A3S Docs
A3S Code

Isolation

Workspace, context, and delegated-task isolation

Isolation

Isolation starts with the session boundary: each session binds to one workspace, and each delegated child run receives bounded context. Direct host tool calls are privileged host operations; gate them in the host application before exposing them to users.

Workspace Boundary

const session = agent.session('/repo');

Relative file, search, shell, and git operations are evaluated from the session workspace. Security providers and hooks are session options; validate the exact policy path you depend on before using them as a production boundary.

Delegated Context

task, parallel_task, and automatic subagent delegation isolate child reasoning. The parent receives compact results instead of full transcripts. This avoids prompt pollution and makes evidence review easier.

Storage Isolation

Use separate memory and session store directories for different products, tenants, or test suites:

import { FileMemoryStore, FileSessionStore } from '@a3s-lab/code';

const session = agent.session('/repo', {
  memoryStore: new FileMemoryStore('./.a3s/memory'),
  sessionStore: new FileSessionStore('./.a3s/sessions'),
});

External Harness

AHP transport objects, hooks, and permission policy are exposed as integration points. Test live organization policy with your own harness before treating it as a production boundary.

Limits

Runtime limits, compaction, timeouts, and circuit breakers

Architecture

The harness loop and extension surface

On this page

IsolationWorkspace BoundaryDelegated ContextStorage IsolationExternal Harness