SecureExecAPI

March 23, 2026 · View on GitHub

"Sandboxed tool execution with IAM-gated dry-run for autonomous agents."

Python License: MIT ACP Live

SecureExecAPI gives autonomous agents a safe, IAM-gated way to execute or simulate tools before committing to any action. Every execution is validated by EP, paid via x402 or MPP, logged with a proof_hash, and defaults to dry-run mode in v1.

Not EP. Not NoLeak. Not MemGuard. Not RiskOracle. SecureExecAPI is the execution sandbox — the safe room where agents test tools before they run for real.


The Problem

Autonomous agents need to run tools — HTTP calls, data transforms, API requests, computations. Running tools without guardrails creates three failure modes:

Failure ModeExampleSilent?
Unauthorized executionAgent runs a tool it shouldn't have access toOften
Unintended side effectsTool writes to DB when agent expected read-onlyAlways
No audit trailTool ran, something changed, no record of whyAlways

SecureExecAPI solves all three: IAM gate before execution, dry-run simulation by default, proof_hash on every call.


Commercial Model

SecureExecAPI is a fee-per-call commercial API. Every external agent call requires payment.

Agent calls POST /exec/tool


  ┌─────────────────────┐
  │  Payment Gate       │
  │  x402 / MPP         │
  └────────┬────────────┘

    Authorization header?
    /                  \
  YES                   NO
   │                    │
   │             ┌──────▼──────┐
   │             │  HTTP 402   │
   │             │  Pay 0.01   │
   │             │  USDC/Base  │
   │             │  + ERC-7710 │
   │             │  delegation │
   │             │  option     │
   │             └─────────────┘


EP IAM Validation


Sandboxed Execution


proofHash + result


\$0.01 USDC settled

Payment options:

  • x402 — HTTP 402 flow, pay USDC on Base, retry with credential
  • MPP — Machine Payment Protocol via Stripe/Tempo rails
  • ERC-7710 — Pre-approve a daily spend limit for high-frequency calling
  • Virtuals ACP — Discover and call via ACP marketplace, USDC auto-settled

Internal agents (Achilles sub-agents) bypass the payment gate for seeding.


Architecture

         Agent Tool Request


   ┌────────────────────────┐
   │   x402 / MPP Gate      │ ← 402 if no payment credential
   │   ERC-7710 delegation  │ ← pre-approve for high-frequency
   └────────────┬───────────┘


   ┌────────────────────────┐
   │   EP IAM Validation    │ ← 3s hard timeout, fail open
   │   ERC-8004 identity    │
   │   /ep/validate         │
   └────────────┬───────────┘


   ┌────────────────────────┐
   │  Sandboxed Execution   │
   │  dryRun=true (v1)      │
   │  10 allowed tools      │
   │  blocked list enforced │
   └────────────┬───────────┘


   ┌────────────────────────┐
   │  proofHash (SHA-256)   │ ← never null, fallback generates
   │  Immutable audit record│
   └────────────┬───────────┘


   ┌────────────────────────┐
   │  Postgres log          │ ← async, never blocks response
   │  secureexec_calls      │
   └────────────────────────┘

API Reference

POST /exec/tool

Execute or simulate a tool call. Requires payment credential for external agents.

Request

{
  "agentId": "your_agent_id",
  "tool": {
    "name": "http_get",
    "args": { "url": "https://api.example.com/data" },
    "timeout_s": 10
  },
  "dryRun": true,
  "context": { "purpose": "fetch market data before trade" }
}
FieldTypeRequiredDescription
agentIdstringNoYour agent's unique ID
tool.namestringYesTool to execute (see allowed list below)
tool.argsobjectNoArguments passed to the tool
dryRunbooleanNoDefault true — simulate in v1

Response (200)

{
  "jobId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "tool": "http_get",
  "dryRun": true,
  "status": "completed",
  "result": {
    "output": { "status": 200, "body": "Simulated GET https://api.example.com/data", "headers": {} },
    "exitCode": 0,
    "simulated": true
  },
  "iamApproved": true,
  "proofHash": "0xa3f9c2e1b84d...",
  "paymentProtocol": "x402",
  "latencyMs": 120,
  "timestamp": "2026-03-23T00:00:00Z",
  "schemaVersion": "v1"
}

Response (402 — payment required)

{
  "type": "https://paymentauth.org/problems/payment-required",
  "title": "Payment Required",
  "status": 402,
  "amount": "0.01",
  "currency": "USDC",
  "network": "base",
  "payTo": "0x...",
  "instructions": "Pay 0.01 USDC on Base network then retry with payment credential in Authorization header",
  "erc7710": "Pre-approve spend limit via ERC-7710 scoped delegation for high-frequency calls",
  "acp": "https://app.virtuals.io/acp"
}

POST /exec/simulate

Always dry-run. No payment required. Safe for testing.

