Skip to main content
Murmur treats agent VMs as untrusted. Credentials are encrypted end-to-end, tenants are cryptographically isolated, and the platform enforces strict boundaries between what different components can access.

Agent VM controls

A coding agent is exposed to the lethal trifecta — secret access, untrusted input, and network egress, all at once. Murmur gives you a control for each leg: scope what secrets an agent can reach, control who is allowed to steer it, and apply egress control through customer placements. See Agent VM controls.

Authentication

Developers log in with GitHub. Tenant membership is derived from GitHub org membership — if you’re in the org, you can access the tenant. Agents authenticate with short-lived identity tokens scoped to a single session. See Authentication.

Authorization

Org admins get full access by default. Org members can spawn and manage their own agents. For finer control, define roles, create groups, and bind them with tenant-bindings. See Authorization.

Encryption

Developer credentials are encrypted at rest, re-sealed to each VM’s ephemeral key before delivery, and decrypted only in process memory. Each tenant has its own KMS key. Secrets follow the same encryption lifecycle. See Encryption.