Products

xFrontier

Open-source, local-first multi-agent orchestration on a zero-trust runtime, with brain-inspired cortical-columns memory.

xFrontier is the open-source multi-agent orchestration platform in the Lattix suite. It runs locally by default — from a laptop to hardened Docker to Kubernetes, air-gap capable — with enforcement wired into the runtime rather than bolted on. It is released under the GNU Affero General Public License v3.0-or-later, so you can inspect, self-host, and extend the entire stack.

Source: github.com/LATTIX-IO/lattix-xfrontier

Two capabilities set xFrontier apart: a brain-inspired cortical-columns memory and a zero-trust runtime where every agent action is sandboxed, scoped, and provable.

Zero-trust runtime

Enforcement in xFrontier is a runtime guarantee, not advice. Every agent runs inside a boundary you define and can prove after the fact.

  • Three-tier hybrid sandbox. Agent code executes inside the strongest isolation auto-detected for the host: kernel-level bubblewrap/seccomp on Linux and seatbelt on macOS (no Docker required, ~1ms startup), hardened Docker with full capability drop and read-only rootfs, or gVisor/Kata via a Kubernetes RuntimeClass.
  • Capability tokens. Every agent invocation carries a signed Biscuit capability token encoding its allowed tools and tool-call budget, verified before execution and attenuable on handoff.
  • Policy gates. Open Policy Agent decisions gate tool calls and route access; a Presidio-backed DLP pipeline masks PII with sanitized error responses.
  • Signed event log. Every event is written to a cryptographically signed, hash-chained log that supports full replay, and the skills registry is signed and provenance-checked so only vetted capabilities reach the runtime.

Cortical-columns memory

Memory in xFrontier is modeled on the brain's cortical columns — many small, uniform memory units that each capture context and consolidate into a shared world-model, rather than a single vector store bolted onto a prompt. It is tiered and scope-aware.

  • Short-term working memory. A Redis session cache with an optional write-ahead log.
  • Long-term memory. PostgreSQL with pgvector for semantic recall.
  • Knowledge graph. A Neo4j world-graph projecting topics, relationships, and evidence links so agents reason over structured knowledge, not nearest-neighbor text alone.

A consolidation pipeline summarizes raw events into durable knowledge and suppresses duplicates, while hybrid retrieval blends column, long-term, and graph context under explicit ranking and token budgets. Every memory is bound to a scope — run, session, user, tenant, agent, workflow, or global — and authorization is enforced on recall, so an agent never retrieves memory it is not entitled to.

Architecture

xFrontier is organized as four cooperating layers, carried by a single codebase from a local dev machine to a production cluster without re-platforming:

  1. Orchestration. LangGraph with PostgreSQL checkpointing, so multi-agent workflows are durable and resume from the last committed step rather than restarting.
  2. Guardrails. A layer built on the Microsoft Agent Framework intercepts prompt rendering, function invocation, and outputs — applying DLP and policy gates inline.
  3. Agent execution. Role-based agents hand off work through signed agent-to-agent (A2A) envelopes with replay protection, invoking tools through the Model Context Protocol under per-agent allowlists and budgets.
  4. Infrastructure. HashiCorp Vault for secrets, Open Policy Agent for policy, Envoy as the egress boundary, NATS for messaging, Biscuit for capability tokens, and Presidio for PII detection.

Local-first and open source

xFrontier keeps data on your network unless you explicitly configure otherwise, and can run fully disconnected for air-gapped operation. It bridges to local models through an Ollama OpenAI-compatible endpoint with a curated allowlist, so teams can run capable agents with no API keys and no cloud inference.

Deployment scales along a single continuum:

  • Local profile — lightweight, for development.
  • Secure local profile — the full gateway, policy, and sandbox stack with OIDC operator authentication.
  • Hosted Kubernetes profile — via Helm, with gVisor or Kata isolation for enterprise rollout.

Relationship to concepts

Learn more