Gateway boundary
Connectors, MCP servers, clients, and agents adapt into LNSAT. Gateway policy remains the security boundary.
LNSAT treats every agent action as a governed request. Runtime execution opens only after capability scope, policy, approval, audit obligations, rollback, and disablement behavior are known.
Connectors, MCP servers, clients, and agents adapt into LNSAT. Gateway policy remains the security boundary.
Modules declare capabilities, target systems, credentials refs, risk levels, and approval requirements before activation.
Core services run unprivileged. Privileged helpers are narrow, signed, audited, and disabled unless approved.
Clients expose named capabilities. Broad SSH, arbitrary command channels, and root wrappers are blocked by default.
Actions preserve policy decision, approval state, source refs, package identity, rollback refs, and evidence exports.
Missing policy, missing approval, invalid manifest, unknown capability, or unsupported platform blocks execution.