Built to run unattended. Built to be audited.
Every Programmable Agent runs inside a sandbox we created for the job. The agent cannot escape its allowlisted toolset, cannot use credentials it wasn't granted, and cannot operate without leaving a complete audit trail.
-
Sandbox isolation
Every agent run gets its own isolated pod inside Paradime infrastructure. State is created at trigger time, destroyed at completion. Two agents running in parallel cannot see each other's filesystem, environment, or in-flight artifacts.
-
Tool allowlisting
Each agent's YAML explicitly lists the tools it can call via
tools.mode: allowlist. The agent cannot escape its toolset at runtime — there is no "request a new tool" path. Removing a tool requires a code-reviewed PR. -
Scoped credentials
Agents use their own warehouse credentials with their own role and permissions — independent of human user identity. You scope what an agent can read, write, or modify with the same primitives you already use for service accounts.
-
Complete audit trail
Every agent run, every tool call, every warehouse query, every file modification, every artifact produced is logged. Logs are queryable and exportable. The full lifecycle of an agent run is reconstructable after the fact.
-
Network posture
Paradime runs inside its own VPC. Connections to your warehouse use the same patterns you already manage for any other data tooling — IP allowlists, PrivateLink, SSO. No agent makes outbound network calls beyond its allowlisted tool surface.
Governance controls, not just a wrapper.
Compliance certifications are the floor. The interesting controls are the ones that govern who can deploy which agents, who can trigger them, and how high-privilege workflows get approved.
Certifications & posture
Agent governance controls
| Control | What it does |
|---|---|
| YAML approval | Agent definitions live in your repo. Deploying a new one or changing an existing one requires a code-reviewed PR. |
| Trigger scoping | Restrict which workspace members, service accounts, or API keys can trigger which agents. |
| Tool allowlist diff | Any change to an agent's tool allowlist is visible in the PR diff. Reviewers see expanded privileges before they're shipped. |
| Execution limits | Per-agent max runtime, max tool calls, max parallel runs — configured in YAML. |
| Approval gates (Enterprise) | High-privilege agents can require human approval before each run. |
| Audit export | Push agent activity logs to your SIEM via API or scheduled export. |
