Skip to content
Docs

Concepts

Content-addressing, capability isolation, post-quantum seals, and the four status levels.

On this page

Content-addressing

Skills, receipts, and freshness are keyed by SHA-256 hashes rather than mutable URLs. If the bytes change, the address changes — so you can verify exactly what you ran. This pipeline is part of the engine today.

Content-addressed pipelineLive

Capability isolation

Child processes and sidecars are stripped of secrets, NODE_OPTIONS, and proxy credentials; execution runs in a sanitized WASI sandbox with empty preopens and no shell. A cost handshake (the 402 loop) gates any write. Most of this layer is connected into the daemon and hardening.

Broker env-scopingWired
Exec + WASI sandboxWired
Write-approval (402 loop)Wired

Post-quantum seals

Skills and receipts carry ML-DSA-65 signatures, and secrets are sealed at rest with AES-GCM with derived keys zeroed after use. This substrate runs in production today.

Post-quantum receipts & sealsLive
Vault (AES-GCM, memory-wiped)Live

The four status levels

Everything in these docs is labeled with one of four honesty levels, sourced from the public capability matrix:

LevelMeaning
LiveRunning in production, exercised by tests.
WiredBuilt and connected into the daemon; hardening in progress.
StandaloneBuilt and tested in isolation; live wiring is supervised.
MockScaffold / placeholder — explicitly NOT real yet.
Was this page helpful?
Last updated June 3, 2026