Engram Safety Documentation

VERSION 2.5.0 (STABLE) β€Ά LAST UPDATED: 2026-02-12

Introduction

Welcome to the official documentation for the Engram Safety Architecture. This guide covers deployment, configuration, and operation of containerized autonomous workloads using Jail Warden isolation, Air Lock proxy control, and forensic evidence chains without sacrificing deterministic control or traceability.

Critical Security Notice All Engram safety modules are designed for strict default-deny execution boundaries. Confirm container, proxy, and local host controls are active before starting any agent run.

Quick Start

Start the stack in local simulation mode to validate the full safety path before production. This confirms policy enforcement, outbound gating, and evidence chain writes are all active.

Installation

The safety stack can be deployed with Docker and the local CLI workflow. Ensure your environment supports Python 3.11 and Docker runtime features for sealed execution.

                        $ docker build -f Dockerfile.safe -t agent-forge:latest .
                        $ python -m agent_forge.cli.start_proxy --port 8080
                        > Building sandbox image... OK
                        > Initializing Air Lock proxy... OK
                        > Container runner active.
                    

Core Concepts

Engram's execution model depends on three primitives: isolated runtime control, deterministic policy interception, and immutable evidence continuity.

Jail Warden Runner

The Jail Warden Runner seals each workload into a strict execution boundary with explicit resource and syscall controls. This minimizes blast radius and stops uncontrolled code paths.

Policy Engine

Policies are enforced through runner constraints and proxy-level domain controls. The Air Lock applies allowlist checks, payload auditing, and simulation redirects before any outbound request reaches an external service.

                        policy:
                        allow_domains: ["pypi.org"]
                        simulation_mode: true
                        redirect_map:
                        api.stripe.com: "localhost:5000"
                        post_body_audit:
                        deny_keywords:
                        - "password"
                        - "secret key"
                        - "ssn"
                    

Evidence Chain

Every executed action and export event is hash-linked and written to immutable local evidence records. These records provide verifiable forensic history for agent sessions, incident reconstruction, and downstream compliance review.

To verify the integrity of the current evidence chain:

                        $ agent-forge verify-logs --chain=forensics.jsonl
                        > Checking hash consistency... 100%
                        > Validating signatures... 100%
                        > EVIDENCE INTEGRITY CONFIRMED.
                    

API Reference

Agent Interface

Core runtime controls are exposed through the Agent Interface for execution, observation, and policy-coupled state transitions. All interface calls are routed through safety guards.

Verification Hooks

Verification Hooks let operators enforce preflight and postflight assertions around every task. Hook failures trigger immediate run interruption and forensic capture.

Error Codes

Error codes follow deterministic categories for policy violations, transport denials, runtime isolation failures, and evidence integrity mismatches.

Security

Air Lock Protocol

The Air Lock Protocol provides outbound egress mediation with strict domain allowlists, request transformations, and deny-first filtering.

Audit Compliance

All security decisions and runtime actions are timestamped and chain-linked to support audit review, incident reconstruction, and compliance evidence generation.