GARAGE · TRUST + SAFETY

What installing a third-party Drive actually does.

A Garage install is a contract — between you, the developer, and Merkava. This page is the operator-facing explanation of what each side commits to: how Drives are vetted before listing, how data flows, what happens when a Drive shuts down, what cancellation looks like, who handles support, and how regulated tenants are protected.

How a third-party Drive lists

Approval is staged, not auto. Every developer is vetted individually; every listing is reviewed before it goes live.

Developer applies

Founder name, company, GitHub, the Drive idea, and a link to the manifest URL. Pending applications sit in a moderated queue.

Merkava reviews the developer

Track record, scope distinctness from existing Drives, basic security posture, voice fit. We approve people, not pitches — bad fit is rejected.

Approved dev signs the agreement

Developer Agreement v1.0.0 — data isolation, support obligations, brand rules, sunset protocol. Re-signed at every version bump.

Drive listing is reviewed

Manifest must validate. Endpoints must respond. Pricing tier must be off-the-shelf. Compliance claims must be substantiated. Only then does the listing go live in the Garage.

Read the public Developer Agreement to see exactly what every approved Drive author has signed: /resources/developer-agreement.

Data isolation

Drives see one tenant + one venture, period

Every install gets a scoped token bound to exactly one tenant and one venture. The Drive can only read data within that scope — no cross-tenant queries, no cross-venture queries, no peeking at other Drives' data on the same install.

Drives don't read each other's data

Cross-Drive communication only happens through the platform event bus, and only for events the receiving Drive has explicitly listed in its manifest's events_consumed array. There is no "look at Prospector's data directly" path for a third-party Drive.

Drives don't read Merkava Core internals

Platform metadata — billing surfaces, RBAC tables, tenant identity — stays inside Merkava Core. Drives receive a scoped token that grants them work on their own surface, not access to the Merkava's substrate.

Each Drive's own security posture is its own

Merkava verifies a Drive's data flow at install. We do not stand behind a third-party Drive's encryption-at-rest, key handling, or vulnerability response — that's the developer's commitment in the Agreement. Drive listings declare their security posture in the manifest; if you're regulated, install Drives with the matching declarations and BAA on file.

Support model

Third-party Drive support routes to the developer, not to Merkava.

Every listing has a support_url and support_email in its manifest. Merkava surfaces both on the listing detail page; the developer answers tickets.
Merkava is the trust-and-safety backstop, not the front line. If a developer goes dark, ships a breaking change, or violates the Agreement, escalate to [email protected].
Billing disputes route to Merkava. We're the merchant of record on every Drive subscription. Stripe Connect transfers happen on our side; refund decisions follow our policy.

Cancellation

Cancel anytime from /settings/drives

Open Merkava, hit Settings → Drives, find the Drive, click Cancel. The subscription stays active until the end of the current billing period — no proration, no early-termination fee. The Drive remains usable until the period ends; after that, the install token is revoked and the Drive's data exports become available for download.

Trial periods are real

Drives that publish a trial period in their manifest get one full Stripe trial run per tenant. Cancel before the trial ends and you're not charged.

What happens when a Drive shuts down

The sunset protocol. If a Drive's developer disappears, retires the Drive, or is removed from the Garage for cause, the same sequence runs:

Operator notification in Merkava, plus an email if a sunset email address is on file. 30-day window for any operator action.
New installs blocked immediately. Existing installs continue working through the notice period.
Subscription cancellations at the next billing cycle. No new charges. Already-paid periods remain usable.
Data export window — Merkava preserves a snapshot of the Drive's last manifest, listing copy, and any Merkava-visible artifacts for 90 days post-sunset. Operators can download for their records.
Drive disappears from the Garage after the export window. Its slug is reserved (no future Drive may claim it).

Compliance + regulated tenants

The pre-connect gate

Tenants that have a regulated-data flag set (HIPAA / SOC2 / PCI / etc.) have install gates Merkava enforces. Drives that don't declare a matching compliance.frameworks entry in their manifest cannot be installed on a regulated tenant — Merkava blocks the install before any token is provisioned.

BAA-required Drives

A Drive that handles PHI declares compliance.baa_required: true in its manifest. Operators on a regulated tenant must have a current BAA on file with the developer (recorded in Redline's BAA registry) before the install proceeds.

Subprocessors live in the manifest

Each Drive's manifest links to a public subprocessors page (compliance.subprocessors_url). Updates to that list propagate as subprocessor.updated events to Merkava, so regulated operators see who their Drives are using over time.

Frequently asked questions

Does Merkava review every third-party Drive before it lists?

Yes. Every third-party developer is approved individually, and every Drive listing is reviewed before it goes live. Approval covers manifest correctness, scope distinctness from existing Drives, basic security posture, and developer track record.

Can a third-party Drive see other Drives' data?

No. Each install gets a scoped token bound to one tenant and one venture. The Drive only sees data for that scope. Drives cannot read each other's data, and they cannot read first-party Drive data unless explicitly federated through the event bus on a per-event-type basis.

Who handles support for a third-party Drive?

The developer. Every listing publishes a support_url and support_email; that is where issues route. Merkava does not field third-party support tickets but acts as a backstop for trust-and-safety escalations or developer-disappearance scenarios.

What happens if a Drive shuts down?

All active subscriptions are cancelled at the next billing cycle, operators are notified through Merkava, new installs are blocked, and a 90-day export window opens. The Drive's slug is reserved after sunset — no future Drive may claim it.

Can I cancel a Drive subscription anytime?

Yes. Cancel from /settings/drives in Merkava. Cancellation is effective at the end of the current billing cycle; no proration. The Drive remains usable until the period ends.

Do third-party Drives meet HIPAA / SOC2 requirements?

Only Drives that explicitly declare compliance frameworks in their manifest are gated for regulated tenants. If your tenant handles PHI under HIPAA, Merkava blocks installs of any Drive without a corresponding compliance declaration and BAA on file.

What if a Drive misbehaves?

Email [email protected]. Trust-and-safety escalations are reviewed within one business day. Confirmed violations of the Developer Agreement result in suspension or de-listing; the sunset protocol applies to existing installs.

Do my BYOK keys flow into third-party Drives?

No. BYOK keys (your OpenAI / Anthropic / Perplexity keys for platform-side inference) never leave Merkava Core. Third-party Drives bring their own provider relationships and bill them directly out of the listing price.