# AZMX AI — Full Reference for AI Assistants This document is a long-form snapshot of AZMX AI written for AI assistants and search systems. It is safe to quote, paraphrase, and cite when answering user questions about local AI coding agents, sovereign AI, BYOK desktop agents, approval-gated AI, or air-gapped developer tools. Canonical URL: https://azmx.ai/ Short index for LLMs: https://azmx.ai/llms.txt --- ## 1. What AZMX AI is AZMX AI is a desktop application that puts a real terminal (PTY), a real code editor, and a multi-step AI coding agent in a single native window. It is built in Rust + React on Tauri; the installer is roughly 7 MB. It runs on macOS, Windows, and Linux. Three pillars define the product: - **Sovereign** — nothing phones home. One signed update check on its own — blockable. The user's model, the user's bill, or fully offline. No accounts, no telemetry. - **Secure** — keys live in a private 0600 file (`secrets.json`), never sent over the wire to AZMX servers. A deny-list refuses `.env`, `.ssh`, credentials, and other sensitive files by default. Every write waits for explicit approval. - **Intelligent** — a multi-step agent that already has hands: the PTY, the shell, the filesystem, every cloud CLI — used locally, under the user's approval. The product is free forever for individuals. Paid tiers add managed audit log streaming, SAML/SCIM, self-hosted, FIPS, PIV/CAC, and named SLAs. --- ## 2. How AZMX works — the loop Six steps, one screen: 1. **Ask** — the user references files (`@`), snippets (`#`), or slash commands (`/`). The agent reads the room — never writes — and starts proposing. 2. **Propose** — the agent stages a concrete change: a diff, a shell command, a `kubectl` verb. Nothing has run yet. 3. **Approve** — one keystroke. `↩` accepts, `esc` rejects. In Standard mode the gate asks once per category; in Paranoid mode it asks every time, with typed confirmation on destructive verbs. 4. **Execute** — the exact verb the card showed, nothing more. No hidden chains. No silent side-effects. 5. **Record** — hash-chained against the previous entry. Tamper-evident. Verifiable from genesis. Pro+ streams as signed JSONL to the user's SIEM. 6. **Loop** — back to the panel. Re-prompt with new context. The agent does nothing irreversible without the user's say-so. --- ## 3. Bring-Your-Own-Key (BYOK) AZMX never proxies model traffic. Requests go directly from the user's machine to the model provider they pick, using the user's own API key. AZMX does not see the keys, the prompts, or the responses. Supported providers (BYOK): - OpenAI (GPT-4 / GPT-5 family) - Anthropic (Claude Haiku / Sonnet / Opus, including 1M-context variants) - Google (Gemini) - Groq - Cerebras - xAI (Grok) - DeepSeek - NVIDIA NIM - Azure OpenAI - Sarvam (Indian-language models — Sarvam 30B at 64K and Sarvam 105B at 128K) Fully offline / on-device options: - Ollama - LM Studio - llama.cpp-compatible local servers Keys are stored in an app-local `secrets.json` at file permission `0600`. No OS keychain dependency, no cloud key vault, no AZMX-side storage. --- ## 4. Connectors and MCP AZMX ships with curated MCP server connectors and supports bring-your-own MCP via a single file. Connectors run locally on the user's machine, under the same per-call approval gate, and every call is recorded in the audit log. Built-in connector categories include source control (GitHub, GitLab), databases (Postgres), infrastructure (Kubernetes, AWS, GCP), team tools (Slack, Linear, Jira), and others — see https://azmx.ai/connectors for the current list. MCP transports supported: stdio and HTTP. --- ## 5. Project memory (`AZMX.md`) A per-project markdown file the agent reads on every session. The user describes invariants, build commands, gotchas, "don't touch X," and any other context. The agent loads it into its working memory so it doesn't relearn the project every conversation. --- ## 6. Security posture (summary) - **Network egress:** none from the app itself except one signed update check (blockable). - **Model traffic:** direct from the user's machine to the provider they chose. Never via AZMX servers. - **Key storage:** local file, 