TUNC.AI HUB
TUNC.AI · Enterprise AI Harness

Tunc Hub.
Govern AI agents.

See what AI is doing.

Enterprise AI harness

Control every coding agent your team runs.

Tunc Hub gives agents a real workspace while tool policy, approvals, previews, memory, and audit stay tied to the code.

Start enterprise deployment →

Private Core · workspace policy · replayable audit

Private Core Self-hosted anywhere you run infrastructure
Workspace Policy Allow, ask, deny per tool
Replayable Audit Tool calls, approvals, diffs
Provider Control Approved models per workspace
Enterprise agentic control

Harness AI work without losing operational control.

Tunc Hub turns coding agents into governed enterprise operators. Every action carries the repo, command, diff, permission mode, approval point, runtime context, and history.

01

Visible work

Every task, command, preview, tool call, and file edit stays attached to the workspace timeline.

02

Approval gates

Permission modes make risky actions explicit instead of burying them in a chat transcript.

03

Recoverable history

Memory, logs, and audit trails make agent work inspectable after the tab, model, or session changes.

Enterprise AI approach

A practical operating model for agentic development.

Tunc Hub gives AI teams a harness for work: agents can plan and execute, while humans own policies, credentials, release gates, and audit trails.

01 · Harness

Agents get a real workbench.

They can plan, edit, test, browse, and preview across isolated workspaces without drifting away from policy.

02 · Control

Control is part of the workflow.

Tool access, permission modes, approvals, and deploy gates are visible before sensitive actions run.

03 · Enterprise

Enterprise context stays intact.

Code, keys, memory, policies, release metadata, and audit history stay tied to your operating model.

What it does

The harness for enterprise AI development.

Chat, agents, tools, previews, memory, approvals, and release metadata sit beside the code, so every step is visible, reviewable, and recoverable.

01 / CHAT

Chat with your codebase

Pick an approved model provider. Ask questions, get answers grounded in the real repo, not a guess from training data.

claude-opus-4 gpt-5
deepseek-v4 + workspace ctx
02 / TOOLS

Real work, not just chat

AI reads files, runs commands, uses git, opens PRs, and checks its work in a browser. All inside isolated workspaces (local or cloud), so your laptop stays untouched.

acme/checkout
stripe/
+ webhook.ts
·idempotency.ts
·tests/
03 / AGENTS

Send AI to work in the background

Spawn agents to plan, refactor, review, or implement while you keep moving. Nudge them, stop them, or take over whenever you want.

refactor-tests12m · 18 tools
review-pr-482asks
scope-fixdone
04 / PREVIEW

See what AI is building

Preview the app, the diff, the docs, or the browser session right next to the chat. No app-switching, no guesswork about what changed.

localhost:3000/checkout
05 / MEMORY

Nothing gets forgotten

Every chat, plan, task, and tool call is saved against the workspace. Restart the app, switch devices, come back next week. The context is still there.

10:02
10:14
10:31
now
06 / GOVERN

Stay in control

Decide which models, tools, and credentials each workspace can use. Set policy once. Apply it everywhere your team works.

Default
Plan
Auto
Bypass
policy on Core vault
07 / PERSONAS

Know who's speaking

Give each AI a name, a role, and a co-author signature, so reviewers, PRs, and commits always show exactly who (or what) did the work.

B
Backend Engineer
co-author · acme-bot
R
Reviewer
read-only voice
08 / TOOL ACCESS

Only the tools the work needs

Allow safe tools, ask on sensitive ones, deny risky actions. Hidden tools stay invisible to the agent.

shell.execallow
file.writeask
external.pushdeny
09 / AUDIT

Every action can be explained

Every tool call, approval, and diff is logged against the workspace, so security, engineering, and operations can inspect how the work happened.

shell.exec · git status
file.write · webhook.ts
external.push · prod
How it works

Sign in. Pick a workspace.
Start a turn.

It's a desktop app. You open it, sign in, and you're working. The technical bits happen quietly in the background.