GET /exec/tools

Returns the full allowed and blocked tool list.

GET /health

{ "status": "ok", "service": "secureexec", "version": "v1" }

Error Handling

StatusConditionBehavior
200Normal executionFull result + proofHash
200EP timeoutFails open, execution proceeds
200Engine failureStub fallback, never blocks
400Missing tool.nameError message
402No payment credentialMachine-readable 402 with USDC instructions

SecureExecAPI never returns 500. The catch-all returns valid JSON with a proofHash.


Allowed Tools (v1)

ToolDescription
http_getHTTP GET request to a URL
json_parseParse and validate JSON payload
schema_validateValidate data against a schema
math_computePerform mathematical computation
string_transformString manipulation and formatting
data_filterFilter and sort a dataset
mock_api_callSimulate an API call (dry-run only)
hash_generateGenerate SHA-256 hash of input
timestamp_parseParse and convert timestamps
regex_matchTest regex pattern against input

Blocked in v1 (require on-chain EP approval to unlock): shell_exec, bash, python_exec, sql_write, file_write, metasploit, sqlmap, deploy, kubectl, docker_exec


Quickstart

git clone https://github.com/achilliesbot/secure-exec.git
cd secure-exec
pip install -r requirements.txt
python secureexec_server.py

Test (no payment — simulation only)

# Free simulation endpoint
curl -X POST http://localhost:5091/exec/simulate \
  -H "Content-Type: application/json" \
  -d '{"agentId": "test", "tool": {"name": "http_get", "args": {"url": "https://example.com"}}}'

# List tools
curl http://localhost:5091/exec/tools

# Health
curl http://localhost:5091/health

Test (with payment credential)

curl -X POST http://localhost:5091/exec/tool \
  -H "Content-Type: application/json" \
  -H "Authorization: x402 <payment_credential>" \
  -d '{"agentId": "my_agent", "tool": {"name": "json_parse", "args": {"data": {"key": "value"}}}}'

Environment Variables

VariableDefaultDescription
PORT5091Server port (Render sets automatically)
EP_GUARD_URLhttps://achillesalpha.onrender.com/ep/validateEP validation endpoint
DATABASE_URLlocal postgresPostgres connection string
PAYMENT_WALLETUSDC payment destination on Base
ACHILLES_AGENT_IDachillesInternal agent (bypasses 402)
LOG_FILE/tmp/secureexec.logLog file path

Pricing

TierPriceDescription
SimulationFree/exec/simulate — always dry-run, no charge
Dry-run$0.01/call/exec/tool with dryRun: true
Standard$0.05/callFull sandboxed execution (coming in v2)
Batch$0.10+Multi-tool execution

Render Deployment

One-click deploy via render.yaml or manual setup:

# Uses gunicorn with 2 workers, 30s timeout
gunicorn secureexec_server:app --bind 0.0.0.0:$PORT --workers 2 --timeout 30

Postgres Schema

CREATE TABLE secureexec_calls (
  id SERIAL PRIMARY KEY,
  timestamp TIMESTAMPTZ DEFAULT NOW(),
  caller_agent_id TEXT,
  tool_name TEXT,
  dry_run BOOLEAN,
  status TEXT,
  iam_approved BOOLEAN,
  proof_hash TEXT,
  latency_ms INTEGER,
  payment_protocol TEXT,
  schema_version TEXT DEFAULT 'v1'
);

CREATE INDEX idx_secureexec_ts    ON secureexec_calls(timestamp);
CREATE INDEX idx_secureexec_agent ON secureexec_calls(caller_agent_id);
CREATE INDEX idx_secureexec_tool  ON secureexec_calls(tool_name);

The Pre-Execution Stack

Step 1  MemGuard       /memguard/check    Is my state valid?
Step 2  NoLeak         /noleak/check      Should I execute now?
Step 3  EP AgentIAM    /ep/validate       Is this authorized?
Step 4  RiskOracle     /risk/check        What is my risk score?
Step 5  SecureExecAPI  /exec/tool         Execute safely (sandboxed)
Step 6  FlowCoreAPI    /flow/check        One call for the full stack

Part of Project Olympus

ProductGitHubACPPrice
EP AgentIAMexecution-protocolep-guard$0.01
NoLeaknoleaknoleak-check$0.01
MemGuardmemguardmemguard-check$0.01
RiskOraclerisk-oraclepre-risk-check$0.01
SecureExecAPIsecure-execsecure-exec$0.01

Built by Achilles. Bootstrapped. Zero VC. All production.


License

MIT