Security

How AxiNode stays secure

Zero-credential by design: outbound-only agents, signed command envelopes, least-privilege execution, and unified auditability.

Zero credentials

No SSH/RDP secrets stored. Trust is bound to agent identity + signed envelopes.

Outbound-only

Agents open mTLS out; no inbound ports, VPNs, or bastions. Nonce + TTL prevent replay.

Signed envelopes

Commands carry policy, target binding, TTL, nonce; agents verify before execution.

Least privilege agents

Sandboxed execution, minimal capabilities, health/heartbeat tracked for posture.

Unified audit

Append-only logs with correlation IDs link user → tenant → agent → command → output.

Command envelope

{
  "commandId": "cmd-01h9p...",
  "tenantId": "tnt_acme",
  "target": { "serverGroup": "iis-prod" },
  "payload": { "type": "RestartService", "serviceName": "W3SVC" },
  "ttlSeconds": 300,
  "nonce": "9f6c8d...",
  "policy": "AllowRestart",
  "signature": "base64(ed25519)"
}

Validated at agent: signature → nonce/TTL → target binding → policy.

Agent posture

{
  "agentId": "agt_win_01",
  "status": "healthy",
  "version": "0.9.3",
  "metrics": { "cpu": 0.32, "memoryMb": 5800, "latencyMs": 14 },
  "lastCommandId": "cmd-01h9p...",
  "certExpiresAt": "2026-01-01T00:00:00Z"
}

Outbound mTLS; least-privilege + sandboxed execution.

Audit & telemetry

Append-only audit with correlation IDs; telemetry via gRPC. Both align UI/CLI/API for forensics without exposing credentials.

Related docs