Entangle
Trust model

Federated by construction.

Entangle makes the security model visible in the runtime itself. Each role has its own identity, the graph decides who may talk to whom, and messages are signed all the way down.

Report an issue Read the architecture

The model

Four properties, derived from the architecture.

These properties come from the architecture itself. Entangle uses federation, graph policy, and signed events as the foundation for runtime security.

Identity is per role

Host Authority signs control. Runners sign hello/heartbeat/observation. User nodes sign tasks/replies/approvals. Node runtime identity signs A2A. No actor can speak for another.

Edges are the auth model

Typed edges decide who can delegate, review, or hand off. Effective routes are validated before a runner emits a task.handoff. Authority is graph-shaped.

Secrets stay at the boundary

Model and git credentials resolve at the Host into effective runtime context. Secrets reach runners as mounted files. URLs and runtime files stay free of raw token material.

The wire is the audit log

Signed Nostr events on dedicated rumor kinds are the operational record. Approval lifecycle, source mutations, restart generations, and recovery findings all flow through the same observable surface.

Posture today

Runtime boundaries.

  • Host-owned graph, runner, assignment, package, principal, projection, and event boundaries.
  • Optional ENTANGLE_HOST_OPERATOR_TOKEN boundary with bearer-token propagation through Host client, CLI, and Studio.
  • Host-managed external principals for backend identities (e.g. git).
  • Runtime isolation between runner processes and node workspaces.
  • NIP-59 wrapped Nostr events for A2A coordination, with verified relay delivery.
  • Audit-style host events for protected mutations and runtime trace events.

Federation

Signed distributed operation.

  • Stable User Node identity for signed tasks, replies, approvals, and review actions.
  • Host Authority key for graph revisions, runner trust, and assignments.
  • Signed control and observation lanes with verification and dedupe.
  • Runner registry with trust, revoke, heartbeat, and stale-state semantics.
  • Projection store built from signed observations instead of implicit filesystem trust.

Capabilities

Operational security depth.

  • Role-aware operator identity and policy-backed permissions.
  • Multi-tenant graph, runner, and resource boundaries.
  • Audit retention and SIEM-ready event export.
  • Compliance workflows for teams that need formal evidence.
  • Security review, vulnerability handling, and responsible disclosure.

Reporting

If you find a vulnerability.

Email security@entangle.run with reproduction steps, affected commits, and any relevant runtime evidence (events, traces, signed messages). Please give reasonable time to investigate before public disclosure. Valid reports are acknowledged and credited.

See platform capabilities

Run a federated AI organization.

Boot Entangle, open Studio, and watch distributed agents, users, runners, signed messages, approvals, and git-backed artifacts move through one governed graph.

Boot the runtime See how it works