Agent Trust Fabric

Zero-trust identity
& audit for
AI agents.

Start air-gapped inside your organization. Scale to cross-company federation — without redeploy. Per-agent cryptographic identity, tamper-evident hash-chain audit, end-to-end encrypted messaging.

Read the architecture Download Connector

Cryptography: ECC · P-256
License: FSL-1.1 / Apache-2.0
Stage: research preview

01 The premise

Three questions — who, what,
and what actually happened.

Artificial agents act on your behalf. They read, decide, move money, speak to systems owned by other companies. When something goes wrong — and it will — three questions matter. Who was it? Not the user who typed a prompt last week, the specific agent process, with a cryptographic proof. What were they allowed to do? Not by policy written in a PDF, by policy enforced at the boundary before the call landed. What did they actually do? Not what logs you can still find, an append-only chain that cannot be silently rewritten.

Cullis answers those three questions with three components that run entirely on your infrastructure: a connector at the edge, an authority inside your organization, and — when you need to reach agents in other companies — a court that routes between trust domains without reading the mail.

02 Three components

The fabric, named.

Three independent, deployable components. A single company runs two; a consortium adds the third.

Edge

Cullis Connector

A desktop application that admits any MCP client — Claude Desktop, Cursor, Cline — into the Cullis network. Runs on the end user's laptop.

Runs on: macOS · Windows · Linux
Owned by: the end user
Does: identity · MCP↔Cullis translation

Intra-org

Cullis Mastio

The authority that governs agents inside a single organization. Issues certificates, enforces policy, keeps a local hash-chain audit that never leaves the perimeter.

Runs on: your infrastructure
Owned by: your org admin
Does: CA · policy · audit · reverse-proxy

Cross-org

Cullis Court

Federates Mastios across different organizations. Routes sealed envelopes between companies — sees who and when, never sees what was said.

Runs on: network operator's infrastructure
Owned by: one company or a consortium
Does: registry · federation · ciphertext routing

03 Quickstart

A minute to federated.

Boot the full stack — Court, two Mastios, two agents across two organizations — route a single cross-org end-to-end encrypted message, tear it all down. About a minute on a laptop.

git clone https://github.com/cullis-security/cullis
cd cullis
python3 -m venv .venv
.venv/bin/pip install httpx cryptography
./deploy_demo.sh up
./deploy_demo.sh send

For single-user install — download the Cullis Connector from Releases and double-click. It will register with a Mastio you point it at and configure your MCP client automatically.

04 Continue

Architecture, deployment, components.

The rest lives on its own pages. Read about the two routing modes, the deployment shapes, and each component at length.

Architecture Deployment Components