Security Configuration
Aionis runs as a memory governance Runtime beside your Agent host. The Runtime governs memory admission, feedback attribution, forgetting, and replay; the host deployment owns network exposure, credentials, and tool permissions.
Aionis-Governed Surfaces
| Surface | Aionis role |
|---|---|
| Memory admission | Routes memory to use, inspect, block, or rehydrate. |
| Feedback attribution | Records which admitted memories were tied to outcome. |
| Forgetting | Suppresses, archives, unsuppresses, or deletes memory. |
| Audit replay | Shows what the Agent could see and why. |
Host-Governed Surfaces
| Surface | Host responsibility |
|---|---|
| Network exposure | Keep Lite on loopback or place it behind your own gateway. |
| Authentication | Use managed-server API-key/JWT settings or your own gateway. |
| Secrets | Keep provider keys out of prompts and logs. |
| Tool permissions | The Agent host controls shell, browser, code, CI, and verifier access. |
| Tenant isolation | Use deployment-level isolation and scoped Aionis tenant/scope settings. |
For memory poisoning and unsafe recall, start with Memory Firewall.