The Secure Runner provides an isolated execution environment for autonomous agents. It enforces strict memory ceilings and network allowlists at the kernel level.
By leveraging hardware-level virtualization and cryptographic verification, the runner ensures that agents operate within defined safety parameters, preventing lateral movement and unauthorized data exfiltration.
Agents must be initialized with a valid manifest file. The manifest defines the resource limits and capabilities granted to the agent during its lifecycle.
By default, all outbound traffic is blocked unless explicitly allowed in the policy.json file.
The runtime monitors all syscalls and network packets in real-time.
Any attempt to bypass these constraints, including header manipulation or unauthorized port binding, will trigger an immediate SIGKILL and a forensic audit log entry.