Desktop architecture.

• WebView layer (TypeScript/React) — same operational UI as the web platform (Command Center, Topology, Memory, Workflows, ReleaseOps). 90%+ component reuse.
• Tauri shell (Rust) — native shell process, OS integration (notifications, menu bar, tray icon, file system access), and the policy gate for which commands the WebView is allowed to invoke.
• Local execution runtime (Rust) — invokes terraform CLI and AWS CLI from local PATH using your existing profile. Captures stdout/stderr for the audit log.
• Sync layer (Rust) — handles bidirectional sync with the Axiom cloud platform when connected. Workstation mode disables this layer entirely.

The local execution runtime never wraps proprietary binaries — it shells out to the tools you already have:

• Terraform — found via which terraform; uses your existing CLI and your existing state backend
• AWS CLI — uses your existing ~/.aws/credentials and ~/.aws/config profiles
• kubectl — for ArgoCD-related operations (future)
• git — for ReleaseOps repo introspection (future)

Every shell invocation is logged with full command, arguments (secrets redacted), exit code, and duration. The log is queryable from the local audit panel.

Two credential paths, depending on operation:

• Axiom session token — for syncing with the cloud platform. Stored in OS keychain. Never written to disk in plaintext.
• AWS credentials — for local Terraform/CLI execution. Axiom never sees these. They live in ~/.aws/credentials (or your SSO config) and are read directly by the CLIs we shell out to.

Workstation mode is for security-strict environments. When enabled:

• All outbound network from the desktop app is disabled, except direct AWS API traffic
• Operational memory persists locally only — no cloud sync
• The Axiom cloud platform marks this connection as "offline"; web dashboard shows last-known state only
• Audit logs export to local file system for SIEM ingestion
• Reasoning runs against a local model (downloaded once) — no cloud inference

Workstation mode is part of the Enterprise tier. The local reasoning model is downloaded on first activation (~2GB).

• macOS — MDM/Jamf-managed deployment, signed enterprise pkg, configurable policy plist
• Windows — MSI bundle with GPO policy, Active Directory authentication path
• Linux — Ansible role + Debian/RPM packages, systemd service unit for daemon mode
• Telemetry — opt-out at install time via policy file; workstation mode forces telemetry off
• Update channels — pinned-version channel available for compliance-strict orgs (no auto-updates)