Your AI. Your Rules. Your Infrastructure.
Most AI assistants serve their platform. SecureYeoman serves you — self-hosted, enterprise-hardened, and answerable only to you.
Keep it local. Go hybrid. Connect any provider. Your data only moves when you say so.
Ships with the default Agent Personality F.R.I.D.A.Y. — Friendly, Reliable, Intelligent, Digitally Adaptable Yeoman.
Option A — Single binary (fastest):
curl -fsSL https://secureyeoman.ai/install | bash
secureyeoman initOption B — Docker (pre-built image):
docker pull ghcr.io/maccracken/secureyeoman:latestOption C — Docker Compose (build from source):
git clone https://github.com/MacCracken/secureyeoman.git
cd secureyeoman
cp .env.example .env # edit with your API key + security keys
docker compose up -dOption D — From source:
git clone https://github.com/MacCracken/secureyeoman.git
cd secureyeoman
cp .env.example .env
npm install && npm run devOption E — Edge/IoT binary (Go, 7.2 MB):
curl -fsSL https://secureyeoman.ai/install | bash -s -- --edge
secureyeoman-edge start --parent-url http://your-server:18789Then open http://localhost:18789 and complete the onboarding wizard.
See the Getting Started Guide for full setup including Kubernetes Helm deployment.
A sovereign AI agent platform that runs entirely on your infrastructure. Multi-model intelligence, enterprise-grade security, and a full training pipeline — without sending a single byte of data off-premises.
- Self-hosted, not SaaS — single binary, Docker, or Kubernetes. Your data stays on your machines.
- Governed by design — RBAC, audit trails, cryptographic integrity, sandboxed execution, OPA/CEL governance.
- Multi-agent orchestration — swarms, teams, DAG workflows, A2A protocol, and a 490-tool MCP server.
- Full ML lifecycle — distillation, LoRA fine-tuning, LLM-as-Judge evaluation, DPO, conversation analytics.
| Area | Highlights |
|---|---|
| Security | JWT/OIDC/SAML auth, RBAC, AES-256-GCM encryption, mTLS, sandboxing (Landlock/seccomp/V8 isolate/gVisor/WASM, 5 built-in profiles), prompt security, content guardrails, DLP (PII detection, classification, watermarking), secrets management (Vault/OpenBao), WebAuthn/FIDO2, break-glass emergency access, chaos engineering |
| AI Models | 13 providers (Anthropic, OpenAI, Gemini, Ollama, DeepSeek, Mistral, Grok + more), multi-account cost tracking, automatic fallback, local-first routing |
| Agents | Sub-agent delegation, swarms (3 strategies, 5 templates), teams, Council of AIs, A2A protocol, cross-instance federation, Agent Replay & Debugging |
| Workflows | DAG orchestration (23 step types), visual ReactFlow builder, human approval gates, 22 built-in templates |
| Training | Dataset export, distillation, LoRA fine-tuning, pre-training from scratch, LLM-as-Judge eval, DPO/RLHF, federated learning, conversation analytics, A/B experiments, autoresearch (HP tuning, chaos escalation, circuit breaker autotuning) |
| Dashboard | React + Vite + Tailwind (45 themes), mission control, real-time CRDT editing, conversation branching, canvas workspace, inline AI completion, fleet panel |
| Integrations | 38 platforms (Slack, Discord, GitHub, Gmail, Teams, WhatsApp + more), 5 code forge adapters (Delta, GitHub, GitLab, Bitbucket, Gitea), artifact registries (GHCR, GitLab, JFrog Artifactory), 22 CI/CD tools, security toolkits (Kali, network, Docker) |
| MCP | 490 tools, 9 resources, 4 prompts; streamable HTTP, SSE, and stdio transports |
| Enterprise | Multi-tenancy (PostgreSQL RLS), multi-region HA, DLP, supply chain security (SBOM, SLSA, signed releases), OpenTelemetry, Prometheus/Grafana, SCIM 2.0 provisioning, access review campaigns, per-tenant quotas, compliance SoA generator |
| Simulation | Tick-driven engine (realtime/accelerated/turn-based), emotion & mood model (Russell's circumplex), spatial & proximity engine (3D zones, proximity triggers), autoresearch experiment runner |
| Knowledge | Document ingestion (PDF, HTML, MD, URL, GitHub Wiki), RAG with hybrid FTS+vector search, cognitive memory (ACT-R, Hebbian learning) |
| Deployment | Single binary (~123 MB), Docker, Kubernetes Helm chart, Edge/IoT binary (Go, 7.2 MB); Linux x64/arm64, macOS arm64, Windows x64 |
See the Feature Reference for the complete breakdown.
