Skip to main content

Local runtime for AI agents: sessions, replay, and hard caps

Project description

Vallignus

Vallignus

Zero-Trust Runtime for Autonomous Agents

Deterministic Execution Governance & Forensic Attribution for AI Workflows.

PyPI version License: MIT


Vallignus is a process supervisor designed to enforce Least Privilege access controls on autonomous agents (CrewAI, AutoGen, LangChain). It wraps the agent runtime in a monitored shell, enforcing strict boundaries on execution time, output volume, and process lifecycle to prevent uncontrolled behavior, infinite loops, and resource exhaustion.


Mission

Autonomous agents are effectively "untrusted insiders." Relying on LLM prompts for safety is insufficient for critical infrastructure. Vallignus provides an external, deterministic control layer that cannot be bypassed by prompt injection or model hallucination.


Core Capabilities

1. Compartmented Execution

  • Process Isolation: Runs agents in a dedicated process group.
  • Zombie Containment: Enforces SIGTERM -> SIGKILL escalation on the entire process tree, guaranteeing no "ghost" workers remain active after mission termination.

2. Deterministic Termination

  • Wall-Clock Hard Limits: Enforces strict temporal boundaries on agent operation.
  • Output Flood Protection: Monitors stdout/stderr volume to detect and sever infinite regeneration loops before they flood logs or upstream APIs.
  • Request Throttling: Caps total HTTP requests to prevent runaway API consumption (firewall mode).

3. Forensic Attribution

  • Immutable Audit Trail: Captures a separate, append-only JSONL stream of all agent emissions.
  • Replayability: Preserves the exact state of stdout/stderr at the moment of failure for post-incident analysis.
  • Termination Metadata: Records violation type, threshold, and observed value for every forced termination.

4. Network Policy Enforcement (Optional)

  • Domain Allowlisting: Restrict agent network access to pre-approved endpoints.
  • Request-Level Audit: Log every outbound request with allow/deny decision.
  • Budget Controls: Enforce spend limits on API calls.

Quick Start

Install

pip install vallignus

Basic Supervision

# Enforce 5-minute maximum runtime
vallignus run --max-runtime 300 -- python agent.py

# Enforce output volume limit
vallignus run --max-output-lines 10000 -- python agent.py

# Combine constraints
vallignus run --max-runtime 300 --max-output-lines 10000 -- python agent.py

Session Forensics

# List recent executions
vallignus sessions list

# Inspect execution metadata
vallignus sessions show <session-id>

# Replay exact output stream
vallignus replay <session-id>

Demo: Deterministic Termination and Replay

Runtime Demo

Demo: Network Policy Enforcement

Firewall Demo


Governance Policy (Architecture Preview)

Upcoming in v0.5.0: Define granular permissions via vallignus.policy.yaml:

# /etc/vallignus/policy.yaml
security_context:
  level: "strict"
  user: "nobody"

constraints:
  max_runtime: 300s
  max_output_bytes: 50MB
  network:
    allow_domains: ["api.openai.com", "internal-db.local"]
    default_policy: "deny"

violation_protocol:
  action: "kill_process_group"
  alert_webhook: "https://security-ops.example.com/alerts"

Session Artifacts

Each execution produces an immutable forensic record:

~/.vallignus/sessions/<session-id>/
  ├── session.json    # Execution metadata, exit code, termination reason
  ├── events.jsonl    # Timestamped event stream (append-only)
  ├── stdout.log      # Raw stdout capture
  └── stderr.log      # Raw stderr capture

Network Policy Mode

For environments requiring network-level controls:

# Initialize policy infrastructure
vallignus auth init

# Define agent identity
vallignus auth create-agent --agent-id deployment-agent --owner "ops@company.com"

# Create network policy
vallignus auth create-policy \
  --policy-id production \
  --max-spend-usd 100 \
  --allowed-domains "api.openai.com,internal.company.com"

# Execute with policy enforcement
export VALLIGNUS_TOKEN=$(vallignus auth issue-token \
  --agent-id deployment-agent \
  --policy-id production)

vallignus run --max-runtime 300 -- python agent.py

CLI Reference

# Supervised Execution
vallignus run [OPTIONS] -- <command>
  --max-runtime <seconds>      Temporal containment
  --max-output-lines <n>       Output flood protection
  --max-requests <n>           Request throttling (policy mode)
  --token <token>              Enable network policy enforcement
  --no-session                 Disable forensic logging

# Forensics
vallignus sessions list        List execution records
vallignus sessions show <id>   Inspect session metadata
vallignus replay <id>          Replay output stream

# Policy Infrastructure
vallignus auth init            Initialize policy storage
vallignus auth create-agent    Register agent identity
vallignus auth create-policy   Define permission policy
vallignus auth issue-token     Generate execution token
vallignus auth revoke-token    Revoke active authorization
vallignus auth rotate-key      Rotate signing keys

Requirements

  • Python 3.8+
  • Local execution only (no external dependencies, no telemetry)

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vallignus-0.4.2.tar.gz (32.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

vallignus-0.4.2-py3-none-any.whl (28.0 kB view details)

Uploaded Python 3

File details

Details for the file vallignus-0.4.2.tar.gz.

File metadata

  • Download URL: vallignus-0.4.2.tar.gz
  • Upload date:
  • Size: 32.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for vallignus-0.4.2.tar.gz
Algorithm Hash digest
SHA256 5639b771a59d3fb414f96941afb7a9488bf462ccc0a997691f8e6f2cc2d64b80
MD5 1d2720ea88fbcfa6d3d09df11cc607f1
BLAKE2b-256 d92af92dd5f448f7581a738bf82b8b9f4111c3f2593a1d5e03831c8e7e86f5ad

See more details on using hashes here.

File details

Details for the file vallignus-0.4.2-py3-none-any.whl.

File metadata

  • Download URL: vallignus-0.4.2-py3-none-any.whl
  • Upload date:
  • Size: 28.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for vallignus-0.4.2-py3-none-any.whl
Algorithm Hash digest
SHA256 b125e0e6a7400bda80e3e964fc281a1947801bc656df8213cf1ce6bed79fecb5
MD5 b6d9f3b09e43e90acfcd9c56b8c29e3e
BLAKE2b-256 57d787d7f1d2efda3c2fec612b9be7a669f5e247fb3713aea5849c088053cc59

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page