Open Source · Apache 2.0

Know Your Agents.
Stay in Control.

The open-source control plane for AI agents. Run Claude Code, Codex Agent, Gemini Agent, and more side by side — with a complete audit trail of every interaction. One governance layer for all your agents. Local-first.

Enterprise →View on GitHub

Early alpha. Features may be incomplete or unstable. AI agents generate content that may be inaccurate — always review outputs. Report issues

Live agent providers

  • Claude CodeAnthropic
  • Codex AgentOpenAI
  • Gemini AgentGoogle
  • GitHub Copilot AgentGitHub
  • OpenClawOpen source
  • Kimi Code AgentMoonshot
  • PiInflection

Every provider runs on your machine. Add your own — provider adapters are open source.

The oversight gap

Your AI Agents Are Ungoverned

Half of employees use unapproved AI tools at work[1]. 86% of organizations are blind to their AI data flows[2]. The EU AI Act takes full effect August 2026[3]. The governance gap is a liability.

Today's Reality

The Shadow AI Problem

  • -Employees paste sensitive data into AI tools IT doesn't know about
  • -No audit trail — no way to prove compliance to regulators
  • -Fragmented tools: separate products for security, governance, and orchestration
  • -Shadow AI breaches cost $4.63M average — $670K more than standard incidents[4]
With AgentMux

One Control Point

  • +Every AI interaction routes through a single, auditable control plane
  • +Complete audit trail: every prompt, response, tool call, and agent delegation
  • +Vendor-neutral — governs Claude, GPT, Gemini, and any AI agent
  • +Local-first: your data never leaves your infrastructure

Governance by Architecture

Other tools bolt governance on after the fact — scanning networks, blocking domains, discovering shadow AI after it's already leaked your data. AgentMux is the routing layer itself. Every AI interaction passes through it. If it doesn't go through the mux, it doesn't run. That's not a policy. That's an architecture.

1
Govern

Define which agents run, what tools they access, and what data they touch

2
Audit

Every interaction logged with full chain of custody — human to agent to outcome

3
Enforce

Policies enforced inline at the routing layer — not after the fact

Features

Everything your agents need.
Nothing they don't.

Multi-provider agent panes, interagent communication, regression detection, and a subagent watcher — built on a Rust backend light enough to run alongside 10+ agents on modest hardware.

Agent

Multi-Provider Agent Panes

Native pane type for Claude, Codex, Gemini, and more. Structured view of tool calls, reasoning steps, and file diffs. Not a terminal wrapper — a purpose-built agent UI with streaming parser, OAuth flow, and state machine. Vendor-neutral by design.

Observability

Agents Regress. You'll Know.

Every tool call streamed in real time. Visual diff overlay shows file changes as they happen. Regression detection highlights when an agent reverts correct work. One-click interrupt to redirect mid-task.

Governance

Immutable Audit Trail

Every interaction logged with tamper-evident integrity. Full chain: human request, agent action, sub-agent delegation, tool call, data access, outcome. Structured JSONL export for SIEM integration. The evidence regulators demand.

Read in docs →
Workflow

Interagent Reactive Comms

Panes talk to each other via Tokio channels. An agent's output streams into another pane's input. Build reactive pipelines — agent A triggers agent B. Visual connection indicators show active data flows.

Read in docs →
Governance

Subagent Watcher

Track every agent delegation chain. JSONL stream parsing surfaces every subagent's activity in a dedicated pane view. No autonomous chain goes unmonitored.

Agent

Memory bundles

Reusable agent personality + capability stacks. Each bundle defines provider, model, instructions, MCP servers, skills, and environment.

Agent

Reusable Identity bundles

Named credential sets — GitHub PAT, AWS profile, API keys — assigned per agent at launch. Swappable without restart; survives renames.

Read in docs →
Security

Data Sovereignty by Default

Your agents run on your machine. Zero telemetry, zero phone-home, zero cloud dependency. Air-gap ready — no internet connection required.

Read in docs →
Governance

Shadow AI Prevention

Architectural enforcement, not after-the-fact detection. When all AI agents route through AgentMux, unauthorized tools have no path to execute. Shadow AI isn't detected — it's structurally eliminated.

Read in docs →
Platform

Agent App API

An API agents call to drive AgentMux itself. From inside its pane, an agent can open new panes, rename tabs, build dashboards, and rearrange the workspace. Intent-based commands (agent.open, pane.open) plus a low-level RPC catalog over a typed local WebSocket.

