Documentation Index

Start here if you are reading BoundaryKit as a public case study. All examples are illustrative unless a page explicitly says it is a sanitized public evidence summary.

BoundaryKit Agent VM is a public security case study for governing untrusted AI-agent workloads with explicit policy boundaries, rootless runtime isolation, managed provider-boundary controls, rollback discipline, and evidence-backed validation.

The current public architecture centers this chain:

public input / operator intent
  -> policy and promotion boundary
  -> OpenShell sandbox running Hermes Agent
  -> rootless Podman runtime posture + managed provider boundary
  -> NUC-class VM substrate
  -> evidence receipts and recovery discipline

Public diagrams are abstract reference models, not live deployment maps. They intentionally omit hostnames, IP addresses, VM names, ports, routes, service names, key names, mount paths, incidents, and recovery paths.

Current Public Case Study

• Overview - current public architecture, threat assumptions, and non-claims.
• Verification model - vocabulary for static, reference-lab, boundary-measured, and production-ready claims.
• Boundary receipt #1 - measured inner sandbox boundary.
• Boundary receipt #2 - managed inference credential boundary.
• Governed workload case study - public walkthrough for treating an OpenShell/Hermes-style workload as untrusted.

Architecture And Governance

• Promotion control plane - dry-run-first promotion, rollback, and state-as-truth discipline at a public control-objective level.
• Governance and claim discipline - risk tiers, tool allowlists, canaries, audit, rollback, and evidence requirements.
• Gated preview access - temporary, revocable preview exposure pattern.
• Security methodology - public-safe methodology and operating principles.
• Threat model - assets, actors, trust boundaries, controls, limitations, and invariants.

Reference Acceptance Suite

These pages are retained as generic, fictional lab fixtures. They are useful for understanding older or portable acceptance checks, but they are not the current public runtime architecture for the public case study.

• Reference isolation substrate - golden VM, signed-image, and microVM acceptance concepts.
• Reference gateway runtime layout - legacy per-profile gateway fixture.
• Reference acceptance receipt - sanitized receipt for the reference acceptance suite.

Publication Boundary

• Evidence model
• Public/private boundary
• Declassification checklist

Nothing in these docs should be read as live deployment topology, a managed service claim, customer evidence, or production-readiness proof.