Citadel Enterprise CMS
Mission impact
With Citadel, your organization retains sovereign control of its content and the authority to publish it, sustains trustworthy AI-assisted content operations without ceding human judgment, and keeps mission communication resilient under adverse conditions — because the accountable editors, not the tooling, remain in command of the platform.
For mission-driven organizations, content is infrastructure — and the authority to publish it, govern it, and defend it must remain with the organization rather than with the tools it happens to use.
Citadel is the Wilkes & Liberty enterprise content management platform: the management and governance plane for mission-critical content. It provides a sovereign, structured content system with governed editorial workflow, multilingual operations, and configuration-as-code across environments, and it extends that same governance to AI-agent content operations — agent-ready without being agent-trusting, with scoped and revocable agent credentials, PII redaction, tamper-evident audit, and publish authority reserved for accountable humans by role design. Citadel supports flexible delivery — decoupled and headless, traditional coupled, or hybrid — so your organization adopts the delivery model the mission requires rather than one the platform imposes.
The same credential model governs every connected front end, not just agents. Each delivery client is issued its own API client with a single scope and a single job: the client that renders public pages can read published content and nothing else, and reading unpublished work requires a separate client with a separate scope. Permissions attach to the scope rather than to the account behind the credential, so a machine identity cannot inherit privilege from the user it was created with — and revoking a client is one action rather than an audit. A bug in a public page cannot expose embargoed content, because the credential rendering that page holds nothing that can read it.
Key capabilities
Advanced content modeling and workflow management
Advanced content modeling and workflow management
Secure headless architecture for maximum flexibility
Secure headless architecture for maximum flexibility
Enterprise media management and multilingual support
Enterprise media management and multilingual support
Robust search and personalization features
Robust search and personalization features
Expert development and customization
Expert development and customization
Scoped, least-privilege credentials for every delivery client
Citadel issues each connected front end its own API client with a single scope and a single job. The client that renders public pages can read published content and nothing else; reading unpublished work requires a separate client with a separate scope. Permissions attach to the scope rather than to the account behind the credential, so a machine identity cannot inherit privilege from the user it was created with, and revoking a client is one action rather than an audit.
Mission benefit: A bug in a public page cannot expose embargoed content, because the credential rendering that page holds nothing that can read it.