Security Boundary
Aionis Lite is not a hosted security perimeter. It is a local memory governance Runtime.
What Aionis Governs
| Surface | Aionis role |
|---|---|
| Memory admission | Routes memory to use, inspect, block, or rehydrate. |
| Feedback attribution | Records which admitted memories were tied to outcome. |
| Forgetting | Suppresses, archives, unsuppresses, or deletes memory. |
| Audit replay | Shows what the Agent could see and why. |
What Your Host Must Govern
| Surface | Host responsibility |
|---|---|
| Network exposure | Keep Lite on loopback or place it behind your own gateway. |
| Authentication | The current Lite edition does not provide production auth. |
| Secrets | Keep provider keys out of prompts and logs. |
| Tool permissions | Aionis does not execute shell, browser, or code tools. |
| Tenant isolation | Do not treat Lite as a managed multi-tenant service. |
For memory poisoning and unsafe recall, start with Memory Firewall.