The trust layer
for
AI agents

Deterministic policy enforcement, cryptographic audit trails, and fleet-wide coordination for every agent in your stack. Zero code changes.

Apply for Early Access How it works

$ iso run --policy strict agent.py

◆ Agent wrapped · PID 48201

◆ Policy engine loaded · 12 rules active

◆ Witness chain initialized · block #0

✓ Agent running · all actions flow through trust pipeline...

Zero code changes. Wrap existing Python, Go, or Node.js agents as-is. The agent runs unchanged as a subprocess; Isonapse intercepts its boundaries from outside. Adopt first, configure later.

Already inside your Docker container.

The five-stage trust pipeline runs inside the same Docker container you already deploy — wrapped in an .isonapse container. Identity, policy, witness, execution. No new runtime, no new daemon, nothing extra to install.

Wrap your first agent in minutes.

The early-access beta is open for partners. Join our private Slack to get the CLI, templates, and direct support from the engineers building it.

Apply for Early Access

01 Identity

iso identity

OIDC federation. Action trace begins, scoped to an authenticated human.

02 Shield

iso shield

Per-action policy decision: permit, defer to a human, or deny outright.

03 Witness

iso witness

A signed receipt of the decision, appended to the hashchain. Independently verifiable.

04 Run · .SAC

iso run

Action runs inside the Secure Agent Container (.SAC) — isolated, identity-scoped.

05 Coming soon

iso memory & learning

Outcomes feed local-first memory. Agents remember what worked and improve over time.

Five primitives. One runtime.

Each product solves one layer of the agent infrastructure problem. The CLI is short, lowercase, verb-first — designed to feel native to a terminal.

Run

iso run

Secure Agent Container (.SAC). Same agent on Process, Docker, Kubernetes, μVM, or WASM.

Shield

iso shield

Per-action policy enforcement. Permit, defer, or deny — deterministically.

Witness

iso witness

A hashchain of signed receipts. Regulators verify the chain independently.

Identity

iso identity

OIDC federation. Every action traces back to an authenticated human via your IdP.

Memory & Learning

iso memory Coming soon

Local-first memory and learning. Agents remember what worked, improve over time, and stay inspectable.

Built at the infrastructure layer.

Not middleware. Not a decorator a developer can forget to add. Enforcement happens beneath the application — transparent, mandatory, unbypassable.

Application

unchanged

Your Agent

Python Go Node.js

↓ Every HTTP, FS, shell, DNS

Trust Layer

Active

Isonapse

Proxy Policy Identity Witness Mesh

↓ Validated, signed, time-limited

Execution

isolated

Host Runtime

Process Docker Kubernetes μVM WASM

01

Every HTTP request, file access, shell command, and DNS query passes transparently through Isonapse's proxy. The policy engine isn't a decorator a developer can forget to add — or an interceptor a misconfigured integration can bypass.

02

A hashchain of signed receipts. Anchored to a public chain at intervals. A regulator verifies the chain's integrity independently — without access to your systems, your keys, or your network.

03

Every component degrades gracefully offline. Edge nodes operate autonomously. The same agent container runs on bare metal, in microVMs, or in a browser tab — cloud enhances learning, never correctness.

EU AI Act Regulatory alignment

Swiss-Engineered. EU-Aligned.

Built for secure, auditable execution of AI agents in regulated environments.

Regulatory mandate Isonapse primitive

Audit trails → iso witness · hashchain

Human oversight → iso shield · defer to human

Traceability → iso identity · oAuth/aAuth

Risk management → iso shield · per-action policy

Apply for early access.

Join our private Slack channel to get early access to the beta version.