Nautilus mediates every data request in a multi-agent system. Agents do not query data sources directly — they declare intent and clearance to Nautilus, which routes to appropriate sources through policy. The Librarian persona handles routing: given an intent like “threat_analysis” and a clearance level, it selects which data sources are relevant and permitted. The Gatekeeper evaluates the access decision through Fathom’s CLIPS engine before any data moves. This is a data broker, not a service mesh — it governs what agents know, not how they talk to each other.
The core problem Nautilus solves is cumulative exposure. Individual requests look harmless in isolation. An agent asks for org chart data — fine. Then personnel records — fine. Then travel schedules — also fine individually. But accumulated across a session, those three requests build a targeting dossier. Nautilus tracks what data types each agent has accessed within a session and evaluates the cumulative exposure profile before every new request. The mosaic effect — where individually benign pieces combine into something sensitive — is caught at the broker level before the data ever reaches the requesting agent.
The architecture is deliberate about where LLMs belong and where they do not. At runtime, the Gatekeeper runs CLIPS rules — deterministic inference, zero hallucinations, full auditability, sub-millisecond decisions. Every request produces signed JWS attestations and structured audit logs. LLMs enter the picture through the Curator persona, which operates during maintenance windows: it analyzes access patterns, proposes new routing rules, and identifies data relationships that humans might miss. LLMs author rules. CLIPS executes them.
The v2 roadmap pushes the Curator further — meta-rules that generate new rules from observed access patterns, LLM-as-knowledge-engineer for translating compliance requirements into CLIPS rule packs, and fuzzy similarity scoring for intent matching. Nautilus is in early access now and composes with Fathom for policy evaluation and Railyard for pipeline-scoped data governance.
What Nautilus does
Three Personas
The Librarian routes requests to relevant data sources based on intent. The Curator maintains evolving understanding of data relationships and proposes new routing rules. The Gatekeeper enforces deterministic, fail-closed access decisions via CLIPS.
Cumulative Exposure Tracking
Individual requests look harmless. Accumulated across a session, they build dossiers. Nautilus tracks what data types each agent has accessed and evaluates cumulative exposure before every request — catching dangerous combinations before they happen.
Fathom-Powered Policy
Access decisions run through Fathom's CLIPS engine — deterministic, auditable, sub-millisecond. Every request generates signed JWS attestations and structured audit logs. No LLM in the decision path.