Security Architecture

Defense in Depth

We treat every agent as a potential risk. That's why we isolate them in ephemeral, network-restricted sandboxes. We don't rely on trust; we rely on constraints.

01 — Filesystem Isolation

Total Tenant Isolation

The Agent lives in a digital vacuum. Physically impossible to access another client's data.

TENANT Aclient_case.pdfTENANT BINACCESSIBLE

02 — Network Isolation

Cannot "Phone Home"

All outbound traffic routes through a Network Proxy that only permits connections to pre-approved APIs. Data exfiltration is impossible.

AGENTNETWORKPROXYBLOCKEDpublic-llm.trainingshadow-it.cloudunauth-storage.ioWHITELISTEDapi.xero.comapi.stripe.com

03 — Code Execution

Amnesiac Execution

The Sandbox executes the task, then self-destructs. No memory. No residue.

LIVE
$ sandbox exec task.py
Environment isolated
Loading client_data.csv
Processing records...
Output generated
MEMORY24.7 MB

04 — Human Review

The Final Air Gap

Nothing leaves without you. The Agent drafts. You Approve.

DRAFT

System Schematics

A detailed look at the proxies, sockets, and permission layers that enforce our defense-in-depth strategy

UserAgentised AgentSandboxUserFailures shownto userAsk user forpermissionAsk user forpermissionBash(python foo.py)Log listenerSOCKS proxyHTTP proxybash -c'python foo.py'Network callSocatDomain socketAllowallowed:443Deny ✗denied:443AllowWrite ./READMEDeny ✗Write ~/.badDeny ✗HTTPS:443