Evaluation access for regulated & quality-critical systems

Make MQTT decisions explainable and reviewable

Standard brokers move MQTT messages. TrailMQ adds policy control, identity context and audit-linked evidence.

Control topic access, explain broker decisions and keep structured evidence for later review. Planned plugins extend this with domain context and historical baseline comparison — without changing your machines or MQTT clients.

Public evaluation repo
Self-hosted via Docker
No cloud dependency
Commercial production licensing
Evidence Record Example chain verified
topicproduction/line1/filler/
batch/4711/temperature
contextline1 · filler · batch 4711
live28.4 °C  vs  22.5 °C baseline
decisionaccepted → enriched → compared
deviation+26.2% critical
policypolicy@v7 active
prev a91f…7c2 → this 3e08…d14
The problem

Fast transport is easy.
Explaining it later is hard.

Months later, teams need to explain who changed what, which policy was active, what a machine message meant, and why something was allowed, blocked, deferred or calculated. A standard broker only tells you the message moved. TrailMQ keeps that evidence structured and reviewable from the moment it happens.

01

Machine message

A sensor publishes a raw value over MQTT.

02

Resolve identity

Client, role and policy context captured with the event.

03

Apply policy

Publish or subscribe request checked against the active rule set.

04

Optional enrichment

Planned plugins can add domain context and baseline comparison.

05

Audit evidence

Everything linked into one reviewable, tamper-evident record.

You keep MQTT. TrailMQ adds a control and evidence layer around broker decisions — no change to your machines or MQTT clients. Why MQTT alone is not GxP compliant

Capabilities

Not just transport.
Controlled, reviewable messaging.

TrailMQ focuses first on access control, identity, decision traces and audit evidence. The planned plugin layer adds domain context and historical comparison where those controls need richer process meaning.

Core

Policy-controlled topic access

Define who can publish or subscribe to which topics, under which conditions. Policies are versioned and always part of the audit record — so you can prove not just what happened, but which rule allowed or blocked it.

Reviewable audit trail

Broker decisions are written as structured evidence with sequencing and integrity controls so they remain readable during later review.

Identity & change context

Connect clients, users, services and configuration changes to the evidence record so later reviews can see who acted under which authority.

Structured, readable evidence

Not raw logs. Not binary blobs. Structured records a validation engineer, auditor, QA team or OT owner can review without a developer in the room.

Admin UI & REST API

Manage topics, users, policies, clients and audit evidence through a self-hosted React UI or the full REST API at /api/v1 — no custom tooling required.

Client & queue visibility

See which MQTT clients are connected and what topics they access. Inspect queue state and dead-letter entries through the REST API without broker-level access.

Planned plugin

Domain context enrichment

Turn technical MQTT topics into machine, batch and metric context so QA, OT and engineering teams can review messages in process terms.

Planned plugin

Live vs. historical comparison

Compare live MQTT values against REST-fed historical baselines and record deviations as audit-linked evidence when the comparison context is available.

Who it's for

Built for teams that need to explain later

The layer between your MQTT traffic and the reviewable evidence an audit, a deviation or a regulator will eventually ask for.

OT & Production teams

Know who changed a setpoint, when it happened, whether the right policy was active and what the message meant in machine, batch or metric context — without touching your PLCs or sensors.

Pharma & Life Sciences

You operate under GMP, and auditors ask questions months later. Get structured evidence for message decisions and technical controls, with planned deviation support where baseline context is available.

IIoT Platform engineers

You build the infrastructure others rely on. TrailMQ runs as a Docker-based evaluation stack, integrates with existing MQTT clients, and produces evidence downstream systems can consume.

Standard broker vs. TrailMQ

The questions a broker can't answer

A standard broker tells you messages moved. Here is what it leaves unanswered.

Question you need to answer
Standard broker
With TrailMQ
Who changed this topic configuration?
No record
Identity tracked
Which policy was active when this message was sent?
Not tracked
Policy version in audit log
Why was this message blocked?
No explanation
Decision recorded with reason
What does this MQTT value mean in process context?
Topic string only
Planned context plugin
Was this live value normal or deviating?
Not available
Planned baseline comparison
Can I prove this data was not modified in transit?
No
Tamper-evident log
Can this evidence support GMP review?
No
Structured records for review

TrailMQ does not compete with your broker. It makes broker decisions and their surrounding evidence visible, reviewable and explainable.

Regulated environments

Designed for where traceability is not optional

TrailMQ serves as a technical control in support of compliance processes. It does not replace regulatory assessment or validation, but it makes the technical decisions behind MQTT traffic easier to inspect and retain.

  • Integrity-oriented audit evidenceSequenced, reviewable decision records
  • Segregation of dutiesUser and role-based access controls
  • Data integrity controlsMessage-level verification
  • Supports validation workflowsEvidence suitable for validation packages
  • GAMP-aware controlsTopic-level permissions across lifecycle phases
GMPManufacturing quality context
GAMP 5Risk-based validation
21 CFR Part 11Electronic-record context
Data integrityALCOA+ concepts

TrailMQ is early-stage software and a technical control, not a compliance guarantee or certification claim. Validation, risk assessment and procedural controls remain the responsibility of the regulated organization.

GMP MQTT reliability

Reliable MQTT messaging in GMP-regulated manufacturing means more than delivery

MQTT QoS, durable sessions and retained messages help with transport behavior. GMP-relevant reliability also requires evidence that the right client acted, the right policy was active, failures were handled explicitly and the record can be reviewed later.

Transport behavior

Choose QoS, retained state and session behavior deliberately, then document where message loss, duplication, replay and reconnect behavior can affect process decisions.

Controlled decisions

Bind publish and subscribe decisions to client identity, role, topic policy and configuration version so allowed and blocked actions are explainable.