Read in docs →
Observability

Live System Metrics

Real-time compliance monitoring and resource accountability. Dedicated sysinfo pane with CPU, memory, and network graphs.

Code Preview & Real PTY

Syntax-highlighted code preview pane. Authentic terminal emulation via xterm.js + portable-pty. Shell integration across bash, zsh, fish, pwsh.

Performance

Light Enough for Agent Workloads

150-350MB memory footprint. Pure Rust engine — zero GC pauses, no heap growth over time. Runs comfortably alongside 10+ agent processes.

Cross-Platform Desktop

Native builds for Windows, macOS, Linux. Code-signed and notarized on macOS. NSIS installer + portable ZIP on Windows. AppImage + .deb on Linux.

Security

Open Source · Auditable Code

Apache 2.0 licensed. No telemetry, no tracking, no phone-home. Audit every line. Verify the binary. Extend it for your compliance needs.

All features →

Use cases

Built for how you actually work

Whether you're running one agent or twenty, AgentMux gives you the visibility to stay in control.

01
Enterprise Governance

One control point for all AI agents

Every tool call, file write, and data access captured with full context. Chain of custody logging at every handoff. Immutable audit trail satisfies EU AI Act (Aug 2026), NIST AI RMF, and ISO/IEC 42001. Shadow AI eliminated by architecture.

02
Security & Compliance

Zero-trust AI agent oversight

See every tool call, file write, and network request an agent makes. Full interaction graph from human request through agent delegation chains to final outcome. SIEM-ready structured logs. The CISO's single pane of glass for AI risk.

03
Government & Defense

Classified-ready agent governance

Air-gapped operation with zero internet dependency. Local-first data sovereignty for FISMA, CMMC, and ITAR environments. ATO evidence generation from immutable audit logs. Every agent action attributable to an authenticated session.

04
Legal Teams

Research, deliberate, and verify

Assign agents to separate research tracks — case law, contracts, regulatory compliance. They verify each other's findings through interagent communication. Full audit trail for malpractice protection and regulatory evidence.

05
DevOps & Platform

Agent-driven infrastructure as code

One agent writes Terraform while another reviews for security and cost. Subagent watcher tracks deploy hierarchies. Sysinfo pane shows live metrics during agent-triggered deploys.

06
Financial Services

Auditable AI for regulated markets

Meet FINRA recordkeeping requirements for AI-enabled workflows. Full decision traceability for SOX compliance. Track which agent accessed what data, when, and why — the evidence auditors demand.

All use cases →

Why now

The regulatory clock is ticking

EU AI Act high-risk rules activate August 2026[1] with penalties up to €35M or 7% of global revenue[2]. Every AI interaction your employees make is a compliance event. The tooling gap between AI adoption and AI governance is a liability.

Shadow AI is an epidemic

Half of employees use unapproved AI tools at work[3]. 48% say they'd continue even if banned[4]. Enterprises average 223 sensitive data incidents per month through AI applications[5]. Shadow AI breaches cost $4.63M on average — $670K more than standard incidents[6]. 12% of practitioners report no visibility into what employees enter into AI systems[7]. You can't govern what you can't see.

Regulators are closing in

June 2026: Colorado AI Act[8]. August 2026: EU AI Act high-risk rules[1]. FINRA now scrutinizes AI agent reasoning chains. DoD mandates AI governance policy by mid-2026. HIPAA requires AI-specific risk assessments. 45+ US states have proposed AI bills. Organizations must prove complete AI inventories, immutable audit trails, and human oversight to auditors.

The governance market is fragmented

Every major AI security startup was acquired in 2025 — Robust Intelligence by Cisco ($400M)[9], Protect AI by Palo Alto ($500M+)[10], Lakera by Check Point ($300M)[11], CalypsoAI by F5 ($180M)[12]. Now enterprises face three separate product categories: runtime security, governance platforms, and agent orchestration. No single tool unifies them. AgentMux does — at the architectural level.

Subagents are invisible

Only 24.4% of organizations have visibility into agent-to-agent communication[13]. 25.5% of deployed agents can create and instruct other agents autonomously[14]. A single session might fork five subagents for different subtasks. AgentMux's subagent watcher auto-detects every spawned sub-agent — no autonomous chain goes unmonitored.

