VALLIGNUS

Architecture

Zero-Trust Runtime Supervisor

Vallignus enforces identity, policy, and execution constraints on autonomous agents at runtime. Policies are evaluated deterministically with cryptographic audit output suitable for review and attestation.

Control Plane

Policy definitions, identity registries, and audit aggregation. The control plane never touches agent workloads directly. Configuration changes propagate through signed policy bundles with version attestation.

Data Plane

Runtime supervisors deployed alongside agent infrastructure. Each supervisor enforces policies locally with sub-millisecond evaluation latency. No external dependencies during enforcement.

System Overview

┌─────────────────┐      ┌───────────────────┐      ┌────────────────┐
│  Agent Runtime  │ ───▶ │  Supervisor Hook  │ ───▶ │  Policy Engine │
└─────────────────┘      └───────────────────┘      └────────────────┘
         │                        │                        │
         ▼                        ▼                        ▼
┌─────────────────┐      ┌───────────────────┐      ┌────────────────┐
│     Sandbox     │      │    Audit Log      │      │  ALLOW / DENY  │
│  (isolated env) │      │  (hash chain)     │      │  (terminated)  │
└─────────────────┘      └───────────────────┘      └────────────────┘

Runtime Flow

01

Spawn Request

Agent requests execution context from supervisor

02

Identity Verification

Cryptographic attestation of agent identity and origin

03

Policy Bundle Load

Runtime policies loaded and validated against schema

04

Sandbox Initialization

Isolated execution environment with resource constraints

05

Runtime Gating

Network, file, and tool access evaluated per-request

06

Audit + Termination

All actions logged with hash chain; termination on violation

Policy Example

# zero_trust.runtime.v1

[identity]
require_attestation = true
allowed_issuers = ["internal-ca.vallignus.io"]

[network]
default = "deny"
allow = [
  "api.internal.corp:443",
  "telemetry.vallignus.io:443"
]

[filesystem]
default = "deny"
allow_read = ["/data/agent/*"]
allow_write = []

[execution]
max_runtime_seconds = 300
terminate_on_policy_violation = true
audit_all_actions = true

Guarantees

Deterministic policy evaluation

Deny-by-default posture

Signed audit trail with hash chain

Kill-switch and forced termination controls

No implicit trust inheritance