Cloud AI wants your data. Self-hosted AI without hardening leaves your box wide open. Mistro was built by running it in production on real infrastructure, fixing real incidents, and auditing everything afterward. Security isn't a feature — it's the foundation.
Unless you explicitly send it. No telemetry. No background sync to a vendor. If you pull the internet cable, the engine keeps running.
Every secret — API keys, tokens, credentials — in an AES-encrypted vault. File permissions default to 0600. Umask 0027. No world-readable surfaces.
Every sub-agent runs through a 3-gate relevance + directive + actionability check before content from external sources can influence it. Not theoretical; built after incidents.
nftables firewall, fail2ban, SSH key-only, no password auth anywhere. Scoped conntrack. Dual-WAN failover with health-checked routing.
memory-verify + security-verify run before any work begins. Vault permissions, env file modes, SSH key modes, hook integrity — all checked, all gated.
15 incidents, 8 layers of mitigations, audit re-run after every major change. Every finding lives in a versioned document you can read.
No binaries you have to trust. No phoning home. Every automation is a shell script or Python module you can read, fork, or rewrite.
Daily rotation on your hardware. Optional off-site copy to a destination you choose. Out-of-rotation snapshots before risky changes. You hold the keys.