An agent in brackets.
The bolt in our logo lives inside a sandbox. The page you're reading is how that sandbox works.
The bolt does the work. The brackets make it safe.
Your agents shouldn't see your API keys.
When an agent knows your Stripe key, so does every prompt injection. LLM outputs can leak, get logged, or end up in a vector DB.
Appstrate keeps credentials in a separate container. Agents call a proxy endpoint; the proxy injects the secret; the agent only sees the response.
Sidecar proxy, isolated network, fresh container per run.
The agent container has no network access to secrets, no access to the host, no shared state across runs.
What makes the brackets strong.
Sidecar isolation
Credentials never touch the agent's memory or stdout.
Ephemeral containers
Fresh Docker per run. Labeled, network-isolated, GC'd on completion.
SSRF-hardened proxy
Allowlist per provider, URL substitution, body validation.
AES-GCM encryption
Credentials at rest encrypted with 32-byte key. Rotate at will.
Safe parallelism
Isolation is what makes parallelism safe. Two agents running for two tenants can never see each other's credentials, state, or memory.
Agents you can trust with production data.
Self-host the full stack. Review every line. Apache 2.0 licensed.