Skip to content

In-tenant deployment

For the strongest isolation, run Kaizen's brain inside your own environment, next to the agent. The agent's actions, the connections it makes, and the reasoning-judge LLM call all stay in your tenant; only verdicts leave.

What runs in your tenant

What runs in-tenant

  • The Observer (the decision brain) against your own database. With the reasoning judge enabled (OBSERVER_RUN_JUDGE=1), it reads your declarations, the learned baseline, and the recent action sequence locally, and calls your model with your key. The raw sequence never leaves; it returns only the verdict and its reasoning.
  • The egress collector that captures the agent's real outbound connections (ground truth).

Deploy

A Docker Compose brings both up next to your agent:

export TENANT_DATABASE_URL=postgres://...   # your own Postgres
export KAIZEN_ENC_KEY=...                    # your encryption key
export KAIZEN_API_KEY=kz_live_...
docker compose up -d

Then:

  1. Point your agent at the collector: export HTTPS_PROXY=http://<host>:8080.
  2. Point the control plane at the in-tenant Observer: OBSERVER_URL=http://<host>:8000.
  3. Set your reasoning model under Settings → Reasoning model (bring your own key).

Next to a self-hosted OpenAI sandbox

The OpenAI Agents SDK lets you bring your own container for code execution (DockerSandboxClient, or a self-hosted runtime). That sandbox is where the model's generated code actually runs, the riskiest part. Run the sidecar beside it and route the sandbox's egress through the collector, so Kaizen observes the real connections that code makes and the judge weighs them against the agent's declared purpose. See How you attach.

What stays in your tenant

Raw actions, the action sequence, and the model call. Only verdicts, allow, anomaly, undeclared, and the judge's severity, reasoning, and confidence, cross the boundary.