LockStock Security Features

Overview

LockStock is an enterprise-grade security layer that provides real-time monitoring, anomaly detection, and causal auditing for autonomous AI agents. Unlike traditional security tools that rely on timestamps and log correlation, LockStock uses cryptographic hash chains to create a tamper-evident record of agent behavior.

                The Core Insight: In the age of autonomous AI, execution is asynchronous,
                distributed, and non-deterministic. Traditional log analysis breaks down when agents spawn
                sub-processes across different regions. LockStock abandons reliance on server clocks and instead
                uses cryptographic hash chains to prove that every action follows from its predecessor.
            

Key Capabilities

Real-Time Velocity Monitoring - Detect rogue agents by measuring sequence velocity (Δseq/Δtime)
Causal Graph Auditing - Cryptographic chain of custody for every agent decision
Topology Visualization - Visual family tree showing decision lineage from user prompt to final action
Circuit Breaker Architecture - Automatic lockdown when velocity thresholds are exceeded
Agent-to-Agent Authentication - Verified handshakes between collaborating agents using cryptographic chain identity
Compliance-Ready Exports - Audit log exports for compliance review
Gateway Deployment - One Docker container, no code changes

Causal Graph Auditing

Traditional logs tell you when something happened. LockStock proves what sequence it happened in by creating a tamper-evident cryptographic chain linking every action to its predecessor.

How It Works

Every agent action is cryptographically chained to its predecessor using parent hash references. This creates a directed acyclic graph (DAG) where:

Every node is a state transition - Agent moved from state S₁₂ to S₁₃
Every edge is a causal relationship - S₁₃ was caused by S₁₂
The chain is immutable - You cannot delete a record without breaking the cryptographic chain
Server-side timestamps attest - Verifier adds trusted timestamps after validating the sequence

# Traditional Log Entry (Can be spoofed)
[2026-01-15 14:32:01] Agent A: TRANSFER_FUNDS($10,000)

# LockStock Audit Entry (Cryptographically Chained)
{
  "sequence": 45,
  "agent_id": "production-agent-001",
  "task": "TRANSFER_FUNDS",
  "curr_hash": "3d9e4f2c8b7a1f5d...",
  "event_type": "normal",
  "timestamp": "2026-01-15T14:32:01.234Z",
  "metadata": { "amount": 10000, "currency": "USD" }
}
            

Audit-Ready: Export audit logs that show the full chain of agent actions. The cryptographic chain proves no records were altered, deleted, or reordered.

Real-Time Velocity Anomaly Detection

AI agents can hallucinate. When they do, they don't just make a mistake—they make mistakes at the speed of light. A rogue agent might execute 1,000 erroneous database writes before a human can react.

Semantic Velocity Monitoring

LockStock monitors the rate at which agents make API requests (Δseq/Δtime). It establishes a baseline for normal operation and triggers alerts when velocity exceeds safe thresholds.

Example thresholds — actual values are configurable per agent.

Metric	Normal Baseline	Warning Threshold	Critical Threshold
State Transitions/sec	2-5 per second	30 per second	50 per second
API Calls/min	10-20 per minute	100 per minute	200 per minute

Circuit Breaker Architecture

When velocity exceeds critical thresholds, the gateway automatically trips a circuit breaker:

Agent State: LOCKED - All operations blocked until manual review
Incident Report Generated - Full causal chain exported for forensic analysis
Alerts Dispatched - Webhook and syslog event delivery
Manual Override - Unlock agent from dashboard when investigation is complete

Example Scenario: Agent "billing-processor-03" suddenly executes 87 TRANSFER_FUNDS operations in 4 seconds. The gateway detects velocity of 21.75 transitions/sec, trips circuit breaker, and locks the agent. Forensic analysis reveals the agent entered a hallucination loop due to malformed API response.

Dashboard Topology Visualization

Instead of text-based logs, the dashboard displays a visual topology graph showing the sequence of agent decisions. This lets you trace any transaction back through the chain to the original user prompt.

The View

The dashboard renders a hierarchical graph where:

Gold nodes represent user prompts and initialization events
Cyan nodes represent normal sub-agent operations
Red nodes represent detected anomalies
Edges show causal relationships (parent → child)

The Insight

Click any node to see its complete lineage. For example, clicking on a TRANSFER_FUNDS operation reveals:

USER_PROMPT: "Process monthly payroll" (Seq: 0)
  ↳ SUB-AGENT: AUTHENTICATE_USER (Seq: 1)
    ↳ SUB-SUB-AGENT: VERIFY_2FA_TOKEN (Seq: 2)
  ↳ SUB-AGENT: LOAD_PAYROLL_CONFIG (Seq: 3)
  ↳ SUB-AGENT: VERIFY_ACCOUNT_BALANCE (Seq: 4)
    ↳ SUB-SUB-AGENT: QUERY_BANK_API (Seq: 5)
  ↳ SUB-AGENT: TRANSFER_FUNDS (Seq: 6) ← You are here
            

                Compliance Value: During a security audit, you can prove that a sensitive
                financial transaction originated from an authenticated user prompt, passed through all required
                verification steps, and maintained the integrity of the decision chain.
            

