01 / Sandbox VM

The ephemeral workbench

SigilOS-based KVM/QEMU image running a sway-kiosk Wails app. Each session is a fresh VM with no persistent disk by default; everything the user does flows through the harness audit log on the host.

Read the VM docs →

02 / Kenaz Harness

Host-side orchestration & policy

Manages session lifecycle, brokers inference (Bedrock today; OpenAI, Anthropic, OpenRouter, Bento, or BYO endpoint for enterprise), and owns the hash-chained audit log that backs the security pitch.

Read the harness docs →