Over-sandboxed agents
Agents can read docs and write code but cannot touch the live systems where incidents and operational tasks happen.
Secure Agent Containment
Run AI agents in live environments without giving up control.
Cove is an on-prem control plane that isolates agents inside ephemeral microVMs and routes every outbound connection through enforceable policy.
Govern database access, API calls, object storage operations, and privileged scripts with protocol-aware controls and full semantic logging.
- Ephemeral microVM isolation
- Protocol-aware policy enforcement
- Semantic audit trail
Deploy Cove where your sensitive systems already live.
- Your cloud
- Your VPC
- Your hardware
- No third-party data relay
- Single binary + PostgreSQL
The Problem
Production agent rollout usually means choosing between two bad options.
Teams either sandbox agents so tightly they cannot do real work, or hand over live credentials without enforceable boundaries or meaningful visibility.
Credential overexposure
Granting raw SSH keys, database passwords, or API tokens creates unnecessary blast radius when an agent overreaches.
No semantic visibility
Traditional logs show connections, not intent, making it hard to answer what the agent actually queried, called, or modified.
How Cove works
Containment at the network boundary.
Cove runs each agent inside an ephemeral Linux microVM and intercepts outbound TCP so every action is evaluated against policy before it reaches your systems.
- 01
Isolate each agent session
Every run starts in a fresh Linux microVM with scoped permissions and no standing privileged network path.
- 02
Intercept outbound traffic transparently
iptables redirects outbound TCP through Cove proxies automatically, so agents use normal tools without custom network config.
- 03
Enforce protocol-aware rules
Policies are evaluated at the application layer for SQL queries, API methods, object operations, and elevated scripts.
- 04
Log behavior with full context
Capture semantic events and connection telemetry so security teams can monitor live sessions and investigate historical activity.
Protocol-aware policy layer
Application-layer controls for the systems agents touch.
Cove does more than allow or deny sockets. It enforces what the agent can do once connected.
Containment
Ephemeral MicroVM Isolation
Run every agent session inside a short-lived Linux microVM with tightly scoped permissions.
Network Control
Transparent TCP Interception
Redirect all outbound TCP from the VM through Cove at the kernel level with no agent-side reconfiguration.
Policy Enforcement
Protocol-Aware Proxies
Parse and enforce policies for Postgres, MySQL, S3, internal APIs, and approved script execution.
Auditability
Semantic Audit Trail
Log what happened at the application layer: SQL statements, API calls, object keys, and escalation events.
Visibility
Real-Time Session Visibility
Monitor live sessions, active connections, and traffic flow from a web dashboard built for security review.
Deployment
On-Prem Deployment
Ship Cove as a single Go binary with PostgreSQL persistence on your cloud, VPC, or hardware.
Bring Your Own Agent
Cove governs behavior, not model vendor or framework.
Grant dynamic access without dropping policy boundaries.
MCP-compatible agents can call request_permission to ask for narrowly scoped, time-limited elevated access.
- Policy engine evaluates each escalation request
- Human approvals can be required before access is granted
- Approved and denied requests are both logged with full context
Contain any Linux-based agent, even without protocol support.
Claude Code, Codex, custom agents, and shell scripts still run under the same interception path, policy engine, and proxy layer.
- No custom SDK required to enforce network policy
- Application-layer controls still apply per protocol
- Security posture stays consistent across mixed agent stacks
Run multiple agents in parallel without vendor lock-in.
Swap agents by task, isolate each run in its own microVM, and govern all outbound behavior with one consistent policy model.
- Unified controls across different agent frameworks
- Per-session isolation reduces blast radius
- Shared audit model across every agent execution
Architecture at a glance
Core runtime layers in every Cove deployment.
A consistent path from agent execution to policy decision to audit record.
MicroVM
Ephemeral Linux environment for each agent session.
Interception
Kernel-level redirect of outbound TCP through Cove.
Proxies
Protocol-specific enforcement for DB, S3, APIs, and scripts.
Audit Log
Queryable semantic history with optional payload capture.
Audit, approvals, and oversight
See what agents did, not just where they connected.
Cove records both transport-level and application-level events so security teams can review activity in real time or during incident response.
Connection and payload telemetry
Track source, destination, timestamps, bytes transferred, and optional full request/response capture.
Semantic event logging
Record SQL statements, API methods and paths, object keys, and permission escalation outcomes.
Live session dashboard
Watch active sessions and traffic flow as agents operate across your environment.
Human approval gates
Route high-risk escalation requests to Slack, Teams, or email and log every approval or denial decision.
Deployment
Run Cove on infrastructure you control.
- Step 1
Install the control plane
Deploy Cove as a single Go binary with an embedded React dashboard. No container platform is required.
- Step 2
Connect persistence and agent targets
Use PostgreSQL for policy and session storage, then connect Linux hosts or ephemeral VMs through SSH or Sprites.dev.
- Step 3
Operate fully inside your boundary
Agent traffic, database queries, and audit records remain in your environment while Cove cross-compiles the agent component for x86_64 and ARM.
FAQ
Questions from security and platform teams.
Do agents need custom integration to run in Cove?
No. Cove intercepts outbound TCP at the kernel level in the microVM, so agents can keep using standard tools, SDKs, and libraries.
What types of policy controls can Cove enforce?
Cove enforces protocol-aware policies, including read-only database rules, endpoint and method allowlists for APIs, scoped S3 access, and controlled script execution.
How does human approval work for elevated permissions?
When an agent hits a policy boundary, Cove can route an approval request to Slack, Microsoft Teams, or email. Reviewers can approve or deny with context, and every decision is logged.
What does deployment look like?
Cove deploys as a single Go binary with an embedded dashboard and PostgreSQL persistence on infrastructure you control. Agent traffic and data stay inside your environment.
Ready to evaluate Cove?
Secure containment for AI agents that operate on real infrastructure.
Get a walkthrough tailored to your environment, policy model, and live operational workflows.