Vault

“Vault” here is the security posture for autonomous software: least agency, strong isolation, cryptographic identity where the mesh meets the internet, and evidence that auditors can follow. It is not a single product box — it is how Pilox stacks defenses from the kernel boundary up through prompts and policies.

Isolation and blast radius

MicroVMs shrink blast radius per agent when the platform can allocate a VM. WASM paths trade some of that for density and start-up time. Capability-style tokens (roadmap) aim to ensure each agent receives only the permissions its task requires, not a superset of org-wide keys.

Identity and encryption

SPIFFE / SPIRE integration is planned for workload identity and mTLS-oriented meshes. On the hardened A2A SDK path, Noise Protocol E2E gives forward-secrecy-oriented designs between agents. Effectiveness always depends on how you deploy and rotate credentials.

Prompt and content safety

Layered defenses include schema enforcement, LLM Guard, LlamaFirewall, and NeMo Guardrails-class tooling. None of these replace human review of high-risk flows; they reduce naive injection and unsafe tool invocation when configured with your policies.

Audit and evidence

Hash-chained events in PostgreSQL and optional Sigstore Rekor anchoring are directional for immutable audit trails. The objective is defensible logs: what ran, who attested it, and how integrity is verified externally.