LLNSAT

Security model for AI agent infrastructure

LNSAT treats every agent action as a governed request. Runtime execution opens only after capability scope, policy, approval, audit obligations, rollback, and disablement behavior are known.

Gateway boundary

Connectors, MCP servers, clients, and agents adapt into LNSAT. Gateway policy remains the security boundary.

Least privilege

Modules declare capabilities, target systems, credentials refs, risk levels, and approval requirements before activation.

Root rare

Core services run unprivileged. Privileged helpers are narrow, signed, audited, and disabled unless approved.

No raw shell

Clients expose named capabilities. Broad SSH, arbitrary command channels, and root wrappers are blocked by default.

Audit-first

Actions preserve policy decision, approval state, source refs, package identity, rollback refs, and evidence exports.

Fail closed

Missing policy, missing approval, invalid manifest, unknown capability, or unsupported platform blocks execution.

Security pathleast privilegefail closedaudit first
AgentRequestGatewayPolicyApprovalAudit
Unknown scope blockedRoot rareNo raw shellEvidence required