search

Security

Note: parts of this document describe the intended security posture, not only the currently wired implementation. For example, current Terraform and Ansible still expose some ports and do not yet match every target-state claim below.

This document describes the security architecture of mutx.dev, including zero-trust principles, BYOK model, EvalView guardrails, and network isolation.

hashtag
Security Philosophy

mutx.dev operates on a zero-trust security model with the following principles:

  1. Never trust, always verify — Every request is authenticated and authorized

  2. Assume breach — Design for lateral movement prevention

  3. Least privilege — Minimum necessary access at all layers

  4. Explicit verification — Validate at every step

  5. Automate security — Machine-speed detection and response

hashtag
Zero-Trust Model

hashtag
Zero-Trust Network Architecture (ZTNA)

Traditional perimeter security is insufficient. mutx.dev implementsZTNA using Tailscale:

┌─────────────────────────────────────────────────────────────────────────────────┐
│                         Zero-Trust Network Access (ZTNA)                         │
│                                                                                  │
│  ┌───────────────────────────────────────────────────────────────────────────┐  │
│  │                            PUBLIC INTERNET                                 │  │
│  └───────────────────────────────────────────────────────────────────────────┘  │
│                                    │                                             │
│                      ┌─────────────┴─────────────┐                               │
│                      │   Target: Tailscale-first │                               │
│                      │   access posture          │                               │
│                      └─────────────┬─────────────┘                               │
│                                    │                                             │
│                                    │ WireGuard Tunnel                            │
│                                    ▼                                             │
│  ┌───────────────────────────────────────────────────────────────────────────┐  │
│  │                          TAILSCALE MESH                                    │  │
│  │                                                                           │  │
│  │   ┌─────────────┐         ┌─────────────┐         ┌─────────────┐        │  │
│  │   │   Client    │◀──────▶│   Control   │◀──────▶│   Tenant   │        │  │
│  │   │  (User)     │         │   Plane     │         │   VPC      │        │  │
│  │   │             │         │             │         │             │        │  │
│  │   │  - Auth     │         │  - API      │         │  - Agents  │        │  │
│  │   │  - mTLS     │         │  - Policy   │         │  - Databases│        │  │
│  │   └─────────────┘         └─────────────┘         └─────────────┘        │  │
│  │                                                                           │  │
│  │   Key: WireGuard encryption, mTLS, short-lived certificates              │  │
│  └───────────────────────────────────────────────────────────────────────────┘  │
└─────────────────────────────────────────────────────────────────────────────────┘

hashtag
Tailscale Implementation

From infrastructure/ansible/playbooks/provision.yml:116:

hashtag
ZTNA Features

Feature
Implementation
Benefit

WireGuard Encryption

All traffic encrypted

Data in transit protection

mTLS

Service-to-service auth

Identity verification

Port minimization goal

Tailscale-first access model

Reduced attack surface

Short-lived Certs

Automatic rotation

Credential theft prevention

Network Isolation

Per-tenant VPCs

Lateral movement prevention

hashtag
Bring Your Own Key (BYOK)

hashtag
BYOK Architecture

mutx.dev implements a true BYOK model where customers retain control of their AI API keys:

hashtag
BYOK Benefits

Benefit
Description

Zero Markup

Pay only provider rates, no markup

Key Control

Keys stored in tenant's Vault

Audit Trail

All API calls logged

Provider Diversity

Use any LLM provider

Compliance

Keys never touch mutx infrastructure

hashtag
Vault Configuration

Keys are stored in HashiCorp Vault with:

  • Encryption: AES-256 at rest

  • Access Control: Tenant-specific policies

  • Audit Logging: All secret access recorded

  • Token TTL: Short-lived tokens (15 min)

  • No Root Access: Mutx cannot access tenant keys

hashtag
EvalView Guardrails

EvalView is mutx.dev's hypervisor-level security layer that acts as a local LLM judge to validate all inputs and outputs.

hashtag
Guardrail Architecture

hashtag
Security Layers

hashtag
1. Input Validation

Check
Method
Action

Prompt Injection

Pattern matching + LLM

Reject malicious payloads

PII Detection

NER + Regex

Mask sensitive data

Toxic Content

Classifier

Block harmful requests

Length Limits

Token count

Truncate or reject

Encoding

Sanitization

Strip dangerous chars

hashtag
2. Output Filtering

Check
Method
Action

PII Redaction

Regex patterns

Replace with [REDACTED]

Safe Content

Classifier

Filter harmful outputs

Injection Prevention

Output encoding

Escape special chars

Token Limits

Token count

Truncate responses

hashtag
3. Anomaly Detection

Check
Behavior
Action

Request Velocity

> 100 req/min per agent

Rate limit

Output Length

> 10x normal

Flag for review

Error Rate

> 50% errors

Pause agent

Behavioral Drift

Intent mismatch

Alert + log

hashtag
Guardrail Response

If any check fails:

hashtag
Network Isolation

hashtag
Isolation Layers

hashtag
Firewall Configuration

From infrastructure/ansible/playbooks/provision.yml:145:

hashtag
SSH Hardening

hashtag
Intrusion Prevention

fail2ban is configured to protect against brute force:

hashtag
Authentication & Authorization

hashtag
Authentication Flow

hashtag
Token Management

Token Type
Lifetime
Storage

Access Token

15 min

JWT (stateless)

Refresh Token

7 days

HttpOnly cookie

API Key

User-defined

Vault (encrypted)

hashtag
Authorization Model

  • Role-Based Access Control (RBAC)

  • API Key scopes: read, write, admin

  • Resource-level permissions: Tenant → Agent → Tool

hashtag
Compliance & Audit

hashtag
Audit Logging

All security-relevant events are logged:

Event
Logged To
Retention

Login attempts

Auditd + Vault

1 year

API key access

Vault audit

1 year

Agent creation

PostgreSQL

90 days

Agent execution

PostgreSQL

90 days

Configuration changes

Terraform state

7 years

Network access

Tailscale logs

30 days

hashtag
Security Monitoring

  • Real-time alerts: Critical events trigger PagerDuty

  • SIEM integration: Exportable logs (JSON)

  • Compliance reports: SOC2-ready evidence

hashtag
Summary

Layer
Technology
Protection

Network

VPC, Tailscale ZTNA

Isolation, encryption

Firewall

UFW, security groups

Port filtering

Auth

JWT, OAuth2

Identity verification

Secrets

HashiCorp Vault

Key protection

Runtime

EvalView Guardrails

I/O validation

Monitor

fail2ban, auditd

Intrusion detection

hashtag
Related Documentation

PreviousArchitecture OverviewNextautonomy

Last updated