Skip to content

Isolation and scale

How Kaizen isolates agents and tenants, and how it scales. These are the questions enterprise teams ask first.

Do you spin up a sandbox for each agent?

No. A sandbox per agent per run would be expensive and would not scale. Kaizen is two-tier:

  • Enforcement runs in-process, inside your agent, through the client. There is no server hop, no sandbox, and no added latency. This is what scales to any volume, because there is no shared bottleneck on the hot path.
  • Behavioral judgment runs in one isolated Observer, shared across agents. Isolated means the watcher itself is boxed off from the host and network. It is not a per-agent virtual machine.

How is memory isolated?

Two layers:

  • Per agent. Each agent's behavioral memory is namespaced by an org:agent key in the vector store. Agent A's history is only ever retrieved with A's key, so it never mixes with B's.
  • Per tenant. Every key and record carries the organization id, and the control-plane database enforces row-level security per organization. One customer's data is invisible to another.

For teams that need physical separation, the Observer runs in your own environment, and we can provision a dedicated Observer and database so your behavioral data never shares infrastructure with anyone else.

Is it scalable?

  • The enforcement path scales trivially because it is in-process.
  • The Observer is stateless apart from the vector store, so it scales horizontally by adding replicas.
  • The behavioral check is asynchronous. It never sits on the agent's critical path, so it cannot slow the agent down.

At very high action volume the cost to watch is the per-action write to the behavioral store. We manage that with batching and sampling of those writes, memory retention and pruning, and per-tenant sharding for the largest deployments.

Where can the Observer run?

The Observer definition does not change; only the runtime does. A local process for development, a container on your own infrastructure, or a hardened, single-tenant deployment in your environment. See Architecture.