The agent-native runtime

Old software
executed instructions.
Agents
generate them.

Every layer beneath the agent must be reimagined.

Identity, storage, messaging, memory, execution, observability — every primitive beneath the agent was built for a different species of software. Codicera is the governance runtime for the new one.

Join WaitlistView on GitHub

The Rewrite

The old stack wasn't built for agents

For thirty years, enterprise software assumed intelligence lived in the human and execution lived in the machine. A user read a screen, interpreted context, decided what mattered, clicked a button. Agents invert that contract. Every primitive beneath them needs to be reimagined.

Old software

Deterministic · Explicit · Static

  • Users / service accounts
  • Databases
  • Message queues
  • Sessions / caches
  • Request / response
  • Logs / traces

Predictable · Reliable · Repeatable

Agent-native

Probabilistic · Generative · Dynamic

  • Delegation chains
  • Context compilation
  • Intent coordination
  • Cognitive memory stack
  • Durable trajectories
  • Behavioral forensics

Adaptive · Autonomous · Accountable

Codicera is the governance runtime for the new column.

Six primitives — identity, storage, messaging, memory, execution, observability — rebuilt for a world where agents decide at runtime. The unit of work is the trajectory, not the click.

Deploy agents across

NVIDIA CloudAzureAWSGCPOn-Premise

The Governance Runtime

Delegate. Compile. Observe.

Three verbs the old stack never needed. Six primitives rebuilt around them. One runtime, so enablement and governance stop fighting each other.

Delegate

A single user request spawns planners, researchers, browsers, executors — each with a different risk profile, a different budget, a different expiry. Cognition stays fluid inside the loop; commitment to the outside world is scoped, signed, and revocable.

  • Attenuated capability tokens per agent-to-agent handoff
  • Four-tier HITL: read-only · reversible · side-effect · destructive
  • Every tool call bound to initiator, policy, budget, expiry

Compile

Agents don't start with queries — they start with goals. Codicera compiles context on demand from your systems of record, with PII redaction at the boundary, permission-aware retrieval, and blueprints as procedural memory.

  • Behavior graph as the queryable context layer
  • PII detection and redaction before context leaves the sandbox
  • Blueprints as procedural memory — policies versioned as code

Observe

Classical observability asks what happened. Agents demand why. Codicera preserves the full trajectory — goals, context, tool choices, alternatives, revisions — as behavioral forensics the auditor accepts and the insurer consumes.

  • Trajectory replay for post-hoc debugging and audit
  • Drift detection, hallucination indices, behavioral baselines
  • Compliance evidence: SOC 2, HIPAA, EU AI Act, ISO 42001

Durable Trajectory

Your cloud,
your trajectories

Agents aren't one-shot requests — they're loops that run for seconds, minutes, hours, or days. Codicera deploys durable trajectories to your Kubernetes clusters, Docker hosts, or NVIDIA Cloud Functions. Kernel-level isolation, checkpointed state, and replay for every sandbox. Your data never leaves your infrastructure.

Docker Adapter

HTTPS API integration with Docker Engine. TLS-secured container lifecycle management.

Kubernetes Adapter

Namespace isolation, Deployments, and ConfigMap injection via service account tokens.

Container Lifecycle

Deploy, start, stop, restart, remove. Health checks, OOM detection, resource tracking.

Compute Targets

Register Docker hosts and K8s clusters. Health validation, capacity tracking, multi-cloud.

NVCF Adapter

Deploy to NVIDIA Cloud Functions for serverless GPU inference with NGC authentication.

codicera deploy
# Register a compute target
POST /api/v1/compute/targets
{
  "name": "prod-k8s-us-east",
  "type": "kubernetes",
  "endpoint": "https://k8s.prod.internal"
}

# Deploy an agent sandbox
POST /api/v1/compute/containers
{
  "targetId": "ct_prod_k8s",
  "image": "ghcr.io/infrastacks/nemoclaw:latest",
  "blueprintId": "bp_production_v3"
}

Container deployed to prod-k8s-us-east
Blueprint bp_production_v3 applied
Health check: passing

Neutral Runtime

Edge-first, cloud-neutral,
agent-native

Every primitive — delegation, context, intent, memory, trajectory, forensics — runs on infrastructure you pick. Persistent edge connections to every sandbox deliver real-time fleet state without polling. No hyperscaler dependency, no vendor lock-in on the rewrite.

