We believe security comes from sound design, not obscurity. Explore our architecture, trust models, and design decisions in detail.
Agent-initiated connections, dual-channel design with gRPC for control and QUIC for data. No inbound firewall rules needed.
Local-authority trust model where the agent decides what to do. Capability manifests, signing, and approval flows.
How we prevent command conflicts and ensure safe concurrent operations across multiple administrators.
How agents establish trust with the collector. Hardware-bound certificates, open/restricted modes, and mTLS setup.
Complete list of 394 features across INFO and CONTROL categories, organized by product tier.
Protobuf message definitions, gRPC services, and QUIC data format specifications.
The core principles that guide every architectural decision in EyeLog.
Multiple independent layers of security. Compromise of one layer doesn't compromise the system. mTLS + Signing + Human Approval.
The agent is authoritative on the endpoint. Central infrastructure cannot override local admin decisions without consent.
Every capability must be explicitly enabled. No default-on behavior. If it's not in the manifest, it's not allowed.
Control plane separate from data plane. Each protocol optimized for its purpose. Clear boundaries between components.
System continues to function when components fail. Offline agents use cached capabilities. No single point of failure.
Every command, state change, and capability decision is logged. Full trace of who did what, when, and why.
Key concepts at a glance.
gRPC :11129 |
Control plane (bidirectional) |
QUIC :11129 |
Data plane (agent → collector) |
| READY | Idle, accepts commands |
| EXECUTING | Running a command |
| CONNECTING | Establishing connection |
| DRAINING | Graceful shutdown |
monitor |
Info + admin (local approval) |
monitor-managed |
Info + admin (remote managed) |
full |
All capabilities |
| Layer 1 | mTLS (transport) |
| Layer 2 | Manifest signing (content) |
| Layer 3 | Local admin approval (human) |