Your tools are slower than your agents

Electron-based tools eat 500MB+ of RAM per window. When you're running five agents, that's your entire machine. AgentMux uses 150-350MB of memory — a native Rust binary with no garbage collector, no runtime bloat, and no random freezes. It's the only tool that won't become the bottleneck.

Agents need to talk to each other

Running multiple agents in isolation creates duplicated work, merge conflicts, and cascading errors. AgentMux's interagent reactive communication lets agents share context, coordinate tasks, and respond to each other's output — all through the UI, with every handoff logged for audit.

AgentMux builds AgentMux

AgentMux was rapidly developed by AI agents running inside AgentMux itself. Multiple agents working in parallel on frontend, backend, and infrastructure - coordinated through the same interagent communication and Agent App API that ships to you. The ultimate proof the tool works: we ship with it every day.

Read the full story →

vs. the rest

Run any agent.
Govern everything.

Other tools govern their own ecosystem. AgentMux is the vendor-neutral control plane — governance at the routing layer, not bolted on after the fact.

ToolAgent CoveragePrice
AgentMuxAny providerFree
Perplexity Computer19 models (closed)$200-325/mo
Credo AIOverlayEnterprise
Cisco AI DefenseCisco ecosystemEnterprise
MS Agent 365Microsoft onlyEnterprise
CursorCursor onlyFrom $20/mo
GitHub CopilotCopilot onlyFree / $10/mo
Full comparison →Sources

Roadmap

What's Coming to AgentMux

AgentMux is building toward a complete agentic operating system: persistent agent configs, multi-agent coordination, and remote access from anywhere.

Shipped

Identity & Memory bundles

Shipped

Compose every agent at launch.

Two first-class concepts: Identity (named credential sets — GitHub PAT, AWS profile, API keys) and Memory (personality + capability stacks — provider, model, instructions, MCP, skills). Selectable at launch from a single picker. Swappable without restart.

  • Identity bundles: per-provider credential mapping survives renames
  • Memory bundles: reuse Soul + Instructions + MCP + skills across instances
  • Launch-modal pickers with spawn-time env injection
  • v7 schema with agent_instance foreign keys

Shipped

Swarm

Shipped

Coordinate and observe fleets of agents.

Multi-agent orchestration with full delegation traceability. The Swarm pane shows every active and completed sub-agent across your workspace, with event counts, models, and last-activity timestamps. Click any sub-agent to open a focused activity-stream pane.

  • Overview tab: active + completed sub-agents with provider and model
  • History tab: past sessions with token usage, working dir, git branch
  • Search tab: full-text search across all agent sessions
  • Click-through to dedicated Subagent pane per agent

In Progress

Audited dispatch — reducer stack

In Progress

Every state mutation, exactly one place to look.

A 4-layer reducer model — launcher / host / sidecar / frontend slices — with structured event logs at each layer. Bug reports become 'find the last dispatch for this block_id' instead of 'did anyone call setUrl mid-load?' Browser pane is the in-flight migration target (slice #9).

  • Layer 1 launcher: durable JSONL event log for OS-level facts
  • Layer 3 sidecar: workspaces, tabs, blocks, layouts, agents, identity
  • Layer 4 frontend slices: per-pane Solid signals via reducer modules
  • In flight: browser-pane slice #9 (closed/loading/error/title cells)

Planned

Claw

Planned

Enterprise agent management, from anywhere.

A self-hosted remote access gateway connecting 25+ messaging channels directly to your AgentMux agents. Enterprise-grade identity, centralized management, and compliance reporting across your entire agent fleet.

  • Enterprise SSO: SAML, OIDC, and PIV/CAC card authentication
  • SOC 2 Type II and FedRAMP readiness pathway
  • Centralized fleet management with policy inheritance
  • 25+ messaging platforms as agent input channels (Slack, Teams, and more)

Follow development on GitHub

Get AgentMux

Free and open source.
Windows, macOS, Linux.

Apache 2.0. Zero telemetry. Runs entirely on your machine.

Early alpha. Your OS or app store may show a security warning — the binaries are not yet code-signed. This is expected and will be resolved in a future release.

v0.42.0

Windows (Microsoft Store)Windows Portable

Or build from source on GitHub

Enterprise & Government

Need governance, compliance reporting, or air-gapped deployment? Let's talk about your requirements.

Learn about enterprise →