Cloud sign-in & Pro
Everything in Covenant works offline with no account. The cloud tier is entirely opt-in and is the only part of the app that ever talks to a network — it lets you sync across devices and publish evidence to the shared Dosanjh Labs graph.
Signing in
- Click Cloud in the tab bar.
- Click Sign in with DosanjhLabs. Authentication loads only at that moment — until you click, no sign-in script and no network call happen.
- Once signed in, the panel shows your account and tenant; your vendor-ledger summary begins syncing automatically.
- Sync now pushes immediately; Sign out reverts to fully local-first.
What syncs (and what cannot)
Sync pushes only the PHI-safe vendor-ledger summary: for each vendor, its name, domain, tier, score, grade, PHI flag, BAA state, open-finding count, and assessment %. There is deliberately no getter for free-text BAA notes or uploaded document contents, so sensitive detail physically cannot reach the cloud store. The server derives your tenant from your verified session — the client never sends a tenant id.
Publishing evidence
From a vendor's coverage card, Publish to evidence graph emits the canonical evidence object (vendor-risk facts + control/framework refs, no PHI) into the shared graph, where Sightline (control coverage) and Bastion (CMMC) can consume it. You must be signed in.
Pro / Team / MSP entitlements
The cloud tier gates certain features behind your plan via entitlements:
| Entitlement | Feature |
|---|---|
cloud_sync | Sync vendor risk + BAA flags across your devices. |
full_questionnaires | Unlock the full SIG / CAIQ questionnaire library. |
continuous_scan | Hosted external-posture scans (the seam is wired; the hosted runner is deferred). |
msp | MSP multi-client console — manage many client tenants under one login. |
See Pricing & billing for which plan includes what.