Series draft — Part 7 of 15 in Hardened Agentic Stack. Outline only; expand before un-drafting.
Phase 2: Runtime Integrity — The Local Threat Model
The Problem
Direct filesystem/network access for tools is inherently unsafe on a developer or edge host.
The Infrastructure Fix
Route unsafe tools through ephemeral container sidecars (Kata/gVisor where needed).
The Architecture Pattern
Ephemeral Execution Sidecar — agent dispatches; container dies after the task.
Planned sections
- The “Oh No” moment — concrete incident or near-miss that makes the risk visceral.
- ClawQL context — how this control protects a high-privilege local/edge agent.
- Technical how-to — concrete configs, policies, or snippets a builder can apply.
- Safety check — what “trusted enough” looks like once this layer is in place.
Key visuals
- Agent → sidecar → destroy lifecycle
Source modules (docs.clawql.com)
Rule of Three (keep on publish)
| Layer | Takeaway |
|---|---|
| Problem | Direct filesystem/network access for tools is inherently unsafe on a developer or edge host. |
| Infrastructure fix | Route unsafe tools through ephemeral container sidecars (Kata/gVisor where needed). |
| Architecture pattern | Ephemeral Execution Sidecar — agent dispatches; container dies after the task. |