Agents that read your files and execute shell commands cannot run inside your app process. Every Actana agent runs in a sandbox, with one-time tokens instead of long-lived secrets, and provider keys encrypted at rest. No detail is left to chance.
Every workflow run gets its own sandbox. Process-level and filesystem isolation, symlinks stripped at extract, deterministic timeouts, and force-removed on completion.
~2-3s startup. Asset round-trip supported. MCP server bridging via mcporter. The production default — every customer run lands here.
~200ms startup. Process-level isolation. 23 built-in tools. For dev / fast inner loop where assets aren't needed.
Provider keys, integration credentials, and webhook secrets are encrypted at rest. Each provision generates three single-use OTP tokens — setup, run, upload — and the sandbox never sees the underlying credential.
OTP_SETUP, OTP_RUN, and OTP_UPLOAD are generated per provision and validated on every container call. No re-use, no rotation surface for an attacker.
API keys for Anthropic, OpenAI, Gemini, and custom providers are stored encrypted and only decrypted into a scoped, single-run config payload — fetched once, discarded with the container.
Sandboxes emit stream.jsonl, result.json, and steps.json. Same shape live as in Logs — watch now or replay later.
Whitelisted extensions. Filenames sanitized to [a-zA-Z0-9._-]. Duplicates suffixed automatically.
Every workflow execution gets its own files folder. Nothing leaks between runs, workspaces, or tenants.
Default 30s execution timeout, configurable via MAX_EXECUTION_TIME_SEC. Containers force-removed on completion.
SOC 2 Type II. GDPR-aligned data handling. Self-host on your own infrastructure when regulation requires it.
Independently audited controls across security, availability, and confidentiality.
Data residency options, DPA available on request, and explicit consent flows for end users.
Run the entire workspace on your own VPC, with first-class Helm and Docker Compose deployments for enterprise customers.