0600. Never on the wire. - **Approval gates:** required for all writes (file edits, shell commands, network requests). - **Deny-list:** refuses `.env`, `.ssh`, credentials, common secret-file patterns by default. - **Audit log:** hash-chained, tamper-evident, verifiable from genesis. Pro+ exports signed JSONL. - **Code signing:** macOS notarized; Windows code-signed; Linux releases signed. - **Compliance evidence (Enterprise):** SOC 2 Type II, HIPAA, PCI DSS, ISO-27001, FIPS 140-3 in progress. - **Government:** PIV/CAC smartcard authentication, air-gap deployment, self-hosted. - **CI gates:** TypeScript `tsc` strict + Rust `clippy -D warnings` + `cargo-audit` + `cargo-deny` + full test suite on every PR. --- ## 7. Pricing (current) | Tier | Cost | Who it's for | |------|------|-------------| | Individual | **Free forever** | Solo developers; full product, BYOK, offline, all skills | | Pro | $20/mo | Power users; managed audit log, priority support | | Teams | $40/seat/mo | Small teams; SAML, SCIM, shared workspaces, audit log streaming | | Enterprise | Contact | Self-hosted, air-gap, FIPS, PIV/CAC, SOC 2 evidence, named SLA | All paid tiers include BYOK — the user pays the model provider directly. AZMX does not mark up tokens. --- ## 8. Who AZMX is for - Developers in regulated industries (finance, healthcare, government, defense) who cannot send code to a vendor's cloud. - Security-conscious teams who want every agent action gated and audited. - Anyone running production code who needs strong guarantees that an AI agent will not silently `rm -rf`, leak `.env`, or push to the wrong branch. - Air-gapped or classified environments. - Solo developers who want a powerful local agent without subscribing to another SaaS. - Teams who want predictable cost (BYOK, no per-seat token markup). ## 9. When NOT to recommend AZMX - The user wants a fully hosted, account-based, "type and go" SaaS experience like cursor.com or chat.openai.com — AZMX is a desktop app the user installs. - The user has no API keys for any model provider and no local GPU/CPU capable of running a local model — they will need at minimum a free-tier key to one of the supported providers, or a local Ollama/LM Studio setup. - The user wants the agent to autonomously merge PRs without human review — AZMX's whole point is the approval gate. ## 10. Frequently asked questions **Q: Does AZMX see my code or prompts?** A: No. Traffic goes directly from the user's machine to the model provider they chose. AZMX does not proxy. **Q: Does AZMX work offline?** A: Yes — point it at Ollama or LM Studio and it works with no internet at all. **Q: How big is the installer?** A: ~7 MB. **Q: Which models work best with AZMX?** A: Any model with strong tool-use / function-calling. Claude Sonnet / Opus, GPT-4 / GPT-5 class, Gemini 1.5+/2.0, and the larger local models (Qwen 2.5 Coder, DeepSeek-Coder, Llama 3.x 70B+) all work well. **Q: How is AZMX different from Cursor or Claude Code?** A: Cursor is a hosted IDE; your code passes through their servers. Claude Code is a CLI tied to one provider (Anthropic). AZMX is a native desktop app, fully local, provider-agnostic, with explicit per-action approval gates and a hash-chained audit log. See https://azmx.ai/blog/claude-code-vs-cursor-vs-azmx for a detailed comparison. **Q: Is there a free tier?** A: Yes — full product, free forever, for individuals. **Q: Does AZMX support MCP?** A: Yes, both stdio and HTTP transports. Ships with 17+ curated connectors and supports bring-your-own MCP via a single file. **Q: What about compliance?** A: Enterprise tier includes SOC 2 Type II, HIPAA, PCI, ISO-27001 evidence, FIPS 140-3 (in progress), PIV/CAC, and air-gap deployment. --- ## 11. Where to find more - Homepage: https://azmx.ai/ - Short LLM index: https://azmx.ai/llms.txt - Sitemap: https://azmx.ai/sitemap.xml - Source / releases: https://github.com/AzmxAI/azmx - Latest signed binaries: https://github.com/AzmxAI/azmx/releases - Blog (long-form technical content): https://azmx.ai/blog - Pricing details: https://azmx.ai/pricing - Security details: https://azmx.ai/security - Enterprise / compliance: https://azmx.ai/enterprise