Trust Center

Built for Governed Enterprises

AgentMux is the open-source AI agent control plane with architectural governance. Every interaction audited. Every agent accountable. Your data stays on your infrastructure.

Security Architecture

AgentMux sits at the interaction layer — the routing point through which all AI agent requests and responses transit. Governance isn't bolted on. It's the architecture.

Trust Boundary Model
Human Operator (authenticated session)
AgentMux Control Plane
Policy enforcement · Audit logging · Identity binding
Claude Code
Codex Agent
Gemini Agent
Tools · Files · APIs · Data

Zero Telemetry

No data sent to AgentMux servers. No analytics. No phone-home. Verify in the source code.

Local-Only Data Path

All agent interactions stay on your machine. No cloud relay. No third-party data processors.

Memory-Safe Backend

100% Rust — no buffer overflows, no use-after-free, no GC pauses. Compile-time memory safety.

IPC Security

Tokio async channels for inter-pane communication. No network exposure. Process-level isolation.

Detailed posture in the docs: Trust model, Network exposure, Data sovereignty.

Compliance Framework Coverage

Building toward comprehensive coverage across the frameworks that matter most to regulated enterprises and government agencies.

AlignedNIST AI RMF

Govern, Map, Measure, Manage — all four functions addressed

ReadyEU AI Act

Audit trails, risk classification, human oversight, transparency

RoadmapISO/IEC 42001

AI management system certification pathway

RoadmapSOC 2 Type II

Trust service criteria audit in progress

PlannedFedRAMP

Local-first architecture provides inherent data residency

PlannedFIPS 140-3

Cryptographic module validation for government use

Audit Trail

Every AI interaction produces a complete, tamper-evident record. The evidence regulators and auditors demand.

What's Logged

  • Every prompt and response
  • Every tool call and its result
  • Every agent-to-agent delegation
  • Every file read, write, and modification
  • Every sub-agent spawn and termination
  • Session identity and timestamps

Log Characteristics

  • Structured JSONL format — machine-parseable
  • Append-only with integrity verification
  • SIEM-ready export (Splunk, Datadog, Sentinel)
  • Full decision chain: human to agent to outcome
  • Configurable retention policies
  • Decision replayability: same input, same output

What stays local vs. what leaves the machine: Data sovereignty.

Supply Chain Security

Open source means trust through transparency. Audit every line. Verify the build. No black boxes.

Open Source

Live

Apache 2.0. Full source available. Community-verified. No proprietary dependencies.

100% Rust

Live

Memory-safe language with compile-time guarantees. No runtime vulnerabilities from GC or unsafe memory access.

Dependency Auditing

Live

cargo-audit integration for continuous vulnerability scanning of the dependency tree.

Code Signing

Roadmap

Signed binaries for Windows and macOS. Verifiable provenance for every release.

Reproducible Builds

Roadmap

Deterministic build pipeline so anyone can verify the binary matches the source.

SBOM Generation

Roadmap

Software Bill of Materials for every release. Full dependency transparency.

Update + tool-download model in the docs: Update model.

Deployment Models

From individual developer workstations to classified environments. Deploy AgentMux where your security requirements demand.

Desktop

Standard installation on employee workstations. Every interaction logged locally with structured export.

  • Windows, macOS, Linux
  • Per-user agent configs
  • Local audit trail
  • Zero network dependency

Enterprise Managed

IT-deployed with centralized policy presets. Agents launch with pre-approved configurations only.

  • Group policy / MDM deployment
  • Locked-down agent configs
  • Centralized audit collection
  • RBAC enforcement

Air-Gapped

Fully offline operation for classified and restricted environments. No internet connection required.

  • Zero internet dependency
  • Offline installer package
  • Local-only data path
  • FISMA / CMMC ready

Posture per deployment topology: Trust model.

Identity & Access

Enterprise-grade identity management for AI agents and their operators. Coming in Phase 3 (Claw).

RBAC

Roadmap

Role-based agent permissions. Control which agents each team member can launch, which tools agents can access, and what data they can touch.

Enterprise SSO

Roadmap

SAML and OIDC integration for single sign-on. Every agent session tied to an authenticated enterprise identity.

PIV/CAC Support

Roadmap

Smart card authentication for government and defense environments. Hardware-backed identity verification.

Session Attribution

Roadmap

Every agent action attributable to an authenticated user session. Full chain of custody from human to outcome.

Today's credential model: Identity & credential storage.

Ready to govern your AI agents?

Whether you're preparing for EU AI Act compliance, building FedRAMP-ready infrastructure, or eliminating shadow AI in your organization — we'd like to help.

Contact Enterprise SalesEvaluate on GitHub