CONSOLE + STUDIOManagement + agent interfaceUsersAPICONTROL PLANEOrchestrationGovernanceMeteringObservabilityNEMOCLAWOrchestrator — Blueprints · Lifecycle · CLICOMPUTECloud-neutral deploymentCLOUDAWS · Azure · GCPKUBERNETESCONTAINEROPENSHELLSandbox Runtime (Rust)CAR (Agent Runtime)PII DetectionSupply ChainOPA PoliciesInference RoutingINFERENCELLM provider routingOpenAIAnthropicNVIDIA NIMCustomCLOUD PROVIDERSAzure OpenAI · AWS Bedrock · GCP Vertex

Six Primitives

Every layer beneath the agent,
rebuilt

Identity, storage, messaging, memory, execution, observability. Each primitive has a rewrite argument — and a Codicera surface that ships it.

Identity → Delegated Capability

A single agent request spawns planners, researchers, browsers, and executors — each with a different risk profile. Permissions attach to actions, not actors.

  • Attenuated capability tokens per agent-to-agent handoff
  • Every tool call bound to initiator, policy, budget, and expiry
  • SSO, four-role RBAC, and API keys with granular scopes

Storage → Context Compilation

Agents don't start with queries. They start with goals. Storage stops being persistence and becomes context assembled on demand, under freshness and permission constraints.

  • Behavior graph as the queryable context layer
  • PII detection and redaction before context leaves the sandbox
  • Permission-aware, freshness-ranked retrieval

Messaging → Intent Coordination

Distributed systems move facts. Agents move work — a goal, a plan, a rejection, a handoff. Cognition stays fluid; commitment is durable, signed, and idempotent.

  • Four-tier HITL: read-only, reversible, side-effect, destructive
  • Propose / approve / reject / revise task semantics
  • Idempotent tool boundary — no leaked branches, no retry storms

Memory → Cognitive Stack

Working, episodic, semantic, procedural, resource — five kinds of memory, not one transcript. Consolidation rules, forgetting policies, and trust boundaries baked in.

  • Behavior graph as episodic and semantic memory
  • Blueprints as procedural memory — policies versioned as code
  • Consolidation passes and summarization inside the behavior queue

Execution → Durable Trajectory

Agents aren't requests — they're loops. Observe, plan, act, revise. The primary object is no longer the request; it's the trajectory. Checkpointed, resumable, replayable.

  • ReAct loop with state-machine enforcement (Thought · Action · Observation)
  • Pause · resume · inspect · approve · branch · rollback as first-class APIs
  • Kernel-level sandbox isolation (Landlock, seccomp) per trajectory

Observability → Behavioral Forensics

Classical observability asks what happened. Agents demand why. Traces must preserve goals, context, tool choices, confidence, revisions — forensics, not infrastructure logs.

  • Trajectory replay for post-hoc debugging and audit
  • Drift detection (KL divergence, PSI) and hallucination indices
  • Compliance evidence (SOC 2, HIPAA, EU AI Act, ISO 42001)
Open Source Foundation

Built on open source.
Built in, not bolted on.

The runtime security under Codicera is OpenShell—NVIDIA's open-source sandboxed agent runtime with kernel-level isolation, OPA policy enforcement, and inference routing. Our fork adds PII detection and supply chain governance at the proxy layer. NemoClaw orchestrates sandbox lifecycles on top.

The security isn't a feature we added—it's the foundation everything else runs on. Every agent action passes through kernel-level enforcement before Codicera's intelligence layer ever sees it.

You can inspect every line. No black boxes.

Explore on GitHub

Open-source runtime, enterprise-grade security

Built on NVIDIA OpenShell — Landlock, seccomp, OPA policies, and inference routing at the kernel level. Audit the source, verify the controls, run it on your infrastructure.

Your data never leaves your cloud

Agents run on your Kubernetes clusters, not ours. PII detection and supply chain governance enforce data protection at the proxy layer — before anything leaves the sandbox.

No vendor lock-in

The runtime is open source. The inference providers are pluggable. The compute targets are your own. We earn your renewal, not trap it.

One runtime, one contract

The CIO gets enablement. Platform engineering gets a single runtime. Security gets governance in the control loop, not the audit report. Nobody waits for anyone else.

CIO & Technology Leadership

Every team is already running agents — in Slack, in CI, in ops, in support. The question isn't whether agents belong in the enterprise. It's whether they run on a stack built for them. Codicera is that stack. Enablement and governance arrive in one contract.

Platform Engineering

One runtime for every team's agents, already wired for delegation, context, memory, trajectories, and forensics. Self-service deployment on your own clusters; policy from one console; no six-vendor integration project.

Security & Compliance

Governance lives in the control loop, not the audit report. Every trajectory is signed, every tool call carries provenance, every policy decision is logged as first-class telemetry. When the auditor asks, the evidence is already written.

The old stack wasn't built for agents.
Codicera is.

Early access is open. Join the waitlist and we'll get you running on your infrastructure in days, not quarters.

Join WaitlistStar on GitHub