Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.equinix.dev/llms.txt

Use this file to discover all available pages before exploring further.

The promise: the failure mode of a poorly-prompted agent is a closed PR, not a misconfigured Cloud Router. Anything that mutates needs a human.
equinix.dev’s security model leans on Equinix’s existing identity and approval surfaces — we just make them legible to the agent before it asks.

Six controls

Plan-only by default

Every Terraform output ships with prevent_destroy and an apply guard. Default execution mode is dry-run.Control: F-001

Scoped MCP identities

Agents authenticate as network-agent-mcp@ users with project, metro, and resource scopes. Personal admin identities are never used for OAuth consent.Control: F-014

Account-aware preflight

Five blocking gates run before any mutating tool: ports/devices, observability permission, developer app, capacity, provider quote.Control: F-022

pricing.md governance

The agent reads commercial estimates from a versioned pricing.md contract. Anything missing is reported as quote_required rather than fabricated.Control: F-031

Audit log per plan

Every plan run captures the prompt, the read tools, the blocked mutating tools, the timestamp, and the dedicated MCP user. JSON or SIEM webhook export.Control: F-040

Reviewer-grade Terraform

Output is shaped to be reviewable in a PR — modules, lifecycle blocks, apply guards, and explicit quote-status fields.Control: F-052

How customer data flows

No customer data leaves your environment without consent. The local workbench keeps everything on disk. The connected agent runs against your Equinix tenant with a read-only MCP scope by default. Nothing goes to a third-party inference provider unless you explicitly route through Equinix Fabric.
[ developer + agent ]


[ .equinix-dev/    ]   local file writes
[ Local Explorer   ]   read-only API mirror

        ▼              (only with customer consent)
[ Equinix tenant   ]   read-only MCP via dedicated user

        ▼              (only after preflight + human approval)
[ Real provisioning ]  Terraform apply by reviewer

Compliance roadmap

ItemStatus
SOC 2 Type IIIn audit · Q3 2026
ISO 27001Scoped · 2027
HIPAABAA on request
FedRAMPVia Equinix Government Cloud
Subprocessors (local demo)None

Reporting a vulnerability

security@equinix.dev

PGP key: 0xC0FFEEDB · Reply within one business day. Critical issues get an automated security-priority label.

What this page deliberately does not promise

  • No “we’ll never see your data” claim — we may see read-only Fabric metadata if you explicitly install the Connected tier.
  • No SOC 2 today — the audit is in progress, not complete.
  • No FedRAMP authorization on the local demo path.
  • No production SLA on the Local Explorer — it’s a developer tool.