Safety & Silo Guard

Arkhein is designed with local-first safety at its core. We use multiple layers of protection to ensure the agent remains within user-defined boundaries.

Silo Guard (Security)

The Silo Guard is the primary security boundary for the Arkhein agent. It ensures that all filesystem operations are strictly confined to authorized directories.

Managed Folders: Arkhein can only index or read files that are within user-authorized "Managed Folders."
Realpath Normalization: Every file path is normalized and checked against the managed folder boundaries to prevent path traversal attacks.
Strict Boundaries: Any attempt to access a file outside of an authorized silo will be blocked by the Silo Guard.

Pending Actions Protocol

To prevent the agent from performing silent filesystem mutations, all system changes are proposed as "Pending Actions."

User Approval: Any file creation, deletion, move, rename, or execution must be presented to the user as a JSON "pending action" for explicit approval.
No Silent Mutations: Direct, silent execution of filesystem changes is strictly forbidden.
Audit Trail: Every pending action is logged and tracked, providing a clear audit trail of the agent's intent.

Invariants

Read-only by Default: All unauthorized directories are treated as inaccessible and invisible.
Human-in-the-loop: The user is the final authority for any system state change.
Sovereign Guard: The Silo Guard is a low-level service that cannot be bypassed by higher-level LLM reasoning.

Common Failures

Permission Denied

If Arkhein tries to access a path outside of a managed folder, it will fail with a permission error.

Path Traversal

Any attempt to use ../ or other traversal techniques will be caught and blocked by the Silo Guard during path normalization.

Safety & Silo Guard ​

Silo Guard (Security) ​

Pending Actions Protocol ​

Invariants ​

Common Failures ​

Permission Denied ​