1. We don't aim to replace diagrams-as-code or lock teams out of portable formats. Archyl focuses on discovering and keeping architecture in sync with reality: export and text-based representations are on the roadmap because portability matters.
2. Git integration today is read-only by design. We intentionally avoid bidirectional mutation of source or models until we can guarantee determinism and auditability.
3. We do not treat Archyl as a "golden source of truth" for code or IP. The goal is derived metadata and visualization, not ownership of your system definition.
4. Security is taken seriously: scoped access, least-privilege credentials, and no persistence of sensitive source artifacts beyond what's required for analysis. We're working on publishing a deeper security model to make this more explicit.
The philosophy tension you're pointing out is real, and we're trying to earn trust there rather than hand-wave it away. Appreciate the thoughtful critique.
I am currently working on a new open-source project, completely free to help enterprise manage their authorizations on a ce realized application: https://www.authz.fr/
Main benefits whereas existing projects is the simplicity of use and the frontend web UI which is generally in paid offers.
It comes with Service Development Kits in multiple languages (Go, NodeJS, PHP, Python) and more to come soon.
I hope someone could find something interesting here :)
A few clarifications:
1. We don't aim to replace diagrams-as-code or lock teams out of portable formats. Archyl focuses on discovering and keeping architecture in sync with reality: export and text-based representations are on the roadmap because portability matters.
2. Git integration today is read-only by design. We intentionally avoid bidirectional mutation of source or models until we can guarantee determinism and auditability.
3. We do not treat Archyl as a "golden source of truth" for code or IP. The goal is derived metadata and visualization, not ownership of your system definition.
4. Security is taken seriously: scoped access, least-privilege credentials, and no persistence of sensitive source artifacts beyond what's required for analysis. We're working on publishing a deeper security model to make this more explicit.
The philosophy tension you're pointing out is real, and we're trying to earn trust there rather than hand-wave it away. Appreciate the thoughtful critique.