Deployment References

1. Standard (Single Node)#

profile: standard
runtime:
  environment: desktop
  audit:
    append_only: true
    hash_chain: false
  policy:
    default: deny_unknown_capabilities
  security:
    secret_isolation: true
    prompt_injection:
      taint_model: true
      boundary_wrap: true

2. Enterprise (On-Prem / Air-Gapped)#

profile: enterprise
runtime:
  environment: server
  air_gapped: true
  rbac: true
  audit:
    append_only: true
    hash_chain: true
    export: true
    retention_days: 2555
  security:
    non_root: true
    seccomp: true
    egress_allowlist:
      - internal.company.tld
    secret_isolation: true
    prompt_injection:
      taint_model: true
      boundary_wrap: true
      two_pass_validation: true
keys:
  hsm_optional: true

3. DePIN (Distributed Executors)#

profile: depin
runtime:
  environment: depin
  lease:
    required: true
    fencing: true
    lease_ttl_seconds: 60
  receipts:
    enabled: true
    metrics: true
  sampling:
    enabled: true
    rate: 0.05
    verifier_exclusion: true
  audit:
    append_only: true
    hash_chain: true
security:
  remote_boundary_signing: true
  schema_validation: true