Skip to content
Agent runtime

Statio

Secure multi-cloud agent runtime

The governed runtime agents run inside — not a sidecar beside them.

In active development with a launch design partner — on the platform roadmap, not yet generally available.

Mesh · SubstrateMesh & console substrate
What it does

Statio hosts an AI agent inside Alyria, on a Beacon-governed node in your cloud, so governance is native to the runtime instead of a proxy beside it. A GitHub or Jira event raises an ephemeral node; the agent checks in, receives its skills, flow, and Lyra policy, and runs a full loop from analysis to a reviewed, gated pull request — every model and tool call mediated by Beacon by construction, secrets brokered by Umbra. Engine-agnostic (Claude, Codex, and framework agents like LangChain and OpenClaw) and cloud-agnostic, Bedrock-first and kept inside your boundary. In active development with a launch design partner.

  • Runs the agent inside a Beacon-governed node (EC2, ECS, or Kubernetes): a layer beside an agent can be bypassed; a runtime it executes inside cannot.
  • Engine- and cloud-agnostic: one flow runs on Claude, Codex, or a framework agent, Bedrock-first and inside your boundary, with per-phase model routing.
  • Event-driven and resumable: a GitHub or Jira event runs the full lifecycle loop and opens a gated pull request, every call on the record.
The problem

A security layer beside an agent can be bypassed. A runtime it runs inside cannot.

Regulated teams want autonomous coding agents but cannot let source or inference leave their cloud boundary, and increasingly run more than one model. The strongest place to govern an agent is not a sidecar next to it — it is the runtime it executes within. There is no self-hosted, in-boundary, multi-model agent runtime with governance built in. Statio is that runtime, built on the platform that already owns the mesh, policy, and audit around the agent.

What Statio does about it

The questions your reviewers will ask.

“Can inference stay inside our boundary?”

Statio runs the agent's model calls in your cloud, Bedrock-first — the design that lets in-boundary-only teams run autonomous agents at all.

“We run more than one model.”

One flow definition runs on Claude, Codex, or a framework agent, with per-phase routing (implement on one, review on another) and no rewrite.

“How is a hosted agent governed?”

Every model and tool call passes Lyra policy and Beacon on the node before it executes — allow, monitor, or block — with the full decision log in Observatory.

“What about agents that bypass MCP?”

Framework agents (LangChain) and direct-provider CLIs (OpenClaw) call providers through their own libraries, invisible to an MCP gateway. Hosting them inside Statio is the only place those calls can be mediated.

“Where do its secrets come from?”

Umbra brokers short-lived credentials into the run; nothing standing is written into the agent's context.

What you can show

Evidence, not assurances.

What a security leader walks away able to demonstrate to a board or an auditor.

  • The v1 target: a design partner's autonomous Jira-to-PR agent runs end to end on Statio and opens an unmergeable pull request, every tool call Lyra/Beacon-mediated and visible in Observatory.
  • The same flow runs unchanged when the engine is swapped from Claude to Codex.
  • Inference and secrets stay inside your Bedrock boundary throughout — verifiable in your own account.
For your security team
Status
In development · launch design partner
Runs on
Beacon-governed EC2 / ECS / Kubernetes
Engines
Claude, Codex; LangChain / OpenClaw (framework)
Cloud
Bedrock-first, inside your boundary
Governance
Lyra + Beacon on every call
Secrets
Brokered by Umbra, short-lived
Where it fits

One module of the Alyria platform.

Statio works alongside the rest of Alyria — prevention and detection for every AI agent your people run, tied together by one policy engine and one signed audit chain.

See how the whole platform fits together

Put Statio to work.

Deploy Beacon read-only and see how Statio fits at the endpoint, under your keys.