Cryptographic identity, granular RBAC, tamper-evident audit, and AI agent integration.
Access is defined by role, bounded by team, and scoped to the org_slug workspace. No operator can reach across workspace boundaries.
- β’Role-based access control with 12 predefined roles (owner, admin, operator, viewer, auditor, support, and more).
- β’Workspace isolation via org_slug β each organisation is a separate cryptographic boundary.
- β’ACL policy with agent-level, tag-level, team-level, and time-window rules.
- β’Invite management with per-role permission sets and audit-visible onboarding.
- β’Approval gates for high-risk commands β decisions and actors written to audit immediately.
- β’SCIM provisioning for automated user lifecycle management from Okta, Azure AD, and other IdPs.
- β’OIDC federation for cross-organization delegation and external identity provider integration.
- β’WebAuthn / FIDO2 hardware key support for phishing-resistant privileged access authentication.
12 built-in roles
Owner, Admin, Operator, Viewer, Auditor, Support, Fleet Operator, Dev, Security Analyst, Compliance Officer, Read-only, and Guest. Each role maps to a precise permission set. Custom roles are on the enterprise roadmap.
Every agent is a cryptographic principal. There are no shared passwords and no credentials to rotate.
- β’ED25519 agent identity generated locally at install time β no shared passwords or centrally stored credentials.
- β’X25519 ECDH key exchange for every session β ephemeral session keys, never stored after disconnect.
- β’AES-256-GCM authenticated encryption on all terminal frames, command output, and file transfers.
- β’HKDF key derivation with explicit label tucdesk-session-v1 β protocol mismatch fails closed.
- β’Signed audit chain β every entry includes actor, action, timestamp, session context, and server signature.
Zero-trust transport
The relay node forwards ciphertext only. It cannot read session content, command output, or file transfers. Encryption is negotiated end-to-end between the operator key and the agent key.
Compliance evidence is generated automatically. No custom integration required to satisfy an auditor.
- β’SOC2-ready audit trail: actor, action, timestamp, policy decision, and server signature per entry.
- β’Signed asciinema session recordings with tenant-prefixed storage paths.
- β’Tamper-evident log chain β any modification to a historical entry breaks the signature.
- β’Exportable audit log for SIEM ingestion and external compliance review.
- β’RBAC audit role for read-only access to audit data without operational permissions.
Exportable for SIEM
Audit entries are structured for machine consumption. Export to your SIEM, forward to S3, or pull via the audit API. The signature chain travels with the export so external validators can verify integrity.
Give a technician access to a specific machine for a specific window of time, without ever handing over a credential.
- β’Support PIN system: generate a time-limited, SHA-256-hashed PIN scoped to specific agents or tags.
- β’Technicians redeem the PIN to open a session β no credential sharing, no standing access.
- β’Every Support PIN session is recorded and written to the audit chain under the originating team.
- β’PIN expiry and scope are operator-defined at issuance time.
AI agents get the same access model as human operators: MCP tools, ACL evaluation, approval gates, and full audit attribution.
- β’MCP server exposes controlled tools: list_agents, run_command, get_audit_log, connect_session, and more.
- β’AI operators act within the same ACL policy and approval gate system as human operators.
- β’Every AI-initiated action is attributed to the MCP session in the audit chain.
- β’OAuth with PKCE for MCP client authentication β no long-lived API keys in agent processes.
- β’TUC-C classifier reviews AI-generated commands before they reach an agent.
Enterprise deployments benefit from a curated MCP tool catalog and first-class integration with Warp terminal β the tooling your engineering teams already use.
MCP Marketplace
Browse, enable, and configure MCP tool integrations from inside the dashboard. Each tool inherits the same ACL evaluation and audit trail as built-in TucDesk tools. Enterprise teams can publish private tools to their organization catalog.
Warp Terminal Integration
TucDesk integrates natively with Warp terminal. Connect to any fleet agent directly from Warp, with session recording, approval gates, and audit attribution preserved. No separate auth flow β your existing TucDesk session credentials are used.
| Capability | TucDesk Enterprise |
|---|---|
| Identity model | ED25519 keypair per agent, no shared passwords |
| RBAC | 12 predefined roles, workspace-isolated |
| Audit | Signed chain, tamper-evident, exportable |
| Session recording | Signed asciinema, encrypted before S3 upload |
| AI agent access | MCP OAuth/PKCE, same ACL as human operators |
| Support access | Time-limited SHA-256 hashed PIN, scoped to agent/tag |
| Compliance | SOC2-ready audit trail, HIPAA suitable |
| Deployment | Self-hosted or TucDesk Cloud |
| SCIM provisioning | Okta, Azure AD, OneLogin compatible |
| WebAuthn / FIDO2 | YubiKey, Passkey support for privileged access |
| Desktop access | RDP/VNC via Guacamole β same zero-trust channel |
| MCP Marketplace | Curated tool catalog for AI agent integrations |
| Anomaly detection | Behavioural analysis and access pattern monitoring |
Usage-based and seat-based options available. Volume discounts for large fleets. Contact sales to discuss requirements.
Start a proof of concept this week.
Deploy TucDesk on your own infrastructure in under an hour. Our team provides a guided evaluation with custom SLA, compliance evidence packages, and dedicated Slack support.
SOC 2 in progress Β· HIPAA suitable Β· On-prem deployment available