v2026.3.18 Now Available
SecureYeoman — your AI guardian

Your AI. Your Rules. Your Infrastructure.

Self-hosted, enterprise-hardened, answerable only to you. Your data moves when you say so.

Enterprise Security Flexible Deployment Privacy-First
Get Started View on GitHub
~22,000 Tests
AGPL-3.0 License
485 MCP Tools
56 CLI Commands

13 providers supported. Zero secrets exposed.

Core Capabilities

Built for Security.
Designed for You.

Enterprise-grade. Hacker-proof. Actually fun to use.

Enterprise Security

  • RBAC + SSO/OIDC + SAML 2.0 + WebAuthn/FIDO2
  • Multi-tenancy with PostgreSQL RLS isolation
  • Five sandboxing modes + externalization gate
  • TEE-aware provider routing + attestation verification
  • DLP — PII classification, egress scanning, watermarking
  • Break-glass emergency access + SCIM 2.0 provisioning
  • Organizational Intent — hard boundaries & OPA policies
  • 7-layer application defense + global rate limiting

Audit & Compliance

  • Cryptographic integrity (HMAC-SHA256)
  • Streaming audit export — JSON-Lines, CSV, syslog RFC 5424
  • Departmental Risk Register & ATHI threat governance
  • Risk Assessment — composite 0–100 score across 5 domains
  • Immutable, tamper-evident logs + Prometheus metrics
  • Supply chain: SBOM (CycloneDX), SLSA L3, signed releases

Security Operations

  • 37 network evaluation tools
  • Twingate zero-trust tunnel (13 tools)
  • NVD / CVE vulnerability lookups
  • Kali toolkit (nmap, nuclei, sqlmap)

485 MCP Tools & Integrations

  • 38 platform integrations
  • 5 code forge adapters + artifact registries
  • 485 tools · 9 resources · 4 prompts
  • SSRF protection + encrypted creds

Multi-Agent & Workflows

  • A2A protocol (E2E encrypted)
  • Swarms + Teams + Council of AIs
  • DAG workflows — 19 step types
  • ReactFlow visual builder + L3 approval gates

Cognitive Memory & Knowledge

  • Hybrid FTS + vector (RRF)
  • Knowledge Base & RAG (PDF · HTML · Markdown · URL)
  • Inline citations & groundedness checking
  • Memory audits — compression, reorganization, coherence

Developer Experience

  • 56 CLI commands + full-screen TUI
  • Rich lifecycle hooks
  • Sandboxed code execution
  • Desktop control (consent-gated)

Flexible Deployment

  • Single binary + Docker + K8s Helm
  • Edge/IoT binary (Go, 7.2 MB) for constrained devices
  • Local / LAN / Public TLS modes
  • Multi-user workspaces + SSO
  • Voice I/O — 14 TTS + 10 STT providers, voice profiles, streaming
  • Fleet dashboard with node overview + GPU detection

Ecosystem & Skills

  • Portable .skill.json import / export
  • Marketplace + Community origins with unified schema
  • Skill routing quality — useWhen / successCriteria
  • Trust Tier install pipeline (sandboxed execution)
  • Companion apps: Shruti DAW, Rasa image editor, Tazama video editor, Mneme knowledge base

Train & Evaluate

  • Distillation (priority / curriculum / counterfactual)
  • LoRA fine-tuning + LLM-as-Judge auto-eval
  • Experiment registry & model versioning
  • A/B testing + conversation branching & replay
  • Conversation analytics (sentiment, entities)

Simulation Engine

  • Tick driver — realtime / accelerated / turn-based
  • Emotion & mood model (Russell's circumplex)
  • 3D spatial & proximity engine (6 trigger types)
  • Autoresearch: HP tuning, chaos escalation, CB autotuning
Use Cases

Built for Every Mission

From SOC automation to enterprise workflows, SecureYeoman deploys where security matters most.

Security Operations

Scan networks, detect anomalies, triage CVEs, and automate incident response — 37 network security tools built in.

Zero-Trust Access

Provision Twingate service accounts, rotate service keys, and proxy private MCP servers — no VPN required.

DevSecOps Pipelines

Review code, run tests, manage PRs across 5 code forges (Delta, GitHub, GitLab, Bitbucket, Gitea), enforce security policies, and automate your entire dev workflow.

Enterprise Automation

Orchestrate multi-agent DAG workflows across swarms of personalities — approvals, reports, escalations.

Threat Intelligence

Aggregate data across 38 platforms, enrich findings with NVD CVE lookups, and surface insights your team can act on.

Communications & Productivity

Manage email, schedule meetings, draft reports, and coordinate across platforms — fully automated.

Why SecureYeoman

Security by Design,
Not Afterthought

We checked so you don't have to.

The OpenClaw security crisis — 2026

13+ CVEs (20+ GHSAs) including CVSS 8.8 RCE. 1,184+ malicious marketplace skills (12% of all ClawHub listings). 42,000+ exposed instances (93.4% with auth bypass). Moltbook breach: 35K emails + 1.5M API tokens. Gartner enterprise ban. Microsoft published "Running OpenClaw Safely" guidance. Creator joined OpenAI (Feb 2026) — project in governance transition.

