Access Map

See your whole network at a glance.

An interactive force-directed graph of every peer, group, policy, and access path in your mesh. Click any node to see what it can reach — and what can reach it.

  • Auto-discovers every peer, group, and policy edge
  • Filter by group, team, status, or ACL rule
  • Trace the exact reason a peer can — or can't — reach a service
Get early access Pair with Zero Trust →
db-primary
production +2

db-primary

dev-mac

api-server

ops-bastion

contractor

db-primary

Reachable from 3 peers via prod-rbac policy.

Selected Allowed Denied
Live topology
Click. Drag. Filter.
Use cases

A diagram that answers questions.

Stop drawing your network on whiteboards. Click peers, follow edges, get answers in seconds.

1

Onboard a new engineer

Drop them in front of the Access Map. Five minutes later they know which services exist, which teams own them, and how access flows.

Filter: group=onboarding
2

Debug a connection issue

Click the peer that's failing. The map highlights every allowed and denied path — you see exactly which ACL rule is blocking traffic.

Click: db-primary → dev-mac ✕ blocked by prod-rbac
3

Audit blast radius

Before granting a contractor access, simulate it. The map highlights every peer they'd reach — a one-glance answer for security review.

Simulate: contractor-laptop → 3 reachable
Capabilities

Everything the spreadsheet hides.

Live topology, ACL-aware edges, deep search, and a snapshot auditors can actually read.

Real-time, not yesterday's diagram

New peer registers? Node appears. ACL rule changes? Edges recolor. No manual diagram maintenance, no stale docs.

Peers added/removed in seconds
Policy edges update on save
Online/offline status live
No agents to install — server-side compute

Edges encode your ACL, not just connectivity

Green means allowed. Red means denied. Hover any edge to see exactly which policy rule decided the verdict, and which group membership triggered it.

# Hover edge: dev-mac → db-primary
DENY  policy: prod-rbac
       rule:   members of developers
               cannot reach group production-db
       fix:    add dev-mac to db-read

Search, filter, focus

Search by hostname, IP, group, team, or tag. Filter to a single group, hide offline peers, isolate one ACL rule's edges — every view is a question answered.

host:db-primarygroup:productionstatus:onlinepolicy:prod-rbac

A snapshot auditors can read

Export the current view as PNG or SVG, share a URL that opens the same filter set, or embed in a compliance report. Visible network = auditable network.

Share filtered view via URL
Export PNG / SVG / JSON
Pairs with Audit Logs for incident review
Read-only viewer role for security review

Make your whole mesh visible.

Free for every feature while we're in beta. Open the Access Map and trace who-can-reach-who in seconds.

Get early access See pricing →