01 Two shapes, one binary

Start air-gapped.
Scale to federated.

Cullis runs in two deployment shapes. The same Mastio binary starts inside one organization with no external dependency, and later attaches to a Cullis Court to reach agents across partner companies. No redeploy. No agent re-enrollment. An admin action switches between the two modes.

02 The two shapes, compared

Same binary, two topologies.

Shape I

Standalone

Air-gapped, single organization.

ORG · A trust domain · fully local agent Alice agent Bob agent Carol Mastio CA · policy · audit · local AIR-GAPPED
  • Who talksAgents inside one organization only
  • PayloadSigned (ECDSA P-256)
  • AuditLocal hash-chain, never leaves the org
  • External depsNone
  • InternetNot required
Shape II

Federated

Cross-company trust network.

ORG · A ORG · B Alice Bob Mastio A uplinked to Court Dana Ed Mastio B uplinked to Court Court ciphertext ECDH-P256 · AES-256-GCM
  • Who talksAgents across different companies
  • PayloadEnd-to-end encrypted (ECDH + AES-256-GCM)
  • AuditLocal hash-chain + Court routing log
  • External depsReachable Court endpoint
  • InternetRequired for cross-org hops

The Mastio binary is the same in both shapes. What changes is a single admin action: attach-ca. When executed, the Mastio's CA is registered as a trust root on the Court, and cross-org traffic becomes possible. Until then, nothing leaves the organization — not the messages, not the audit log, not even the agent list.

03 The upgrade path

From standalone to federated, in four steps.

No new binary. No agent re-enrollment. The upgrade is a cryptographic handshake between your Mastio's CA and the Court operator.

  1. 01

    Court operator issues an invite

    A short-lived signed token containing the target org identifier and issuance metadata. Single-use, 24h TTL by default.

  2. 02

    Mastio admin presents the invite

    The admin runs cullis attach-ca --invite <token> from the Mastio CLI or dashboard. The Mastio exports its Org CA public key and sends it to the Court, signed with the invite.

  3. 03

    Court registers the CA as a trust root

    The Org CA public key lands in the Court's federation registry alongside the org identifier. Cross-org discovery opens up for agents carrying certificates signed by that CA.

  4. 04

    Uplink goes live

    The Mastio opens a persistent channel to the Court. Cross-org messages start flowing — end-to-end encrypted between Mastios, routed as ciphertext through the Court. Intra-org traffic is unchanged.

To go back to standalone, an admin runs cullis unlink-broker. The uplink closes, the Court removes the CA registration, and the Mastio reverts to standalone immediately. Active cross-org sessions drain gracefully; new ones are refused. Intra-org operations continue uninterrupted.

04 How you run it

Three installation patterns.

For developers

Docker Compose

git clone https://github.com/cullis-security/cullis
cd cullis
./deploy_demo.sh up

Boots the full stack — Court, two Mastios, two agents in two organizations — on your laptop in about a minute. Great for evaluation and integration development.

  • Time~1 minute
  • RequiresDocker + Compose v2
  • Best forlocal evaluation
For production

Kubernetes · Helm

helm repo add cullis https://cullis.io/charts
helm install mastio cullis/mastio \
  --set org.name=acme \
  --set ingress.host=mastio.acme.internal

Helm chart handles Org CA bootstrap, Vault KV v2 integration, Postgres for audit, OpenTelemetry wiring, and OIDC admin login. Standalone by default; attach-ca post-install.

  • Time~10 min first boot
  • RequiresK8s 1.28+ · Vault · Postgres
  • Best forproduction
For edge / lightweight

Single binary

curl -L https://cullis.io/get | sh
cullis-mastio init --standalone
cullis-mastio start

A statically-linked binary, SQLite for audit, filesystem KMS. Zero external dependencies. Ideal for edge deployments, air-gapped datacenters, or regulatory environments where every dependency is a compliance question.

  • Time< 30 seconds
  • RequiresLinux · nothing else
  • Best foredge, air-gapped
05 Continue

Components, in detail.

Read about the three components — the Connector on your laptop, the Mastio that governs your organization, the Court that federates trust across companies.

Components Architecture