SECUREYEOMAN_SIGNING_KEY="your-32-char-signing-key"
SECUREYEOMAN_TOKEN_SECRET="your-32-char-token-secret"
SECUREYEOMAN_ENCRYPTION_KEY="your-32-char-encryption-key"
SECUREYEOMAN_ADMIN_PASSWORD="your-32-char-admin-password"
ANTHROPIC_API_KEY="sk-ant-..." # or OPENAI_API_KEY, GOOGLE_GENERATIVE_AI_API_KEY, etc.See .env.example and the Configuration Reference for all options.
Dashboard — http://localhost:18789 for chat, tasks, security events, personality editor, and settings.
CLI (56 commands):
secureyeoman start # start the server
secureyeoman health # check server health
secureyeoman status --profile # server status + memory profiling
secureyeoman model switch anthropic claude-sonnet-4-6
secureyeoman tui # full-screen terminal dashboard
secureyeoman workflow list # manage DAG workflows
secureyeoman dlp scan report.pdf # DLP content scanning
secureyeoman audit reports --json # memory audit reports
secureyeoman knowledge ingest-url https://... # RAG document ingestion
secureyeoman chaos run <id> # chaos engineering
secureyeoman guardrail filters # guardrail pipeline
secureyeoman replay list # agent trace debugging
secureyeoman observe costs # observability & costs
secureyeoman skill list # marketplace skills
secureyeoman help # all 56 commandsMCP Integration — Connect to any MCP-compatible client (Claude Desktop, etc.):
{
"mcpServers": {
"secureyeoman": {
"command": "node",
"args": ["packages/mcp/dist/cli.js"],
"env": {
"MCP_TRANSPORT": "stdio",
"MCP_CORE_URL": "http://127.0.0.1:18789",
"SECUREYEOMAN_TOKEN_SECRET": "your-token-secret"
}
}
}
}Or connect via HTTP: http://localhost:3001/mcp (when running with --profile mcp).
Warning
Never use OAuth tokens, session cookies, or credentials from Claude.ai, ChatGPT, or any other AI provider's consumer product. Always use official API keys from developer consoles.
| Getting Started | Installation, configuration, first steps |
| CLI Reference | All 56 commands with examples |
| Configuration Reference | All YAML fields and environment variables |
| Feature Reference | Complete feature breakdown |
| REST API | REST API reference |
| WebSocket API | Real-time WebSocket protocol |
| OpenAPI Spec | OpenAPI 3.1 specification |
| Deployment | Binary, Docker, Kubernetes |
| Security Model | Threat model and security controls |
| White Paper | Architectural sovereignty & agentic governance |
| Architecture | System architecture overview |
| ADRs | 39 Architecture Decision Records |
| Roadmap | Development roadmap |
| Changelog | Release history |
Guides — See docs/guides/ for 68 topic guides including CLI Reference, AI Providers, Integrations, Knowledge & Memory, Workflows, Swarms, SSO/SAML, DLP, Federated Learning, Chaos Engineering, Multi-Region HA, Observability, Security Testing, and more.
See CONTRIBUTING.md for development setup, testing, code style, and contribution process.
| Channel | Use it for |
|---|---|
| GitHub Discussions | Questions, ideas, show-and-tell |
| Troubleshooting Guide | Common problems and fixes |
| GitHub Issues | Bug reports (include logs + OS/version) |
| security@secureyeoman.ai | Security vulnerabilities — do not open a public issue |
See SECURITY.md and CODE_OF_CONDUCT.md.
SecureYeoman uses a dual-license model:
- AGPL-3.0 — for open-source use, self-hosting, and contributors. Anyone offering the software as a hosted service to third parties must publish their modifications.
- Commercial license — for enterprises that cannot accept AGPL terms, or for SaaS providers who need to keep modifications private. See
LICENSE.commercial.
Enterprise features (Adaptive Learning, SSO/SAML, Multi-Tenancy, CI/CD, Advanced Observability) require a commercial license key. See docs/guides/enterprise/licensing.md for details.
SECUREYEOMAN — Your AI. Your Rules. Your Infrastructure.