Security & Trust

Every agent runs in an isolated sandbox with configurable permission levels. Full sandbox agents have no file system or subprocess access. Network calls are routed through a controlled proxy with allowlist enforcement.

• Three isolation levels: Full, Partial, None
• Mount namespace hardening prevents symlink escapes
• CPU and memory limits enforced per-run
• Network egress restricted to declared integrations

Input data is encrypted in transit (TLS 1.3) and at rest (AES-256-GCM). Agent outputs are scrubbed for PII before storage. Data residency options are available for EU and APAC regions.

• TLS 1.3 for all API traffic
• AES-256-GCM encryption at rest
• Automatic PII detection and redaction
• Data residency: US, EU, APAC

Every agent run produces a signed log entry. Entries are batched into Merkle trees and roots are published to a transparency log. Any tampering is cryptographically detectable.

• Ed25519 signatures on every log entry
• Merkle tree batching every 60 seconds
• Public transparency log for root hashes
• Signature verification in under 1ms

Role-based access control with SSO/SAML support. API keys are scoped per-agent and per-environment. Audit logs track every administrative action on the platform.

• RBAC with org, team, and user roles
• SSO / SAML 2.0 integration (Team+ plans)
• Scoped API keys with expiration
• Admin action audit trail

All agent dependencies are scanned for known CVEs at publish time and on a daily schedule. Critical vulnerabilities trigger automatic de-listing until patched.

• CVE scanning at publish and daily
• Integration with NVD, OSV, and GitHub Advisory
• Automatic de-listing on critical CVE
• Builder notifications with remediation guidance