Audit-First by Design

The world's first audit-first MQTT platform for regulated industries

TrailMQ replaces custom audit scripts, log parsing pipelines and fragile compliance workflows.

No payload inspection. No live message streams. Evidence over observation.

Add audit trails, security policies and validation evidence to MQTT — so audits no longer depend on custom scripts or tribal knowledge.

GMP / GxP aligned messaging
Deploy in minutes with Docker
Free to evaluate — Enterprise licenses available

Deploy from GitHub View on Docker Hub

What is TrailMQ?

TrailMQ is a lightweight messaging platform built on MQTT — designed for environments where communication must be provable, not just fast.

It bridges the gap between machine-level messaging and the strict requirements of GMP, GxP and regulated manufacturing.

You keep MQTT.
TrailMQ adds traceability, security controls and audit-ready evidence.

"Audit-first" means traceability, evidence and validation are core design principles — not optional add-ons.

TrailMQ explains decisions and enforcement without exposing message content or secrets.

TrailMQ replaces custom audit scripts, log parsing pipelines and fragile Excel-based compliance workflows that are typically built around standard MQTT brokers.

Who is TrailMQ for?

TrailMQ is designed for teams operating validated systems in regulated environments.

🏭

Automation & IIoT

Real-time messaging in manufacturing and lab systems, with built-in traceability and structured event histories.

✓

QA / CSV Teams

Built-in audit trails, user attribution, and GMP-ready architecture to simplify validation and compliance audits.

🔧

Platform & Architecture

Run on-premise, route with ease—flexible enough for hybrid architectures with modern tooling.

Core Capabilities

Lightweight infrastructure for traceable, audit-first messaging.

Audit-Ready Messaging

Every decision produces structured audit evidence (identity, timestamps, metadata) without inspecting message content—traceable, ready for compliance review without extra effort.

Security by Policy

Role- and ACL-based access to your channels via topics. Fine-grained control over who can publish, subscribe, and configure.

Fail-Safe Messaging

Message persistence (optional), configurable retries, and persistent pub/sub ensure delivery, even during connectivity interruptions.

Privacy by Design

All sensitive data is handled locally on your infrastructure for full control over sensitive data.

Why not a standard MQTT broker?

Most MQTT brokers focus on throughput. TrailMQ focuses on trust.

Standard MQTT	TrailMQ
Fast messaging	Fast and auditable
Logs as text files	Structured audit evidence
Logs after the fact	Evidence by design
Manual correlation	Hash-chained trails
Debug & inspect payloads	Explain decisions without exposing payloads
Basic auth	TLS + JWT + RBAC

Standard brokers require compliance to be added afterwards.
TrailMQ makes compliance part of the message flow itself.

Built for Regulated Environments

Built for environments where you must explain what happened — months later.

Immutable audit evidence — hash-chained, tamper-evident trails
Segregation of duties — user and role-based access controls
Data integrity controls — message-level verification
Supports validation workflows — IQ/OQ/PQ documentation ready
GAMP alignment — topic-level permissions across validation phases

GMP Aligned Audit-Ready Architecture

TrailMQ serves as a technical control in support of compliance processes; it does not replace full regulatory assessment or validation.

Platform Overview

Explainable visibility and enforcement—from IQ/OQ to live operations.

System stability and aggregated behavior at a glance. Understand what's happening without exposing individual messages.

System health, connection states, throughput metrics

Boundaries and identity management. Define who can publish, subscribe and configure—with full audit trails.

Users, roles, ACLs, authentication

Policy changes with justification. Every configuration change is recorded with who, when and why.

Policies, retention rules, enforcement settings

Evidence and exportable proofs. An immutable, searchable event timeline showing who sent what, when and why.

Ideal for answering ad-hoc compliance questions after the fact, without rebuilding context from logs.

Evidence export, compliance reports, audit trails

Topic contracts and decision traces. Use familiar MQTT topics for routing with pattern-based subscriptions.

Topic structure, wildcards, context-aware routing

Optional Modules

Planned extensions for advanced workflows. Available as part of enterprise packages.

Visual event orchestration for prototyping and validating message flows before production deployment.

Protocol bridges for OPC UA, S7 and standard IoT gateways with optional message enrichment.

TrailAI Plugins

Planned AI-powered extensions. Each plugin is sandboxed with declarative metadata.

TrailGuardAnomaly detection

RouteMindSemantic routing

SemanticSwitchClassification

ResponderAuto-response

These plugins are on the roadmap. Contact us for early access or enterprise discussions.

Start free. Scale when validated.

TrailMQ is free to deploy and evaluate. Enterprise licenses available for production environments.

No registration, no trials, no per-environment cost.

Clone the repo, run docker compose, and you're live in minutes. The deployment files are on GitHub — the container images are hosted on Docker Hub.

Enterprise licenses and support packages are available for validated production use.

You won't see payloads or live streams in the UI by design. You will see enforcement, evidence, and decision explanations.

Get the Starter Kit on GitHub →

            # Clone the deployment repo
git clone https://github.com/RainerGewalt/TrailMQ.git
cd TrailMQ

# Start all services (pulls images from Docker Hub)
docker compose up -d

# Open the Web UI
open http://localhost/trailmq/

Docker Hub Images

trailmq-backend trailmq-frontend

Built by engineers for regulated environments

Start locally, validate early, and migrate to your own setup.