Ewii
Schedule a Review

HOW EWII WORKS

Hub on your side. Client on theirs. Identity-verified queries on 443.

Ewii is a productized connectivity layer for AI and SaaS operators. You deploy a Hub. Your customers deploy a signed Client container. Traffic flows over a single, identity-verified outbound connection. No inbound firewall changes. No shared secrets.

Hub-Client Handshake and Query Path — Protocol Diagram Swimlane sequence diagram showing the TLS 1.3 mTLS handshake between a customer-side Client workload and the operator-side Hub, with SPIFFE SVID workload identity, X25519 key exchange, HKDF-SHA256 key derivation, and ChaCha20-Poly1305 application encryption. Port 443 outbound only. RFC 8446 §4.1 · SPIFFE specification §4. CLIENT (CUSTOMER-SIDE) RELAY (NEUTRAL TRANSPORT) HUB (OPERATOR-SIDE) OUTBOUND TCP/QUIC · PORT 443 Client initiates; no inbound listener on customer side CLIENT_HELLO + SPIFFE SVID (X.509) presents workload identity VALIDATED AGAINST TENANT TRUST BUNDLE HUB_CERTIFICATE + TRUST_BUNDLE_RESPONSE mutual auth completed; session keys derived (X25519 + HKDF-SHA256) APPLICATION QUERY (ChaCha20-Poly1305) application-layer payload, end-to-end encrypted RELAY SEES CIPHERTEXT ONLY QUERY RESULT (ChaCha20-Poly1305) identity-bound response on the same connection SLIDING-WINDOW REPLAY PROTECTION FIG. 1 — HUB-CLIENT HANDSHAKE & QUERY PATH TLS 1.3 mTLS · SPIFFE SVID · X25519 · HKDF-SHA256 · ChaCha20-Poly1305 Source: RFC 8446 §4.1 (TLS 1.3 handshake) · SPIFFE specification §4 (SVID) Replay protection per RFC 8446 §8 (record sequence numbers)
FIG. 1 Hub-Client handshake and query path

01

You deploy the Hub.

The Hub runs in your infrastructure — your VPC, your Kubernetes cluster, your bare-metal. It’s multi-tenant by design: a single Hub serves many customers, each cryptographically isolated from the others. You set the SLA target. You set the observability stack. We ship the binary, the OCI image, and the operational runbook.

02

Your customers deploy the Client and the MCP Adapter.

Each customer runs two signed containers in their own network, packaged together as a Docker Compose bundle. The Client opens a single outbound connection on port 443 — the same port their browsers use — and presents a SPIFFE / X.509 SVID at handshake. No inbound firewall rules, no port-forwarding, no DMZ. The MCP Adapter sits behind the Client on a local Docker network, holds the per-deployment database configuration and credentials encrypted at rest with AES-256-GCM, and is never reachable from the public internet. Both images are signed with Cosign; their security team can verify provenance with cosign verify before deployment.

03

Encrypted, identity-verified traffic flows.

The Client presents a SPIFFE / X.509 SVID at handshake; the Hub verifies it against the workspace’s trust bundle. Application-layer payloads are encrypted with ChaCha20-Poly1305 over QUIC + TLS 1.3, with X25519 ephemeral key exchange and HKDF-SHA256 derivation. Session keys derived from the authenticated identity bind every subsequent payload to that identity. A compromised relay cannot read payloads. Replay-protection is enforced via a sliding window on the receiving end.

ONE WORKSPACE, MANY DEPLOYMENTS

Cryptographically isolated deployments inside a single workspace.

A customer rarely has one database in one place. They have a production cluster in one region, a staging environment in another, an analytics warehouse in a third. Ewii’s data model matches this. A workspace is the unit of customer identity in the Hub. A deployment is one Client + one MCP Adapter installed alongside one set of databases — typically one per environment or one per site.

Each deployment receives its own SPIFFE / X.509 identity. Session keys are derived independently. A compromise of one deployment’s Client cannot reach databases attached to another deployment in the same workspace. There is no shared-key code path that traverses deployment boundaries — the isolation is cryptographic, not policy-enforced.

The MCP tools advertised by each deployment are a union of the databases attached to that deployment. Adding a database to a deployment expands its tool catalog; removing one contracts it. Workspaces and deployments scale independently — your customer can run as many of either as their environment requires.

WHAT YOU GET

A three-component deployment kit.

Engineering specification sheet for the Ewii Deployment Kit v1.1, presented as a single document divided by a dashed horizontal rule into two zones. ZONE A — OPERATOR SIDE holds Part 01: Hub Binary (ewii-hub v1.0.0-linux-amd64, runtime linux/amd64 + linux/arm64, signature cosign + Sigstore, protocol TLS 1.3 + QUIC, identity SPIFFE / X.509 SVID, tenancy per-workspace trust bundle). ZONE B — CUSTOMER PREMISE, labelled 'SHIPS AS COUPLED PAIR', holds two specimens side-by-side connected by a small copper bracket: Part 02 — Client Container Image (ewii-client:1.0.0, distroless base, port 443 outbound only, SPIRE workload attestation, zero inbound attack surface, ~80 MB) and Part 03 — MCP Adapter Container Image (ewii-mcp-adapter:1.0.0, credentials AES-256-GCM at rest, key derivation PBKDF2-SHA256 from enrollment token + workspace id, drivers PostgreSQL / MySQL / MariaDB / SQL Server / Oracle / MongoDB, reachable on localhost only). Right-margin callouts on dashed leader lines: 01 Three Components, 02 Cosign Verify, 03 Outbound Only, 04 Key Custody. Bottom-left: a small Signed & Attested · Sigstore wax-seal stamp. Bottom-right: FIG. 2 — EWII DEPLOYMENT KIT SPECIFICATION v1.1 in copper-amber monospace. Corner crop marks on bone-white canvas.
FIG. 2 Ewii deployment kit specification — Zone A (Hub) on your side; Zone B (Client + MCP Adapter, shipped as a coupled pair) on theirs.

Zone A — Part 01 — Hub. Lives on your infrastructure. Zone B — Part 02 — Client and Part 03 — MCP Adapter ship together as a single Docker Compose bundle to your customer and run as a coupled pair on their host. Adapter holds an AES-256-GCM-encrypted credential store; the encryption key is derived locally on the customer's premises and never reaches your infrastructure.

What this means for your roadmap.

If you’re building an AI or SaaS product that touches customer data on customer infrastructure, Ewii is the connectivity layer you don’t have to build yourself. Schedule a 60-minute Architecture Review with our senior architect and security lead.

Schedule an Architecture Review