Why SolarNorth exists.
Every operator of a production system eventually makes the same observation. SolarNorth names what that observation is, and builds the instrument that addresses it.
Every operator of a production system eventually makes the same observation. Logic that runs but no one understands. Scope that drifts from specification. Documentation that described a system that no longer exists. These are not separate problems. They are the same failure mode expressed at different time scales. The category that would address both has not existed because each symptom was being treated as someone else's responsibility.
SolarNorth names the category. The instrument is continuous visibility. The commitment is read-only architecture. The deliverable is a system you can defend. Nothing about this is novel in the narrow sense, every piece has existed somewhere in the enterprise software landscape, but the combination, built as a single discipline with a single reference, has not. That is the company's argument.
Sunlight, publicity, and production software.
In 1913, Louis Brandeis published Other People's Money, a series of essays arguing that the financial abuses of his era persisted because they were invisible. The famous line, sunlight is the best disinfectant, was a principle of institutional governance. Invisibility enables corruption. Visibility forces accountability. Brandeis was writing about trusts and banks. The principle is more general than his application of it.
A production software system is an institution. It has accumulated decisions, unstated assumptions, abandoned commitments, and invisible dependencies. The corruption it accumulates is not malicious, it is entropic. It persists for the same reason Brandeis identified a century ago: because no one can see it. SolarNorth is built on the premise that continuous visibility is not a feature. It is the prerequisite to every downstream discipline.
Four commitments.
Read-only is architectural.
It is not a feature. It is not configurable. It is the foundation every other decision is built on.
Single-tenant is structural.
Observation data never crosses customer boundaries. This is a trust commitment, not an upsell.
Continuous is a discipline.
Periodic scanning is not the same category of activity. We do not offer a cheaper periodic tier because it would not be the same product.
Dual-readable by design.
Every page on this site has a structured equivalent at mcp.solarnorth.work, generated from the same content modules that produce the rendered version. Agents query the structured surface; humans read the prose; neither is downstream of the other. The architecture is visible, parseable, and verifiable on request.
The people behind the instrument.
Marisol Vance
Two decades operating production systems at scale across financial services and healthcare. Founded SolarNorth on the conviction that visibility, not intervention, is the prerequisite to defensible operations.
Paul Hartwell
Built monitoring infrastructure for two regulated platforms before joining as founding engineer. Designed the architecture that makes Plumbline write-incapable at the IAM level.
Helena Ngo
Former CISO at a Tier-1 financial institution. Advises SolarNorth on regulator-facing artifact design and procurement-review posture.
Pre-launch. Names listed for a forthcoming public reveal. Photographs supplied at launch.
What we commit to in writing.
- SOC 2 Type II
- In progress · target 2026.
- Data handling
- Plumbline observes; does not retain customer source code. Drift artifacts retained only for active engagement plus declared audit-retention window.
- Write access
- Structurally none · verifiable on request.
- Incident response
- Published SLA for customer-impacting events · audit-transparent.
- Subprocessor disclosure
- Full list published and maintained.