MQTT.Agent - open protocol for AI agents

Spec
Security & ACL

Enterprise-Grade Security for Real-Time

Authentication, authorization, and audit at the protocol layer. Your IdP becomes MQTT identity. The broker enforces every rule, for every client and every agent.

Start Building Secure Security Documentation

We put the security in MQTT.

Not bolted on. Not a wrapper. Security primitives baked into the broker, the wire, and the identity model.

Foundations

The non-negotiables: transport, tenant isolation, and data protection. Everything else builds on these.

Enterprise-Grade WSS Security

TLS 1.3 encryption for all WebSocket connections. Perfect forward secrecy, modern cipher suites, no plaintext fallbacks.

Organization Isolation

Complete data separation between tenants. Each organization operates in its own isolated namespace with dedicated credentials and access controls.

Data Protection

Messages encrypted in transit. Optional message persistence with encryption at rest. Automatic data retention policies.

Access Control

ACL v2: Policy-Based Access Control

Define topic-level permissions with identity-aware policies. ACL v2 introduces variable bindings, preset templates, a built-in policy simulator, and CLI tooling for version-controlled deployments.

Identity-Bound Topics
Variable bindings like {email}, {user_id}, {agent_id}, {session_id}, and {client_id} scope topics to individual identities automatically
5 Preset Templates
Start from Permit All, Notifications, Agent Pipelines, Chat Channels, or Blank (deny-all) and customize from there
Policy Simulator
Test ACL rules against real topic patterns before deploying - catch misconfigurations without affecting live clients
CLI-Driven Deployment
Validate and push policies with cloudsignal acl validate and cloudsignal acl update for repeatable, reviewable deployments
Per-Rule QoS Control
Set allowed QoS levels (0, 1, 2) per rule. Limit retained-message permissions independently from publish/subscribe.
Service Account Publishers
Dedicated publisher identities (e.g. rest_publisher for the REST API bridge) keep server-issued messages auditable and scoped.
acl-policy.json 
{
  "version": "2.0",
  "default_action": "deny",
  "rules": [{
    "topic": "/{email}/inbox",
    "action": "subscribe",
    "effect": "allow"
  }, {
    "topic": "/broadcast/#",
    "action": "subscribe",
    "effect": "allow"
  }]
}
claim → ACL binding
sub : "user_a8b2c3"
{user_id}
email : "alice@acme.io"
{email}
agent_id : "agent_research_42"
{agent_id}
session_id : "sess_zk9p2x"
{session_id}
role : "engineer"
{role}
// ACL rule: "/{agent_id}/inbox" → agents/agent_research_42/inbox
JWT Authentication

Your JWT Is Your MQTT Identity

Your user's existing JWT, issued by Supabase, Firebase, Auth0, Clerk, or any custom OIDC provider, is their MQTT identity. The broker verifies the signature against your IdP, and the claims inside become ACL variable bindings. No token exchange, no shadow user table, no parallel auth flow.

Native external IdP
Supabase, Firebase, Auth0, Clerk, or any OIDC provider. Skip token exchange entirely.
Claims become ACL variables
{email}, {user_id}, {agent_id}, {role}, {session_id}, all bindable in topic patterns
AI agents as first-class identities
Sign agent_id into the JWT; the broker enforces per-agent topic scopes
One auth context everywhere
Same identity on the web app, mobile app, server, and MQTT layer
Protocol-Layer Enforcement

Traffic Governed at the Broker

ACL is evaluated at the MQTT broker before messages reach your application. Not middleware, not an API gateway. Every publish and subscribe is checked against the policy, for every client, every agent, every service.

ALLOW
+0ms
clientalice@acme.io
actionsubscribe
topicalice@acme.io/inbox
matched{email}/inbox
verdictallow · routed
DENY
+0ms
clientagent_research_42
actionsubscribe
topicagent_planning_91/inbox
matchedno rule
verdictdeny · dropped at wire
01

Pre-Application Enforcement

Unauthorized messages never reach your code. The broker rejects them at the protocol layer.

02

Agent-Isolated by Default

Multi-agent systems get broker-enforced isolation. Each agent_id claim scopes its topics; no rule, no read.

03

Audit at the Wire

Every authz decision logged at the broker. No app-level logging required for compliance.

Enterprise

Advanced Security

For organizations with regulatory, isolation, or scaling requirements beyond the default.

Bring Your Own Auth (BYOA)

Integrate your existing identity provider. Support for OIDC, JWT, and custom authentication webhooks for seamless SSO.

Private Endpoints

Dedicated infrastructure with private network connectivity options. Available on enterprise contracts.

Custom Retention Policies

Define custom data retention periods to meet your compliance requirements. Automatic purging and archival options.

Dedicated Infrastructure

Single-tenant deployment options for organizations with regulatory or performance requirements. Custom scaling agreements available.

Security disclosure

Found a vulnerability? Report it responsibly. We acknowledge within 24 hours and coordinate disclosure on a case-by-case basis.

security@cloudsignal.io

Ready for Secure Real-Time?

Start with our free tier or contact us for enterprise security requirements.

Start Free

Questions about security? security@cloudsignal.io