Try Live Demo →

Agent-to-Agent Trust

As AI systems grow more capable, agents increasingly collaborate — delegating subtasks, sharing intermediate results, and coordinating complex workflows across teams or organizations. LockStock provides cryptographic authentication for these interactions.

How It Works

When Agent A sends a task to Agent B, the gateway verifies Agent A's chain identity and delivers the task only after confirming the chain is intact. Agent B can independently verify Agent A's history before accepting the work. Both agents' chains record the handshake, creating an auditable trail of every collaboration.

                Security Guarantee: An agent with a broken or forked chain cannot
                participate in agent-to-agent interactions. The same chain integrity that prevents
                individual agent tampering also prevents impersonation in multi-agent workflows.
            

Policy Controls

Configure per-agent A2A policies from the dashboard: enable or disable inbound tasks, restrict which agents or task types are accepted, and set limits on concurrent collaborations. Every policy change is recorded on-chain.

Deployment Architecture

LockStock deploys as a reverse proxy gateway — one Docker container that sits between your AI agents and the LLM provider. No code changes required.

Gateway Pattern

Zero Code Changes

Point your agents at the gateway instead of the LLM provider directly. One environment variable: OPENAI_BASE_URL=http://gateway:4000

Multi-Agent

The gateway handles multiple agents simultaneously. Each agent gets its own identity and chain, routed by a single container.

Cloud Agnostic

Works anywhere Docker runs — AWS ECS, Kubernetes, Google Cloud Run, bare metal, or your local machine.

Provider Agnostic

Routes to OpenAI, Anthropic (native or translated), Ollama, or any OpenAI-compatible endpoint.

Integration Example

# Store your credentials securely
pipx install liberty-secrets && liberty init
liberty add LOCKSTOCK_API_KEY "lsk_admin_..."
liberty add LOCKSTOCK_GATEWAY_KEY "lsk_gateway_..."
liberty add LOCKSTOCK_UPSTREAM_URL "https://api.openai.com"

# Provision an agent and start the gateway
lockstock-gateway provision --name my-agent
lockstock-gateway start

# Point your agents at the gateway
OPENAI_BASE_URL=http://localhost:4000
            

For the full setup including Liberty integration and multi-agent provisioning, see the Gateway Quickstart.

Compliance & Certifications

LockStock is designed to support regulatory requirements for AI systems handling sensitive data.

Compliance-Ready Architecture Cryptographic Hash Chain

Designed to support SOC2, HIPAA, PCI-DSS, ISO 27001, and GDPR compliance requirements.

Audit Features

Tamper-Evident Audit Trails - Cryptographically chained logs where any alteration breaks the chain
Audit Log Export - Export chain data for compliance review
Encrypted Transcripts - Full conversation content encrypted with your Account Key; server cannot read it
Data Lineage - Every action chained to its predecessor with sequence numbers and hash proof

Continuous Credential Rotation

Compliance frameworks like SOC2 and PCI-DSS require regular credential rotation. Most systems rotate every 30-90 days, creating windows where compromised credentials remain valid.

LockStock eliminates this gap entirely.

                Per-Action Rotation vs Traditional:

                Traditional: Password valid for 90 days → Rotate → New password valid for 90 days

                Compromise window: Up to 90 days of undetected access

                LockStock: New cryptographic proof per action → Instant invalidation

                Compromise window: Zero seconds

What This Means For Your Audit:

Show continuous rotation - Auditors see proof rotating on every request, not quarterly
Eliminate rotation gaps - No "we're overdue for rotation" findings
Reduce audit scope - Zero replay window means fewer compensating controls needed
Lower cyber insurance costs - Demonstrably shorter exposure windows = better rates

How It Works: LockStock's cryptographic audit trail provides auditors with tamper-evident proof that every agent action was authorized, sequenced, and recorded — eliminating the manual log collection that typically dominates audit preparation.

Pricing

LockStock is priced per agent, per month. Every agent gets every feature.

Product	Price	Agents	Features
LockStock	$9.99/agent/month	Self-service up to 100	Everything included
Enterprise	Custom	100+	Everything + dedicated support + SLA

Running more than 100 agents? Let's talk.

Get Started →