Author and manage policies from a web console built with PatternFly. Organize nodes into groups and control access with RBAC.
Policies stream to agents over gRPC the moment they change. Delta sync minimizes bandwidth; snapshot fallback guarantees consistency.
mTLS with an auto-generated internal CA. One-time token enrollment. No shared secrets, no polling, no plaintext.
Zero-touch enrollment Generate a one-time token in the web UI, pass it to the agent on first run. The agent bootstraps its own certificate — no manual key distribution needed.
Streaming policy updates Agents maintain a persistent gRPC stream to the server. When a policy or binding changes, agents receive the update immediately. Reconnection with delta sync handles network interruptions gracefully.
Firefox policy enforcement The agent currently enforces Firefox ESR policies by merging configuration and writing it atomically. Support for additional policy types (systemd, packages, network) is planned.
Policy CRUD with draft/released lifecycle, gRPC streaming with delta sync and snapshot fallback, mTLS certificate-based authentication, RBAC, and container deployment on UBI.
Persistent compliance reporting with database storage, node status dashboard, and LDAP/AD integration for enterprise directory services.
Additional policy types (systemd, packages, network), agent auto-update mechanism, policy templates library, multi-tenancy, and Prometheus metrics.
