without digging.
Attribution
You always know who acted. Always.
Human or AI, provider and model, confidence score — recorded in the object model as first-class data. Not scraped from commit messages. Not inferred. Known.
Authorization model
Access clarity is not a feature — it's the baseline.
Scope or role. Token or grant. The answer is always legible, always immediate. Built for teams where ambiguity in access control is not acceptable.