01 / SIGN IN
Sign in with Google
We check you're an operator. Your workspaces and credentials load automatically.
02 / SELECT
Pick your project
Pick the repo or client workspace. The right credentials and policies follow.
03 / CHAT OR PLAN
Choose how to work
Pick your AI, your mode, your level of supervision. Then start talking.
04 / RUN
Agents execute inside policy
Agents use approved tools under your rules. Operators watch, approve, or step in.
05 / PREVIEW
See the result
Read the diff, run the app, browse the output. Without leaving the window.
06 / AUDIT
Audit stays attached
Every decision is saved for engineering, security, finance, and operations.
Agents should ship code.
Humans should keep the keys.
The Tunc.AI principle
AI governance

Agentic control you can trust,
because you can inspect it.

Tool access, approvals, permission mode, diffs, and history stay in the work surface. The control model is visible where the work happens.

Personas with policy

Give each AI a name and a role. Backend engineer, frontend specialist, code reviewer, QA. The persona shapes how it speaks, what it can do, and whose name shows up on the commit.

Lock a persona to a workspace or company. The right agent runs the right work with the right permissions.

  • AI gets a name and a role you assign
  • How it talks, and how it signs work
  • Different persona per workspace if you want
  • Live attribution on commits and PRs
Active persona
B
Backend Engineer
co-author · acme-bot <[email protected]>
Available roles
Backend Frontend Reviewer QA Architect
policy.persona = backend@acme

Give agents the right tools

Each workspace gets a clear tool policy: shell, git, file writes, browser, MCP servers, and your own integrations.

Lock down risky actions. Hide tools that should not be available. Agents only see what the workspace policy allows.

  • Allow, ask, or deny per tool
  • Different rules per workspace
  • Hidden tools are truly hidden
  • Block or allow specific commands
Workspace policy: acme/checkout
shell.exec · git.*allow
shell.exec · rm -rfdeny
file.writeask
browser.navigateallow
mcp.figma.exportask
external.push · proddeny

Always know which mode the agent is in

Four permission modes stay visible on the chat surface, so operators always know what the agent can do right now.

In Auto, low-risk work runs, risky actions ask, and blocked actions stay blocked. Bypass exists only when an operator explicitly chooses it.

  • Default: AI asks before it changes anything
  • Plan: AI proposes, doesn't touch
  • Auto: safe runs, risky asks, dangerous blocked
  • Bypass: only when you explicitly opt in
Current mode
Default
Plan
Auto
Bypass
Auto classification
file.read · webhook.tsauto-allow
file.write · webhook.tsask
shell · remove proddeny

Replay anything, anytime

Every chat, plan, tool call, and approval is logged against the workspace. When you need to know what happened, what ran, what was approved, and what was denied, it is all there.

Useful for debugging, security review, delivery review, and operational reporting.

  • Full chat and tool history
  • Approvals, denials, and asks
  • Agent runs, plans, and previews
  • Backed up to Core if you want
Activity: last 4 events
shell.exec · git diff
backend@acme · 0:14
file.write · webhook.ts (operator-approved)
backend@acme · 0:21
external.push · prod (policy)
backend@acme · 0:23
Where your stuff lives

Your stuff stays yours.

Your code, your keys, and your team's identity stay where they belong. Hub is just the app you use. Core is the backend that ties workspaces, credentials, and policies together. Both honor your existing security model.

In Hub, on your machine

  • AI runs in isolated workspaces, not on your laptop
  • All your chat history and tool runs, saved locally
  • Files, diffs, browser, and markdown previews
  • Reusable skills you can drop in
  • Project memory that survives restarts

In Tunc Core, behind the app

  • Google sign-in and team assignment
  • Workspace-scoped credentials in a vault
  • Personas, tool rules, and permission policies
  • Who-said-what attribution in chat
  • Auto-updates with signed releases
For enterprise

Run it inside your enterprise.

Tunc Core is self-hostable infrastructure. Run it in AWS, GCP, Azure, a private cloud, on-premises, or the smallest machine that fits your operating model. Your domain, sign-in, policies, and data perimeter stay under your control.

Same desktop experience, wired into your enterprise operating model.

  • Your brand on Hub and Core
  • Self-hosted anywhere you run infrastructure
  • Every chat, persona, and policy stays with you
  • Your identity provider, your domain
  • Custom retention and audit windows
  • Private release channels
Start enterprise deployment → Deployment intake
Download

Tunc Hub Free Evaluation

Please contact us to get your early preview account. Once access is approved, download the signed Mac evaluator build below.

Download free evaluation →
macOS · Apple Silicon · loading Windows · In testing Linux · planned
Early preview account required · Signed & notarized · macOS Apple Silicon