Endpoint Mode: Hardware-Level Orchestration
In Endpoint Mode, the Myrmex Endpoint Agent acts as the ruler and syncer for the Perseus Specialist Agent. It is the deterministic “Body” that translates AI intent into real system operations across Windows, Linux, and macOS.The Ground Truth Protocol
The agent is designed around a “Verification-First” architecture. Every action follows a strict protocol to ensure the AI never hallucinations the state of your infrastructure:- Direct Interception: The agent bypasses high-level abstractions to get raw data from the Kernel (via eBPF, ELAM, or ESF).
- Normalized Telemetry: Data is standardized into a common model (JSON/YAML) before being sent to the AI, ensuring consistent reasoning across different Operating Systems.
- Auditability: Every command executed by the AI is logged with its exit code, stdout, and stderr, creating an immutable evidence chain.
🛠️ Execution Primitives (EDR Functions)
The agent provides the AI with over 100+ specialized functions. These are not just “security features” but Automation Primitives that can be combined to solve complex operational challenges.Core Capability Groups:
Systems Engineer
Execute shell/PowerShell scripts with timeout protection and output size limits.
Forensic Investigator
Deep-dive into process trees, file metadata, and memory dumps without manual SSH/RDP.
Patch Manager
Native integration with Windows Update, WSUS, and Linux package managers.
Security Warden
Isolate devices from the network or neutralize malicious process hierarchies in milliseconds.
🧠 Local Autonomy: The Reflex System
While the Mind (Perseus) handles strategic reasoning, the Agent handles tactical reflexes. For high-speed threats like Ransomware, the agent executes pre-approved “Reflexes” locally:- Behavioral Blocking: If it smells a crypto-locker pattern, it kills the process hierarchy immediately—zero-latency protection.
- Offline Persistence: Even if the device loses internet connection, the agent continues to enforce the last known security policy and queues telemetry for the next sync.
🛡️ Reliability & Resilience
The agent implements an Intelligent Retry Logic to handle the “unforgiving” nature of OS environments:- Command Translation: If Perseus requests a service restart, the agent automatically detects the init system (
systemd,init.d, orlaunchctl) and uses the correct syntax. - Transient Recovery: If the connection to the Myrmex Cloud is interrupted, the agent automatically retries with exponential backoff, ensuring no telemetry is lost.
- Atomicity: Updates and critical configuration changes are applied atomically. If an update fails, the Supervisor triggers a fail-safe rollback within seconds.
Technical Specifications
| Feature | Implementation | Performance |
|---|---|---|
| Telemetry Latency | Direct Stream | < 100ms |
| Command Execution | Parallel Primitives | ~500ms (avg) |
| Memory Footprint | Optimized Rust/C | < 50MB (idle) |
| CPU Usage | Throttled / Background | < 1% (avg) |
Endpoint Mode is the default operational state. If you need to use the agent as a gateway for syslog/SNMP or external API collection, see Collector Mode.