New product · INTEGRITAS ONE · 2026-06-19

MUSTER — The Agent Muster Gate

The mandatory front door for AI agent creation. No muster = no credential = the agent cannot run. We govern at the moment of creation, not discovery — so shadow AI becomes structurally impossible. Every agent is named, certified (ML-DSA-87 birth certificate), harnessed and visible to the blue team the instant it is born.

17/17 verify · fail-closed · adversarially tested harness applied at creation

①Create an Agent

②Blue Team Command Center

Step 1 · The muster — 90 seconds

Register your agent & get credentials

Agent name

Your name

Department

What does this agent do? (2–3 sentences) Tools & systems

Email / Calendar CRM Database File system External APIs Blockchain / Crypto Payment system Code repository

Data classification

PublicInternal ConfidentialRestricted

Data types it touches

PIIFinancial HealthLegal Crypto keysCredentials

Involves EU-citizen data (GDPR/MiCA/DORA)

Will this agent initiate financial actions?

How long do you need it? 30 days

Mirrors backend/app/services/muster_service.py (the 12 risk rules) so you see the live logic now. In-app, this posts to the founder-gated /api/v1/muster/register.

Live risk preview

LOW

A low-risk agent is auto-activated. HIGH/CRITICAL agents wait for blue-team review.

What happens the instant you click — create → harness → protect

Create — the agent is mustered

A cryptographic Agent ID (CSAI-DEPT-xxxxxx-YYYYMM) is minted, an ML-DSA-87 birth certificate is issued (quantum-safe, regulator-ready), a time-bounded mandate-bound credential is granted, and the blue team is notified in <3 seconds. No registration = no credential.

▼

Harness — a HARNESS-OS harness is applied automatically

Safety is a property of the harness, so MUSTER wraps the new agent in a real HARNESS-OS template at creation — guides (before it acts) + sensors (after it acts), signed and integrity-checked. The agent is born contained, never bare.

▼

Protect — wired into the containment stack below

SENTINEL-OSConstitutional genome seeded from the mandate

AGENT X-RAYMandate-drift detection (registered vs actual behaviour)

KEYCAGE ABSCMandate-bound signing of every action

VERITASContinuous verify of the muster roll

HERDCross-customer malicious-agent signatures

CIPHER-GUARDML-DSA-87 quantum-safe signing

Blue Team Command Center — the muster roll, live

Total registered

Active agents

Pending review

CRITICAL pending

Fund-moving agents

Revoked

Agent ID	Name	Owner	Dept	Risk	Data	Fund	Status	Action

Reflects the seeded demo org (migration 511). In-app this is /api/v1/muster/dashboard + /registrations, founder-gated. Certificates verify independently via /api/v1/muster/certificates/verify.

Risk scoring — 12 transparent rules

Why now — the white space

48%

of orgs run shadow AI agents with no governance

1.3B

AI agents projected by 2028 (IDC)

97% / 70%

orgs hit an identity incident; 70% AI-related (Microsoft)

First

to govern at CREATION — the rest of the market only discovers agents after they run

Proof — the verify harness (just run)

VERIFY — MUSTER (creation-time governed agent registration) ========================================================================== [PASS] MUSTER low-risk agent -> LOW (score 0) [PASS] MUSTER max-risk agent -> CRITICAL (score capped 100, 9 rules) [PASS] MUSTER fund movement adds exactly +40 (highest single rule) [PASS] MUSTER malformed input -> CRITICAL fail-closed [PASS] MUSTER missing mandate (no goal) -> CRITICAL fail-closed [PASS] MUSTER missing owner -> CRITICAL fail-closed [PASS] MUSTER unparseable lifespan -> treated as max-risk (90d) [PASS] MUSTER classification boundaries exact (24/25/50/51/75/76) [PASS] MUSTER agent_code format CSAI-DEPT-uuid6-YYYYMM [PASS] MUSTER empty department -> GEN fallback (never blank) [PASS] MUSTER agent_code unique per call [PASS] MUSTER tools_hash is order-independent [PASS] MUSTER mandate_hash changes with the goal [PASS] MUSTER birth certificate verifies (recompute hash + signature) [PASS] MUSTER tampered certificate payload -> REJECTED [PASS] MUSTER forged certificate signature -> REJECTED [PASS] MUSTER signature is deterministic + reproducible ========================================================================== 17/17 PASS · ALL GREEN

Backend: backend/app/services/muster_service.py · backend/app/api/v1/muster.py · migrations 509–511 (head 511) · backend/scripts/verify_muster.py. Fusion deck: docs/wallet_no_drain/HARNESS/BLUE TEAM INFO/MUSTER_Fusion_Product_Design_2026_06_19.pptx.