Your AI. Your Secrets.
Your Control.
A security-first AI agent framework where humans approve every secret access. Zero-knowledge architecture means your AI never sees plaintext secrets.
Capabilities
Built for Security, Designed for Developers
Every layer is designed to keep secrets safe while letting AI agents do their work.
Isolated Secrets Agent
Secrets live in a separate Rust microservice with no network access. Unix socket only. Air-gapped by design.
Context-Aware Approvals
See exactly what your AI wants to do with a secret before granting access. Full context, no blind trust.
Zero-Knowledge Core
The AI core never sees plaintext secrets. Encrypted values are injected only after user approval, then wiped.
Typed Plugin System
Four plugin types (Tool, Channel, Provider, Memory) with capability-enforced WASM sandbox and marketplace security pipeline.
Hash-Chained Audits
Every action is recorded in a tamper-proof, Ed25519-signed, hash-chained audit log. Full accountability.
Semantic Memory
AES-256-GCM encrypted memory store with vector search. Categorized as Learning, Decision, Pattern, Solution, or Error.
Task Scheduler
Cron-based scheduled tasks for memory consolidation, cleanup, and custom jobs with execution logging.
11 Built-in Tools
Read, Write, Edit, Bash, Grep, Glob, HttpFetch, WebSearch, Diff, Patch, ListDir β everything an agent needs.
Architecture
Multi-Zone Security Architecture
Defense in depth with three isolated security zones.
How It Works
See It in Action
A tool requests a secret β the user approves on their phone β the agent continues.
{
"tool": "HttpFetch",
"arguments": {
"url": "https://api.example.com/data",
"method": "GET",
"headers": {
"Authorization": "Bearer {{secret:api_key}}"
}
}
} π± Secret Request
βββββββββββββββββββββββββ
Secret: api_key (API_KEY)
Tool: HttpFetch
Reason: GET https://api.example.com/data
Duration: One-time use
[Approve] [Deny] Enterprise-Grade Cryptography
Integrations
Manage Secrets From Your Chat
Bidirectional chat connectors let your team request, approve, and rotate secrets without leaving their favorite platform.
Slack
Slash commands with Block Kit responses, thread replies, and interactive approval workflows.
Channel PluginTelegram
Inline bot commands with HTML formatting, reply threading, and real-time notifications.
Channel PluginDiscord
Slash commands with rich embeds, ephemeral responses, and color-coded status indicators.
Channel PluginMobile App
Manage sessions, approve secret requests, and chat with your AI agent directly from your phone.
Mobile AppReady to Take Control?
Get started with UltraSushiTron in minutes.
git clone https://github.com/jaikoo/UltraSushiTron.git
cd UltraSushiTron
cargo build --release