0 SecureYeoman CVEs
2026 Challengers — Same Claim, Different Problem

TrustClaw's "encrypted credentials" live on TrustClaw's servers. Your secrets still leave. Manus AI is now Meta's ad tool. One GDPR audit and it's over.

Feature
SecureYeoman
OpenClaw
NemoClaw
Ironclaw
PicoClaw
RBAC · SSO · SAML · WebAuthn
Full
Sandboxing
6 modes + Firecracker
Basic
OpenShell
TEE + WASM
Basic
Privacy Router
DLP + GPU
Gretel DP
Secrets / Vault
SecretsManager
TEE vault
MCP Tools
485
Limited
Inherits OC
Via path
CVEs (2026)
0
13+
Inherits OC
0
Pre-prod
DAG Workflows
19 step types
Integrations
38 platforms
23+
~2
11+
Training Pipeline
Full
Air-Gap / Offline
Full
Yes
Needs GPU
Cloud req
Yes
Deployment Tiers
4 tiers
1
1
1
1
Executive Briefing

The Business Case for
Sovereign AI

For leaders who want answers, not feature lists.

$4.88M Average data breach cost (IBM, 2024)
13+ CVEs Leading competitor — incl. CVSS 8.8 RCE
0 SecureYeoman CVEs — ever
37 Security tools — one platform, one vendor
CISO

Risk Quantification

Zero CVEs. Not because we're lucky — because we're paranoid.

0 CVEs on record HMAC-SHA256 audit chain 5 sandboxing modes
COO

Business Continuity

No cloud dependency means no cloud surprises. Your schedule, your uptime.

Self-hosted — zero platform dependency Your data never leaves Immutable tamper-evident logs
CFO / Legal

Compliance Pathway

Every compliance framework needs controls. We ship them, not slide decks.

RBAC + SSO/OIDC + SAML + WebAuthn + SCIM Exportable cryptographic audit chain Multi-tenancy + OPA policy enforcement
CTO

Operational Efficiency

One binary. 485 tools. Six fewer vendor contracts.

Single binary or Kubernetes Helm Replaces 6+ point tools 38 platform integrations built-in
CEO / Board

Strategic Advantage

Your competitors are patching. You're shipping.

Autonomous agent workflows at scale Governance-first architecture Sovereign AI — answerable only to you Deploy safely while competitors patch

Architectural Sovereignty & Agentic Governance

A technical white paper covering SecureYeoman's three security pillars, compliance readiness (GDPR, HIPAA, SOC 2, EU AI Act), and multi-agent governance model. Written for CISOs, Legal, and CTO review.

Read White Paper

Ready to brief your security committee?

Evaluate SecureYeoman White Paper Contact Us
Documentation

Get Started in Minutes

Four commands. That's it.

terminal 
# Install SecureYeoman (Linux/macOS)
$ curl -fsSL https://secureyeoman.ai/install | bash

# First-time setup
$ secureyeoman init

# Start the server
$ secureyeoman start

# Access the dashboard
$ open http://localhost:18789
terminal 
# Clone the repository
$ git clone https://github.com/MacCracken/secureyeoman.git
$ cd secureyeoman

# Install dependencies
$ npm install

# Configure environment
$ cp .env.example .env
# Edit .env with your API keys

# Start SecureYeoman
$ npm run dev
terminal 
# Pull and run (embedded PostgreSQL, all-in-one)
$ docker run -d --name secureyeoman \
    -p 18789:18789 \
    -e SECUREYEOMAN_ADMIN_PASSWORD=change-me-32chars \
    -v sy-data:/home/secureyeoman/.secureyeoman \
    ghcr.io/maccracken/secureyeoman:latest

# Access the dashboard
$ open http://localhost:18789

# View logs
$ docker logs -f secureyeoman
terminal 
# Add the Helm repo
$ helm repo add secureyeoman \
    https://maccracken.github.io/secureyeoman
$ helm repo update

# Quick deploy (EKS, GKE, AKS, k3s)
$ helm install secureyeoman secureyeoman/secureyeoman \
    --namespace secureyeoman --create-namespace \
    --set adminPassword=change-me-32chars

# Production — use a values file
$ helm install secureyeoman secureyeoman/secureyeoman \
    -f values-production.yaml \
    --namespace secureyeoman --create-namespace

# Verify
$ helm test secureyeoman -n secureyeoman
terminal 
# Prerequisites: Node.js 22 LTS+, npm or pnpm

# Clone and install
$ git clone https://github.com/MacCracken/secureyeoman.git
$ cd secureyeoman
$ npm install

# Configure (only admin password is required)
$ cp .env.example .env
# Edit .env — set SECUREYEOMAN_ADMIN_PASSWORD
# API keys can be added later via the dashboard

# Build and start
$ npm run build
$ npm start
Full Documentation API Reference Changelog