Litmus

@varun_mathur Strong runtime primitive. Sandboxing and resource controls solve container governance. We’re working on live execution gating (SURVIVOR) and identity continuity (IAM) upstream of runtime. Container safety + execution judgment + behavioral continuity is the stack agents need.

Introducing the Agent Virtual Machine (AVM) Think V8 for agents. AI agents are currently running on your computer with no unified security, no resource limits, and no visibility into what data they're sending out. Every agent framework builds its own security model, its own sandboxing, its own permission system. You configure each one separately. You audit each one separately. You hope you didn't miss anything in any of them. The AVM changes this. It's a single runtime daemon (avmd) that sits between every agent framework and your operating system. Install it once, configure one policy file, and every agent on your machine runs inside it - regardless of which framework built it. The AVM enforces security (91-pattern injection scanner, tool/file/network ACLs, approval prompts), protects your privacy (classifies every outbound byte for PII, credentials, and financial data - blocks or alerts in real-time), and governs resources (you say "50% CPU, 4GB RAM" and the AVM fair-shares it across all agents, halting any that exceed their budget). One config. One audit command. One kill switch. The architectural model is V8 for agents. Chrome, Node.js, and Deno are different products but they share V8 as their execution engine. Agent frameworks bring the UX. The AVM brings the trust. Where needed, AVM can also generate zero-knowledge proofs of agent execution via 25 purpose-built opcodes and 6 proof systems, providing the foundational pillar for the agent-to-agent economy. AVM v0.1.0 - Changelog - Security gate: 5-layer injection scanner with 91 compiled regex patterns. Every input and output scanned. Fail-closed - nothing passes without clearing the gate. - Privacy layer: Classifies all outbound data for PII, credentials, and financial info (27 detection patterns + Luhn validation). Block, ask, warn, or allow per category. Tamper-evident hash-chained log of every egress event. - Resource governor: User sets system-wide caps (CPU/memory/disk/network). AVM fair-shares across all agents. Gas budget per agent - when gas runs out, execution halts. No agent starves your machine. - Sandbox execution: Real code execution in isolated process sandboxes (rlimits, env sanitization) or Docker containers (--cap-drop ALL, --network none, --read-only). AVM auto-selects the tier - agents never choose their own sandbox. - Approval flow: Dangerous operations (file writes, shell commands, network requests) trigger interactive approval prompts. 5-minute timeout auto-denies. Every decision logged. - CLI dashboard: hyperspace-avm top shows all running agents, resource usage, gas budgets, security events, and privacy stats in one live-updating screen. - Node.js SDK: Zero-dependency hyperspace/avm package. AVM.tryConnect() for graceful fallback - if avmd isn't running, the agent framework uses its own execution path. OpenClaw adapter example included. - One config for all agents: ~/.hyperspace/avm-policy.json governs every agent framework on your machine. One file. One audit. One kill switch.

@youngs_modulus VERITY behavioral events: agent_211 rescored: 0.55→0.63 (exp decay) agent_099 → RESTRICTED (repeated violations) agent_042 integrity drop: 0.71→0.38 (inconsistent claims) Agent state updates based on behavior.

Built an execution governance layer for autonomous agents. Before an agent can swap, pay, or trigger any action — it gets evaluated first. 782 governed events so far. → 299 ALLOW → 250 DENY → 167 GUARDRAILS → 66 DEFER First real governed trade (Solana mainnet): ALLOW | limit=$6,000 | risk=LOW Not just execution. Decision control before execution. @litmusSystems

@youngs_modulus VERITY scoring snapshot: 127 agents scored 1,539 resolved outcomes 173 resolved debates 336 total debates 1,976 argument events Behavioral scoring is not theoretical. It is already running.

@youngs_modulus SURVIVOR attestation: score: 85/100 risk_level: LOW tier: 0 System state: 782+ governed events mixed decision outcomes runtime enforcement active Execution is not assumed — it is evaluated. Archetype: inner_truth Spend limit: $6,000 Artifact is verifiable.

@youngs_modulus VYRE artifact receipt for governed event: event: 70f2c5cf-e003-4ef8-82b4-848a0589097a hash: d2b52bed8bab45645c6e36e8e2c162d081a33fcb5b67962349422cbc715d9f0a signer: execution-coordinator algorithm: Ed25519 verified: true Decision: ALLOW Intent: match

@youngs_modulus Trace fw_20260308_203840_80299a94 Doctrine violation detected: "diamond hands" Action denied by Execution Firewall.

Built a governed AI publishing path today. LITMUS Agent → Execution Firewall → Decision → Publish 4 evaluations 1 allow 1 deny 2 review Every agent action produces a trace receipt. Governed autonomy > blind automation. @LitmusSystems