Architecture

Agent Space

The sandboxed execution environment where AIOP-managed agents run.

What it is

Agent Space is a secure runtime environment where AI agents execute workflows under strict containment. Each agent runs in its own isolated container, bound to a specific user identity and governed by policy constraints. Agents can only access tools and data explicitly permitted by policy — no privilege escalation, no data exfiltration, no boundary violations. Think of it as a controlled workspace where agents have exactly the permissions they need, nothing more. Every action the agent takes is observable, every boundary crossing is logged, every policy violation is blocked at the perimeter.

Agent Space · Known-Execution EngineFilters every outgoing call — before it leaves the system
Agent
credit-officer:42
AGENT →→ ALLOWED× BLOCKEDKEEKnown-Execution Engine
Allowed calls3
  • Customer DB
  • Scoring API
  • Templates
Blocked calls3
  • HR Table
  • Medical Records
  • Outbound Mail
Current callAllowed through
lookup_customer(c-001) Customer DB
tool on workflow allowlist · row scope ok
Rules
  • Tool allowlist
  • Identity scope
  • Data policy
  • Human sign-off

The KEE checks every call against known, allowed execution paths. What isn't known doesn't leave.

Why it matters

Uncontained AI agents are a compliance nightmare and a security liability. They can access data they shouldn't see, invoke tools they shouldn't use, and take actions you can't defend during audit. Agent Space solves this by making containment architectural, not aspirational. The isolation isn't enforced by hoping the AI 'behaves' — it's enforced by the runtime environment. When an agent tries to exceed its policy boundaries, the platform blocks it before execution, not after damage. This transforms agents from 'too risky to deploy' into 'safe enough to automate critical workflows.'

Where it lives in AIOP

Agent Space is Layer 4 in the 8-layer architecture, sitting between the Orchestrator (which routes requests) and the Tool Surface (which provides capabilities). It implements the Contain primitive at the execution layer, ensuring every agent action respects identity and policy boundaries. For high-sensitivity workloads, Agent Space supports per-tenant isolation — each customer's agents run in completely separate environments. The Human-in-the-Loop primitive integrates here: when an agent requires approval, Agent Space pauses execution until the signature arrives.

Business Value

Deploy AI agents in production without creating security gaps.

  • Reduce incident response costs by preventing agent misbehavior at the platform level.
  • Enable automation of sensitive workflows that were previously 'too risky' — unlocking productivity gains while maintaining compliance.
  • Demonstrate to regulators that agent actions are contained by design, not by policy documents.
Value for Teams
Security teams

Gain enforceable runtime boundaries instead of relying on AI 'alignment.' Platform engineers get familiar container isolation patterns.

Compliance officers

Demonstrate agent containment to auditors with architectural proof.

Developers

Build agentic workflows knowing the platform prevents dangerous actions automatically.