Lumeus

Overview

Lumeus provides an Agent-native security platform that unifies Security Posture Management, Runtime Protection across multiple coding agents. It continuously discovers risks, manages security posture, and enforces runtime protection—directly at the AI agent edge.

Capabilities

AI-Native Runtime Protection & Forward Proxy:
Lightweight endpoint agents to enforce runtime inspection and protection by monitoring traffic and interactions within AI systems. It functions as a local Policy Enforcement Point (PEP) for both outgoing and incoming traffic.

• Acts as a forward HTTP proxy to inspect all IDE and CLI web traffic for threats or policy violations. We support 30+ parsers for common IDE, CLI agents, developer SaaS Apps (Jira, Github) and common Web AI (OpenAI, Claude etc).
• Performs Layer 7 inspection to detect prompt injection, data leaks, and unsafe completions.
• Configurable firewall provider: Enhanced proxy gateway monitoring with integrated firewall scan execution for comprehensive security visibility and policy enforcement.
• Integrates with reverse proxies like Teleport to secure SSH, Kubernetes, and web cluster access.

Model Context Protocol (MCP) Gateway:

• Secure Communication: Inspects and protects all communications between IDE/CLI agents and external MCP servers (e.g., List Tools or Tool Calls).
• Controls MCP configurations and blocks unsanctioned MCP servers.
• Supports both local and remote MCP servers.

Security Posture Management:
Functions as the Policy Control Point (PCP) to provide continuous posture management, plugin control, and guardrail enforcement.

• Repository Governance: Comprehensive repository access controls with git blocking, allowlist/blocklist management, and organizational policy enforcement to prevent unauthorized code access and maintain secure development environments
• File Protection: Sensitive file access protection with policy-based controls and data classification
• AI Guardrails: Leveraging IDEs native guardrails to prevent threats, data loss prevention (DLP), and enforce code guidelines through intelligent monitoring and policy enforcement
• Tamper Protection: Tamper-resistant security enforcement with uninstall protection and watchdog monitoring with health checks for continuous enforcement

Enterprise Deployment (MDM):

• Cross-Platform Installation: Automated installation scripts for Windows, macOS, and Linux supporting VS Code, Cursor, Windsurf IDEs
• User Discovery: Automatic discovery and installation for multiple users with system account filtering
• Configuration Management: Centralized credential configuration with file mode and keystore (Beta) storage options, including clear credentials option
• IDE-Specific Deployment: Targeted installation for specific IDEs with environment-specific configurations (dev, stage, prod)
• MDM User Display: Enhanced status bar updates and user display handling for MDM-managed deployments
• On-Premise Deployment: Configurable on-premise environment support

Zero Trust Infrastructure Access:

• JIT Access: Just-In-Time provisioning for SSH servers, Kubernetes clusters, databases, and web applications
• Credential Management: Ephemeral credential generation with automatic expiration and lifecycle management
• Session Monitoring: Complete audit trails with real-time session monitoring and activity correlation

Auto-Update (Proprietary Channels):

• Background, signed updates with staged rollouts and safe fallback
• Policy-controlled channels (stable/beta) with admin governance
• Works offline-first; updates resume when connectivity returns
• Full audit logging of update checks and applied versions

Prerequisites

A valid Lumeus tenant must be provisioned and organizational resources configured for centralized security management.

Visit lumeus.ai for platform onboarding or contact support@lumeus.ai to request access.

Troubleshooting

Forward Proxy Gateway

• Verify security certificates are properly installed
• Validate proxy agent operational status
• For Windsurf environments: reload Language Server Protocol when prompted
• Confirm network connectivity and firewall configurations

MCP Gateway Issues

• Ensure latest IDE with MCP support is installed
• Check firewall settings for MCP communication
• Toggle MCP server configuration to reset connection state
• Perform IDE window reload to refresh security context
• Validate MCP server configuration through management portal
• Verify secure gateway connectivity and policy inheritance

Connection Problems

• Check if required tools are installed for specific connections
• Verify network connectivity and resource availability
• Review extension logs for detailed error messages
• Ensure proxy settings are not interfering

Authentication Issues

• Use "Lumeus: Debug Auth" command to troubleshoot authentication problems
• Check for specific error notifications in the IDE
• Verify enrollment token and authentication token availability
• Review authentication error logs for detailed diagnostics

MDM Deployment Issues

• Ensure scripts are run with appropriate privileges (sudo on macOS/Linux, SYSTEM on Windows)
• Verify VSIX files exist at specified paths
• Check that target IDEs are installed before running installation scripts
• For user discovery issues, verify user accounts have valid UIDs and home directories
• See scripts/mdm/README.md for detailed deployment documentation

General Issues

• Check extension logs using Output panel (View > Output > Lumeus)
• Verify settings configuration
• Try refreshing the resource list
• Use "Lumeus: View Logs" command for detailed logs
• Restart IDE if issues persist