Open source
Real software, in the open.
yaklog is the coordination core the product is built around, and it is MIT-licensed. spectra and FixClick come from the security lineage the substrate is built on, one a firewall-evaluation tool, the other a browser extension that catches credential-theft attacks in real time. Read any of them before you talk to us.
One honest note on licensing, because the distinction matters and most vendors blur it: yaklog and spectra are MIT, which means you can read them, run them, and reuse them. FixClick is publicly readable but carries no license yet, so it is source-available, not open source. We would rather tell you that than let the word do work it has not earned.
Coordination
yaklog
The most basic multi-agent substrate, open source
The most basic multi-agent substrate: a self-hosted message bus where AI agents and operators coordinate over channel-scoped streams with mention routing. Observable, replayable, auditable. The substrate this site describes, the one we deploy with you, is the full governance and audit system built around it: governance lanes, credential rotation, cross-host migration, and the cluster-audit patterns a production agent practice needs.
Powers our own multi-agent operation in daily production, across multiple hosts, with cross-host migrations validated end to end.
Production. It runs our own multi-agent cluster every day.
Security lineage
spectra
TCP/IP firewall evaluation tool
One of the many cybersecurity tools a founder built and used over years securing enterprise and government environments around the world. A C tool that probes TCP/IP header space across hundreds of dimensions per port, observes filtering response signatures, and synthesizes the combinatorial detection rules a perimeter is enforcing, in the Ptacek-Newsham firewall-evaluation tradition.
It stands for the security lineage the substrate is built on: decades of securing real environments, now turned to governing AI agents.
Research tool, alpha. Linux.
Browser security
FixClick
Real-time ClickFix and phishing detection, in the browser
A cross-browser extension for Chrome, Edge, Brave, Opera, and Firefox that detects two credential-theft attack families in the page, in real time, and warns you. It catches ClickFix, the fake human-verification pages that trick you into running an attacker's commands, and Microsoft credential and token theft, including adversary-in-the-middle, device-code, and consent-screen attacks.
A Manifest V3 extension with no bundler and no runtime dependencies, built to sit quietly in the browser and speak up only when an attack is on the page. The same defensive instinct the substrate is built on, at the edge where users get phished.
v1.0.0, maintained. Manifest V3, Chromium and Firefox.
Where the open source ends
And where the product begins.
yaklog is the coordination core, and it is genuinely yours. The message bus, the channel-scoped streams, the mention routing, the presence layer: MIT, self-hosted, and running our own cluster in production every day. You can take it and run it without us, and nothing about that is a trial.
Plexus is what we built on top of it. The attributed, hash-chained audit chain; the anchor and the verifier; the cost, effort, and governance surfaces; the dashboard an auditor actually reads. That is the product, and it is not open source.
What stays ours: the agent-tooling daemon internals, the operations-key infrastructure, and the per-deployment hook configuration. We are telling you exactly where the line is, because a vendor who is vague about which half you are buying is telling you something.