Local-First Agent Containment

Contain Your Agents.
Verify Locally.

The Lemma Firewall sits between your agent and the APIs it calls. Every action is verified locally via signed credentials. Zero server calls per request.

Issue a signed credential from the control plane. The local firewall verifies it in <1ms via Ed25519 signature check. Scope, path, and method containment enforced locally. Taint epoch denies credentials after context poisoning. Revocation propagates in seconds. Kill switch included.

Agent Runtime LLM + Prompt read • write • shell • exec • net • ingest Connect Runtime (1 command) Proof Issuance PPID-bound identity • taint_epoch=0 low • high • critical Per-Request Gateway Local Verifier (edge) Hosted Control Plane (cloud) X-Lemma-Credential header ✅ ALLOW + Decision Log ⚠ Taint Bump → Stale Denied ❌ Revocation / Kill Switch → token_revoked t0 t1 t2 t3 t4 t5 t6 t7 t8

Proof-First Control Plane • Same action. Different trust state. Instant containment.

Checking credentials...

Proof-first by default
Runtime kill switches
Decision logs + explainability

How Lemma.id Works

Connect a runtime, enforce policy on every privileged request, and monitor or stop activity from one control plane.

1

Connect Runtime

Run one command to register a runtime with Lemma.id and turn on proof-first defaults.

2

Enforce Per Request

The gateway checks proof, scope, audience, and runtime state before any privileged action runs.

3

Monitor + Contain

Track decisions live, investigate allow or deny results, and trigger kill switches to stop unsafe behavior immediately.

Proof-Native Authorization

Signed proofs and claim checks authorize sensitive actions, with compatibility paths only where policy allows them.

PPID-Bound Identity

Runtime controls and delegation are tied to pairwise identifiers (PPIDs), so identity stays site-specific instead of globally trackable.

Runtime Policy Defaults

Every connected runtime inherits a policy profile and risk defaults (`low`, `high`, `critical`) with server-side enforcement.

Kill Switch Controls

Revoke or kill runtime access instantly and deterministically in the request path.

Decision Explainability

See why a request was allowed or denied with decision logs, runtime context, and the policy snapshot used at the time.

Local-First + Hosted Control Plane

Keep low-latency local verification where possible while using a hosted control plane for governance, revocation, and runtime operations.

Deploy Runtime Authorization Without Building It Yourself

Ship per-request authorization, runtime monitoring, and kill-switch controls without standing up a separate authz stack.

Open Agent Ops View Docs

Proof-first • Site-specific identity • Runtime controls