Niyatna Docs

Permission Gates & Runtimes

How Niyatna OS secures execution using isolated runtimes, permission boundaries, and veto gates.

Security in Niyatna OS is built into the infrastructure layer, rather than handled at the prompt level. Runtimes are restricted by design, ensuring that agents can only execute tasks under strict supervision.

The Sandbox Model

All agents execute inside isolated, secure containers. Niyatna OS configures the boundaries:

  • Path Scoping: The runtime only mounts directories needed for the specific intent. Master configurations are inaccessible.
  • LocalRoute Key Masking: Agents never see raw API keys. LocalRoute proxies requests or mounts scoped, temporary credentials.
  • Network Isolation: Outbound internet access is disabled by default and only enabled for specific API endpoints when explicitly whitelisted.

Action Gate Classes

  • Allowed: Local file edits, compile checks, local server tests, directory indexing, and formatting.
  • Approval Awaiting (Staged): Git pushes, deployments, writing back to production databases, and routing messages to customer channels.
  • Blocked: Actions exceeding directory scopes, accessing unauthorized credentials, or violating system-wide constraints.

Local Memory Contexts

How Niyatna OS utilizes durable context without letting outdated assumptions drift human intent.

Slash Commands

Operational slash commands for executing tasks and managing veto gates inside Niyatna HQ.

On this page

The Sandbox ModelAction Gate Classes