AZMX AI
GitHub ↗ Download

AZMX AI · Research

How sovereign AI actually works.

Long-form posts on the architectural choices behind AZMX — per-call approval as a structural property, hash-chained audit logs, customer-rooted license issuance, BYOK economics, and the design of an agent that asks before it acts.

Read the blog GitHub
12+Engineering posts
PublicArchitecture docs
OpenSource-available patterns

Architecture

Posts on how AZMX is built.

Architecture

Per-call approval as a structural property

Most agents have an "ask first" flag. AZMX requires a positive ack on every write or shell call by structure. Why that matters for prompt-injection resistance.

Read → Architecture

Hash-chained audit logs in 200 lines of Rust

Tamper-evident logging without a queue, a database, or a third-party service. The chain math, the file format, the SIEM-export shape.

Read → Architecture

Why the trust floor doesn't change between tiers

Free, Pro, Teams, Enterprise — the trust property is invariant. The wrapper around the fleet changes. The architectural reason.

Read → Architecture

Customer-rooted license issuance

Your fleet's Ed25519 keypair signs licenses. AZMX cannot revoke or impersonate. The threat model, the key-rotation story, the air-gap operation.

Read →

Security

Posts on the trust property.

Security

The secret-path screen — what the agent can never read

Pattern-matched OS-layer refusal of .env, .ssh, credentials, vault.yaml. Why we picked patterns over regex, and how custom patterns are deployed on Pro+.

 Security

DLP secret-egress on outbound prompts

Teams+ scans every outbound prompt for high-confidence secret patterns. False-positive rate, performance budget, override workflow, audit trail.

 Security

Provider allowlist as a fleet pin

Centrally limit which AI providers the agent can construct a client for. The org-policy file format, MDM deployment, the fail-safe behavior.

Economics

Posts on the BYOK shape.

Economics

BYOK is the only honest model

The vendor incentive problem with usage-billed AI tools. Why pricing AZMX as a fixed license aligns our interests with yours.

Read → Economics

The 75% reduction nobody talks about

Per-seat coding tools blend their inference cost into the seat fee. We unblend it. The math on a 50-engineer team.

Read → Economics

What the next decade of developer-productivity billing looks like

Provider-direct, local-first, capex-shaped. We sketch the curve.

Read →

Subscribe to the engineering log.

Posts go up on the blog. Major architectural shifts also publish to the GitHub releases page.

Read the blog Watch on GitHub