Security

Built for adversarial workloads.

Agents are programs you didn't write running in environments you do own. KruxOS treats every agent as untrusted by default. Defense is layered. Decisions are logged. Privilege is gated.

Whitepaper [email protected] security.txt
Layered defense

Five rings between the agent and your hardware.

01
nftablesPer-agent egress firewall. Default deny.
02
LandlockMandatory access control over file reads & writes.
03
seccomp BPFSyscall allowlist. Dangerous calls never compile.
04
cgroup v2Hard caps on CPU, memory, IO, PIDs.
05
namespacesuser · mount · pid · net · uts — agent sees its own world.
Pillars

Four surfaces. Four guarantees.

SB

Sandbox

Per-capability fork into a fresh, namespaced process running as uid 1100. No long-lived agent shell. Clean state every call.

  • uid 1100 · default non-admin
  • uid 0 · AdminAgent · per-agent policy
  • 5 namespaces · cgroup v2 · seccomp · Landlock · nftables
VL

Vault

Secrets never touch the agent's address space. The gateway resolves a placeholder, the syscall happens with the real value, and the value never leaves the kernel mount.

  • ${SECRET} · placeholder resolution at call site
  • Encrypted at rest · age-keyed
  • secrets.read · always approval-gated
AU

Audit

Every capability call — allowed, denied, deferred — lands in a hash-chained CBOR log. Tamper-evident. Streamable. Replayable. The receipts of every decision.

  • Hash-chained · CBOR · binary
  • SIEM streaming on enterprise
  • Replay tool ships in v0.0.2
DC

Disclosure

Coordinated, no surprises. Report a finding privately, we acknowledge within 48 hours, and ship a fix on the next release window. Public CVE on agreed timeline.

  • [email protected] · PGP key on whitepaper
  • 48h acknowledgement SLA
  • Public hall of fame, coordinated CVE

Found something?

Mail [email protected] directly — please don't open a public issue for vulnerabilities. We acknowledge within 48 hours and aim to ship a fix in the next release window. We don't currently run a bug bounty program; recognition is via the security hall of fame and a coordinated CVE on agreed timeline.

contact[email protected] policy.well-known/security.txt disclosurecoordinated · 90 days default whitepaperdocs.kruxos.com/security/whitepaper