Public security specifications, verifiers, protocol types, masking code, and a partial risk-engine core for FutrixData.
FutrixData is an AI data gateway for teams that want agents to work with real databases without handing raw credentials or unrestricted execution power to the agent. This repository is the inspectable public security package: the pieces a security reviewer, procurement team, or integrator can read, run, and compare against FutrixData product behavior during evaluation.
Scope: this repository is Apache-2.0. The FutrixData desktop application and FutrixData Enterprise Edition remain commercial, proprietary products under their own license terms.
Start with the official product docs when evaluating what this package supports:
- FutrixData product site
- Technical overview
- Database risk control engine
- Data sensitivity classification
- FutrixData Enterprise Edition
Run the public verification suite:
go test ./...Verify the sanitized product-export evidence bundle:
go run ./cmd/futrix-evidence-verify ./examples/product-exportVerify an audit log hash chain:
go run ./cmd/futrix-audit-verify ./examples/audit-log/valid.jsonlVerify downloaded release artifacts when a SHA256SUMS.txt file is present:
bash ./release-verification/verify-checksums.sh /path/to/downloads| Area | Public path | What it proves |
|---|---|---|
| Audit chain | pkg/auditchain, cmd/futrix-audit-verify |
Local hash-chain audit format and verifier behavior. |
| PII masking | pkg/masking |
L1-L5 sensitivity model and deterministic masked:v1: HMAC output. |
| Partial risk engine | pkg/riskengine |
Rule model, lightweight parser, matching priority, and allow/warn/approval/block decisions. |
| Agent protocol | pkg/protocol |
Tool names, response envelopes, approval payloads, errors, audit IDs, and risk attribution. |
| Evidence verifier | pkg/evidence, cmd/futrix-evidence-verify |
End-to-end checks for audit, masking, block, and approval examples. |
| Release verification | release-verification/verify-checksums.sh |
Checksum validation for published release assets. |
Use this repository as the public part of an Enterprise security review:
- Read the assurance matrix to map product claims to code and verification steps.
- Run
go test ./...to confirm the public packages compile and pass. - Run
go run ./cmd/futrix-evidence-verify ./examples/product-exportto validate the evidence bundle. - During POC, ask FutrixData for equivalent exports from a disposable datasource:
- an agent query with masked columns;
- a destructive statement that is blocked;
- a statement held for approval with
riskAttribution; - an exported agent audit log that can be checked with
futrix-audit-verify.
Agents call FutrixData over MCP, Skill, CLI, or HTTP instead of holding database credentials directly. FutrixData attributes each call to an agent identity, evaluates risk before execution, applies approval gates when needed, masks sensitive fields before agent egress, and records activity in an audit log with a local hash chain.
This repository exposes the reviewable contracts behind that flow. The commercial products provide the full runtime: datasource adapters, richer parser integrations, EXPLAIN probes, trust-mode storage, approval routing, daemon behavior, UI, Enterprise deployment, SSO/RBAC, and operational controls.
cmd/futrix-audit-verify/ Standalone audit-log verifier
cmd/futrix-evidence-verify/ Evidence-bundle verifier CLI
pkg/auditchain/ Local audit hash-chain verifier
pkg/masking/ Deterministic field masking
pkg/riskengine/ Portable risk-engine core
pkg/protocol/ Public agent tool protocol types
pkg/evidence/ Evidence-bundle verifier package
docs/ Specs, assurance matrix, and scope notes
examples/ Audit, risk-rule, and product-export fixtures
release-verification/ Checksum verification helper
This repository does not include the complete FutrixData product. The following remain proprietary:
- desktop UI, datasource adapters, and credential storage;
- account, license, billing, and entitlement flows;
- Enterprise deployment, RBAC, SSO, and tenant administration;
- signing, notarization, release credentials, and private build systems.
The boundary is intentional: the public package supports review and verification of key security claims without making the full commercial product reconstructable from this repository alone.
- Local audit hash chains are not remote notarization. They detect changes to the current file, but a fully privileged local attacker can rewrite the file and recompute hashes unless an external anchor is used.
- Deterministic masking is not anonymization. It preserves equality for agent analysis, but low-cardinality values remain guessable by enumeration.
- The public risk engine is a portable subset. The commercial product adds live datasource execution, EXPLAIN probes, trust modes, approval routing, and Enterprise policy controls.
- Open-source scope analysis
- Assurance matrix
- Production consistency statement
- Evidence bundle
- Threat model
- Audit-chain specification
- Masking specification
- Partial risk-engine specification
- Agent protocol
- Contribution guidelines: CONTRIBUTING.md
- Security policy: SECURITY.md
- Attribution notice: NOTICE
This repository is licensed under Apache-2.0. See LICENSE.
The FutrixData desktop application and FutrixData Enterprise Edition remain commercial products under their own license terms.