Built for regulated systems

Make MQTT reviewable

Standard brokers move messages. TrailMQ helps you prove what happened.

TrailMQ helps regulated teams control access, track changes and keep reviewable audit evidence on top of MQTT.

  • Know who changed what
  • Control access by policy
  • Keep reviewable audit evidence
Deploy from GitHub View on Docker Hub

Fast transport is easy. Explaining it later is hard.

Later, teams often need to explain who changed what, which policy was active and why something was allowed, blocked or reconfigured.

Standard MQTT brokers tell you messages moved. They do not tell you who changed what, which policy was active or why something was allowed or blocked. TrailMQ keeps that evidence structured and reviewable from the moment it happens.

Designed for GMP, GxP and IIoT environments where traceability is not optional.

You keep MQTT. TrailMQ adds a control and evidence layer on top. No change to your machines, no change to your broker, no proprietary lock-in.

Built for teams that need to explain later

Whether you run a production line, manage pharma infrastructure or build systems that have to pass an audit — TrailMQ is the layer between your MQTT traffic and your reviewable evidence.

🏭

OT and Production Teams

You need to know who changed a setpoint, when it happened and whether the right policy was active. TrailMQ keeps that record without touching your PLCs or sensors.

🧪

Pharma and Life Sciences

You operate under GMP. Auditors ask questions months later. TrailMQ gives you structured, reviewable evidence for every message decision, ready when you need it.

🔧

IIoT Platform Engineers

You build the infrastructure others rely on. TrailMQ runs as a Docker container, integrates without code changes and produces audit evidence that downstream systems can consume.

Not just transport. Controlled messaging.

TrailMQ does not replace your broker. It sits in front of it and gives every message decision a clear, reviewable record.

Policy-controlled topic access

Define who can publish or subscribe to which topics, under which conditions. Policies are versioned and always part of the audit record — so you can prove not just what happened, but which rule allowed or blocked it.

Immutable audit trail

Every decision is written to a structured, append-only log that stays readable and reviewable later. No post-processing required.

Identity and change tracking

Know which client, user or service triggered a message. Know when a configuration changed and who changed it. TrailMQ connects identity to every event in the system.

Structured, readable evidence

Not raw logs. Not binary blobs. Structured records that a validation engineer, auditor or QA team can review without a developer in the room.

Standard broker vs. TrailMQ

A standard broker tells you messages moved. Here is what it cannot answer.

Question you need to answer Standard broker With TrailMQ
Who changed this topic configuration? No record Identity tracked
Which policy was active when this message was sent? Not tracked Policy version in audit log
Why was this message blocked? No explanation Decision recorded with reason
Can I prove this data was not modified in transit? No Tamper-evident log
Is this evidence ready for a GMP audit? No Structured, reviewable records

TrailMQ does not compete with your broker. It makes broker decisions visible, reviewable and explainable.

Built for regulated environments

  • Immutable audit evidence — hash-chained, tamper-evident trails
  • Segregation of duties — user and role-based access controls
  • Data integrity controls — message-level verification
  • Supports validation workflows — IQ/OQ/PQ documentation ready
  • GAMP alignment — topic-level permissions across validation phases

TrailMQ serves as a technical control in support of compliance processes; it does not replace full regulatory assessment or validation.

A layer, not a replacement

TrailMQ works as a control proxy between your MQTT clients and your broker. Nothing about your existing setup needs to change.

Proxy mode: transparent to your clients

Clients connect to TrailMQ instead of directly to the broker. TrailMQ applies policies, records decisions and forwards messages. Your clients see no difference. Your broker sees no difference. Your audit trail sees everything.

Same MQTT protocol. Same client libraries. No code changes.

Audit log

An immutable, searchable event timeline showing who sent what, when and why. Answer compliance questions months later without rebuilding context from logs.

Useful when: an auditor asks what happened six months ago.

Get started in minutes

Clone the repo, run Docker Compose, define your first policy. Your MQTT traffic stays exactly as it is.

TrailMQ runs as a transparent proxy. Your clients connect to TrailMQ. TrailMQ connects to your existing broker. No migration, no downtime, no code changes on your clients.

Free to evaluate. Contact us for production licensing.

TrailMQ is early-stage software. Evaluate it carefully before using it in critical production environments.

Docker Hub Images
trailmq-backend trailmq-frontend
# Clone the deployment repo git clone https://github.com/RainerGewalt/TrailMQ.git cd TrailMQ # Start all services (pulls images from Docker Hub) docker compose up -d # Open the Web UI open http://localhost/trailmq/
# Example: define a topic policy { "topic": "factory/line-1/#", "allow": ["line-operator", "qa-team"], "deny": ["*"], "version": "2025-03-01" }
Read the full setup guide →
Standard brokers move messages.
TrailMQ helps you prove what happened.
Deploy from GitHub Docker Hub Concepts

Free to evaluate. No cloud dependency. No vendor lock-in.
Contact contact@trailmq.com for licensing.