Reviewable evidence

Store sequence, timing, decision reason, policy state and change context as structured evidence instead of relying on broker logs alone.

For a deeper checklist, read how to ensure reliable MQTT messaging in GMP-regulated manufacturing

Planned plugin example

From a live value to reviewable deviation

The planned plugin layer shows how a live MQTT value could be enriched with domain context, compared with a historical baseline and linked to audit evidence.

1

Feed a historical baseline through REST

An external system provides a baseline for line1 / filler / temperature.

POST /api/v1/baselines
// expected reference for this context
{
  "context_key": { "line": "line1", "machine": "filler", "metric": "temperature" },
  "baseline": { "value": 22.5, "unit": "C", "source": "historical_average_30d" },
  "limits": { "warning_percent": 10, "critical_percent": 20 }
}
2

Receive a live MQTT value

A machine publishes 28.4 °C to production/line1/filler/batch/4711/temperature.

3

Produce audit-linked deviation evidence

TrailMQ links the live value, context, baseline, deviation and decision trace into one reviewable path.

evidence record
{
  "metric": "temperature",
  "live_value": 28.4,
  "historical_value": 22.5,
  "deviation_percent": 26.22,
  "severity": "critical",
  "context": { "line": "line1", "machine": "filler", "batch_id": "4711" }
}

If required historical context is missing, TrailMQ does not silently skip the calculation. Missing context becomes explicit: deferred, retryable and reviewable.

Trusted Industrial AI

A trustworthy foundation before the model

In GMP and quality-critical environments, the question is not only whether an AI model is powerful — it's whether the data, context and decisions around that model can be trusted and reviewed.

AI needs more than raw machine data

Before a model can reason about industrial data, the value needs domain context: machine, line, batch, metric, policy state and process relevance.

Deterministic context first

Use deterministic context, baseline and deviation logic before model interpretation, then link the result to reviewable evidence.

Trust comes from traceability

If AI later suggests or explains an event, TrailMQ provides the surrounding evidence: what data was used, which context applied, which baseline resolved and which decision path was recorded.

04 Trusted Industrial AI
03 TrailMQ evidence layer
02 MQTT broker
01 Machines & sensors

TrailMQ is not positioned as an AI model or analytics platform. It is the controlled MQTT evidence layer that trusted Industrial AI can build on.

Quickstart

Evaluate TrailMQ with one command

Clone the deployment repo, run the guided launcher and choose your first Starter Kit. TrailMQ prepares an evaluation stack for you.

The guided launcher prepares runtime folders, creates local demo certificates when needed, generates evaluation credentials and starts the selected recipe.

After launch, use the Web UI or the REST API to inspect topics, resolve policies, review queues and validate audit evidence.

No migration. No downtime. No code changes on your MQTT clients.

TrailMQ is early-stage software. The GitHub deployment is for evaluation, testing and proof-of-concept work. Production use in regulated or commercial environments requires a valid license.

terminal
# Clone the TrailMQ deployment repo
git clone https://github.com/RainerGewalt/TrailMQ.git
cd TrailMQ

# Start the guided launcher
./trailmq launch
launcher
# Choose your Starter Kit
[1] Secure MQTT Core

 Runtime folders prepared
 Config ready
 Evaluation credentials generated
 Active recipe set
 Stack is up
endpoints
Web UI    http://localhost/trailmq/
REST API  http://localhost/api/v1
MQTT TLS  localhost:8883
MQTT WS   ws://localhost/mqtt
FAQ

Can MQTT be used in GxP environments?

MQTT can be used in regulated manufacturing, but a broker alone is not enough. The real question is whether message decisions can be controlled, explained and reviewed later.

Can an MQTT broker be GxP compliant?
MQTT itself is not GxP compliant or non-compliant — it is a messaging protocol. Compliance depends on the surrounding controls: identity, access policies, audit trails, data integrity, change control and validation evidence.
What about data integrity and audit trails?
Standard brokers move messages. They usually do not prove who changed what, which policy was active, why a message was allowed or blocked, whether a record stayed complete and whether the evidence is complete enough for later review.
Can MQTT be used in GMP-regulated manufacturing?
Yes. MQTT can be used in GMP-regulated manufacturing when the surrounding system controls access, validates configuration, handles failures explicitly and preserves audit-ready evidence for GMP-relevant message decisions.
How do you ensure reliable MQTT messaging in GMP-regulated manufacturing?
Start with MQTT transport controls such as QoS, persistent sessions and retained messages where they fit the risk. Then add regulated controls: authenticated clients, topic-level authorization, validated configuration, explicit failure handling, dead-letter or retry review, synchronized time, audit trails and data integrity evidence. Read the full checklist
Does TrailMQ make a system automatically compliant?
No. TrailMQ supports compliance by generating technical evidence. Validation, risk assessment and procedural controls remain the responsibility of the regulated organization.
Does TrailMQ provide a REST API?
Yes. TrailMQ exposes product functions through a REST API so teams can inspect topics, resolve policies, review queues, validate audit evidence and integrate TrailMQ with scripts, local checks, CI pipelines, monitoring tools or external systems.
Can TrailMQ compare live values with historical baselines?
This is part of the planned plugin layer. Historical baselines can be provided through REST, live MQTT values can be enriched with domain context, and KPI Lite can calculate deviation metrics linked to audit evidence.
Is TrailMQ open source?
No. TrailMQ provides public evaluation access through GitHub and Docker images. Production use in regulated or commercial environments requires a valid commercial license.
Standard brokers move MQTT messages.
TrailMQ makes broker decisions explainable and reviewable.

Free to evaluate. No cloud dependency. Commercial license required for production use.  ·  contact@trailmq.com