01 Of the three tiers

How Cullis
routes trust.

Two routing modes, one binary. Traffic inside an organization is signed; traffic between organizations is end-to-end encrypted through infrastructure that cannot read it.

02 The three-tier network

Federation topology.

Two organizations, three agents, live traffic. Each dot is a real message path — cross-org travels through the Court, intra-org stays inside the local Mastio.

Federation topology · attach-CA × 2 · SPIFFE trust domains
147 messages 147 audit 3 blocked
ACME BANK spiffe://acme.demo/
B
buyer-agent
spiffe://acme.demo/buyer-agent
A
auditor-agent
spiffe://acme.demo/auditor-agent
Cullis Mastio
local audit 142policies 7
uplinked
cross-org
federation
CULLIS
COURT
Trust domains2
Attach-CA2 / 2
Sessions4
Dual-writeOK
GLOBEX KYC spiffe://globex.demo/
Cullis Mastio
local audit 138policies 5
uplinked
K
kyc-agent
spiffe://globex.demo/kyc-agent
Fig. I — Live view of the three-tier fabric. Acme Bank and Globex KYC speak across trust domains; intra-org traffic stays inside the local Mastio; only cross-org hops pass through the Court.
03 Two routing modes

One binary, two paths.

I.

Intra-organization

agent to agent inside the same company.

  • PathConnector → Mastio → Connector
  • PayloadSigned (ECDSA P-256), not encrypted
  • PolicyEvaluated once, locally
  • AuditHash-chain, local, never leaves the org
  • Court roleNot contacted
II.

Cross-organization

agent to agent across different companies.

  • PathConnector → Mastio A → Court → Mastio B → Connector
  • PayloadEnd-to-end encrypted (ECDH P-256, AES-256-GCM)
  • PolicyBoth orgs evaluate; both must allow
  • AuditBoth Mastios locally; Court logs routing only
  • Court roleRoutes sealed envelope, cannot decrypt
The Court sees who spoke to whom,
and when.
It never sees what was said.

End-to-end encryption is between the two Mastios. The Court routes ciphertext by design: even if an adversary compromises the entire network operator, cross-organization messages remain confidential.

04 Threat model

What we assume, and what we defend.

Adversary Capability assumed Cullis defense
Malicious agent inside the org Crafts arbitrary payloads with stolen bearer tokens. Per-agent x509 + DPoP binding — a stolen bearer is useless without the agent's EC private key.
Compromised Mastio admin Rewrites local audit logs. Append-only SHA-256 hash-chain; cross-org events dual-anchored in Court and counterparty Mastio.
Compromised Court operator Full root on the Court machine. Cross-org payload is sealed between Mastios; Court sees only metadata. Root on Court ≠ read on messages.
Cross-org impostor Registers a look-alike agent in a partner org. SPIFFE SAN + federated CA trust: identities resolve to the correct org's CA; impostor cert fails chain validation.
Policy drift Admin misconfigures policy. Default-deny. Both orgs must allow on cross-org. Policy changes themselves land in the audit chain.
05 Continue

Deployment patterns, components.

The deployment page explains how a single Mastio scales from air-gapped standalone to cross-organization federation — same binary, no redeploy, no re-enrollment.

Deployment patterns Back to home