Enterprise-Grade Zero-Trust Agent Framework

The Autonomous Agent That You Can Trust.

SoyAgent is the first AI agent framework built to survive the OpenClaw Security Collapse. We decouple cognition from credentials, ensuring your enterprise tools stay secure.

Get Started

soyagent-runtime --agenda-mode

SECURE_PROXY_ACTIVE

[INIT] Loading Secret Injection Proxy (RFC 8693)...

[OK] Identities federated with Vault KMS.

> Executing: "Analyze confidential financial reports and update Notion"...

# Proxy intercepting request to api.notion.com

INTERCEPT: Token injected at egress. Agent sees 0 plaintext keys.

HITL_PAUSE: Requesting approval for Notion write operation...

Learning from the OpenClaw Collapse

In early 2026, the viral project OpenClaw reached 200,000 stars, then suffered a catastrophic security failure (CVE-2026-25253). Malicious "skills" exfiltrated API keys from .env files, leading to full system compromises.

SoyAgent was engineered specifically to solve this. By treating the AI reasoning engine as an untrusted entity, we ensure that even a compromised agent cannot access your secrets or escape its sandbox.

Post-Mortem: OpenClaw Failures

Flat Security Model: Agent had full access to process environment.
One-Click RCE: Malicious WebSocket handshakes exfiltrated auth tokens.
Poisoned Supply Chain: 12% of ClawHub "skills" were malicious stealers.

SoyAgent Status: IMMUNE TO CVE-2026-25253

The "USB-C" for AI Tools: Model Context Protocol

Integrating dozens of APIs (Notion, Gmail, Calendar) traditionally creates a brittle $O(N \times M)$ problem. SoyAgent implements the Model Context Protocol (MCP) to standardize how agents discover and invoke capabilities.

Dynamic Skill Loading via ClawHub-inspired Registry

Retrieval-First Tool Routing to prevent token exhaustion

Standardized tool schemas injected into reasoning context

MCP

# Querying MCP Servers...

tool_discovery: [notion.create_page, gmail.send_draft, gcal.add_event]

{"name": "notion.create_page", "parameters": ...}

Background Persistence for Multi-Day Agendas

Autonomous work shouldn't time out. SoyAgent utilizes Durable Execution to survive server crashes and redeployments, ensuring your agent completes its agenda no matter how long it takes.

Scheduled & Conditional Triggers

Run tasks every hour, or wait until a specific condition is met—like an "Urgent" email arriving in Gmail. SoyAgent sleeps during dormancy, consuming zero compute.

CRON_SCHEDULING EVENT_DRIVEN_WEBHOOKS IDEMPOTENT_QUEUING

Fault Tolerance & Recovery

Powered by Trigger.dev, SoyAgent checkpoints its exact state after every tool call. If an API fails, it employs exponential backoff and automatic retries.

DURABLE_QUEUES AUTOMATIC_RETRIES STATE_CHECKPOINTS

AGENTFS_AUDIT_LOG.SQL Tamper-Evident

-- Tracking AgentFS operations

WRITE_FILE "q4_report.pdf" DELTA_ID: 0x82f

READ_DIR "/virtual/docs" PERMITTED

DENIED "~/.ssh/config" OUT_OF_NAMESPACE

Copy-on-Write Containment

SoyAgent never modifies your host files directly. AgentFS abstracts file operations into an SQLite database, recording differentials as SQL transactions.

Instant Rollback: Revert any agent error by restoring a previous .db snapshot.
Mount Namespaces: Kernal-level isolation prevents directory traversal.
Queryable Audit Trail: Review every action via standard SQL queries.

Architectural Integrity by Design.

Built for background autonomy, secured by zero-trust proxies.

Zero-Trust Tool Integration

Credentials never leave the vault. SoyAgent uses a Secret Injection Proxy to keep your keys hidden from the AI reasoning engine.

Autonomous Agenda Execution

Deterministic state machines (LangGraph) ensure your agent stays on track until the agenda is complete, even across restarts.

Capability-Based Containment

AgentFS isolates file operations using Linux Mount Namespaces, providing mathematically proven execution boundaries.

Scale your autonomy, not your attack surface.

Join the future of secure, background-capable AI agents. SoyAgent is ready for production.

Get Started Now