DEV Community

Cover image for I built a secure runtime for AI agents with Rust and Linux kernel features
Kyubin Kim
Kyubin Kim

Posted on

I built a secure runtime for AI agents with Rust and Linux kernel features

#agents #ai #rust #showdev

Source Code:

GitHub logo skwuwu / Analemma-GVM

A governance runtime for AI agents, built on Linux kernel security primitives.

Analemma-GVM

A lightweight secure runtime for autonomous AI agents. Governs every outbound HTTP call, isolates the filesystem, and locks down syscalls — using a Rust proxy and Linux kernel primitives.

I wanted to run multiple autonomous AI agents (such as OpenClaw) for my personal affairs. But every time I let agents do everything they want, there was always a little anxiety. What if it does something it shouldn't? What if it leaks personal information or deletes important data?

Existing answers (such as NemoClaw, OPA+Envoy) required Docker, an embedded Kubernetes cluster, NVIDIA GPUs, or Envoy sidecars. I wanted a lightweight alternative that doesn't need infrastructure setup and strictly enforces what agents do.

So I built GVM (Governance Virtual Machine) — a lightweight security runtime for AI agents. Two small Rust binaries (CLI + proxy, ~22MB total), no Kubernetes, no service mesh, no GPU. It sits between your agent and its actions…

View on GitHub

Terminal demo of GVM showing the workflow: watching agent behavior, auto-generating rules with suggest command, and enforcing security policies in sandbox mode

Why I built this?:
I really wanted to use multiple autonomous agents (such as OpenClaw) 24/7 to automate my workflows, but letting them to do everything they require made me anxious. For example, they can read my .env files and expose it to internet by misleading context, call external api incorrectly that making financial costs, and delete my important data accidentally. Because they are not essentially deterministic the probability of such events occurring isn't zero. In fact, a lot of security accident cases are found in reality.

For sure, i considered about using existing security options such as NVDIA's NemoClaw, docker/VM isolation for agents, but i didn't want to build and maintain kubernetes or virtual machine infrastructure. For solo dev or small teams, this solutions are so heavy. Also, they don't enforce what agent actually do.

So i decided to build this project(GVM), light weight governance runtime with low dependencies for AI agent made with Rust proxy combining Linux kernel features(Namespace, Overlayfs, seccomp-bpf). Rust proxy governs agent's actual external I/O, and Linux kernel stacks enforce agent to use proxy, and what syscalls they can use.

What it actually can do:

-Proxy catches every outbound HTTP/HTTPS call and checks if it matches with your ruleset. unknown calls are delayed or denied.

-On Linux environment, kernel level isolation guarantees that the proxy isn't bypassed by agent.

-Agents write to an overlay file system, so they can't directly change real data.

-GVM is just binary, and it does not extract your data from your server like saas services.

How it works, briefly:

Agent → GVM Proxy (rule check) → External API
↓ denied/delayed
Merkle-chained audit log

On Linux, kernel-level network isolation forces all traffic through
the proxy — the agent has no userspace path around it. On macOS/Windows, cooperative mode works via HTTP_PROXY injection.

Typical workflow:

  1. gvm run --sandbox --watch — see what your agent calls
  2. gvm suggest — generate rules from the session
  3. gvm run --sandbox — enforce with kernel isolation

About more technical information:
It will be covered in next posts. explaining all about my project can make this post too long, so there will be another deep dive posts. If you are interested before my next posts are written, please read github link's docs!

Welcome for Feedbacks!
It's alpha release stage, so it's not hardened yet. It has only been tested on the EC2 and OpenClaw combination now. I'd be glad to get architecture and technical feedbacks.

Top comments (0)