Syndu identifies the consuming workspace when possible and otherwise falls back to the current requester network. That network evidence helps route quota, but it does not by itself prove that the whole company owns the account. These quota rules keep shared cyber-and-fraud context governed instead of ambiguous.
Direct web access now has two modes. By default it remains requester-network-governed and falls back through `org_key`, anonymous requester organization, and requester IP. When an account provisions explicit IPs, one subnet, larger CIDR ranges, or a web access credential, those reads meter to the account-bound direct pool first and stop counting inside the shared requester-network quota.
Directories, map tiles, chart endpoints, meta endpoints, and internal smart-panel fanout are non-billable. Syndu bills the canonical report shell, not the page internals. Signed-in direct reads, provisioned IPs, subnets, and authenticated web access credentials all share the same account-bound direct pool when that finer control is turned on.
The Risk API meters score requests by account workspace and API key. It does not inherit network ownership from the direct web surface, and the free `rate` plus `report` writeback endpoints do not consume score quota.
The MCP surface meters authenticated investigation calls by account workspace and credential. Memory policy, memory lookup, and writeback into workspace memory or the hive mind do not consume that investigative quota. Private memory stays workspace-bound until the account explicitly turns on hive-mind sharing.
The customer still makes one business decision: how much Syndu capacity to buy. Syndu then exposes that decision through web, API, and MCP entitlements under the same workspace, while keeping direct web access flexible enough to stay requester-network-governed or move into a stricter account-bound identity posture.
Syndu turns outside-in network behavior into shared cyber-and-fraud context, then preserves decisions in memory for humans, applications, and agents. This manual is the public map of that platform: the evidence graph, the Risk API, the MCP server, and the governance layer that ties them together.
Syndu exposes a dimensional risk surface across network entities and geography: ip address, subnet, ISP, ASN, organization, city, region, and country. That same dimensional graph powers the Risk API, MCP tools, and the memory loop that preserves the resulting decisions.
Syndu is an external context layer for monitoring, hygiene review, agent workflows, and decision support. It complements SoC and SIEM processes rather than replacing them, while sharing the same evidence and memory model used elsewhere on the platform.
Syndu is also a decision surface for fraud, payments, merchant-risk, and trust workflows. The same outside-in evidence graph, Risk API, and governed memory loop help teams score, review, and preserve conclusions around risky identifiers.
The platform supports three access surfaces at scale: direct report access for large-scale browser or agent consumption, the Risk API for application-native scoring, and the MCP server for collaborative agent workflows.
Syndu is one platform with three access surfaces: direct access for report-shell consumption, API access for application-side scoring, and MCP access for agent collaboration. They sit under the same workspace, quota, and subscription control plane, but differ in delivery contract.
Registration unlocks the workspace control plane, plan selection, credential provisioning, and the subscription flow across web, API, and MCP access.
