Research organized by runtime boundary.
Pick a boundary first: OpenClaw and Hermes agent actions, governed sandboxes, or protected compute. Each category opens the measured articles, numbers, caveats, and proof artifacts behind that surface.
Runtime-agnostic agent guardrails
Model-selected tool calls, native tools, adversarial plans, halt state, and proof across OpenClaw, Hermes, MCP, and Generic HTTP before dangerous function bodies run.
Sandboxing and database branches
Governed database branches, isolated writes, cleanup, and proof that source data stayed untouched.
Protected compute enclaves
Third-party GPU execution with attestation, encrypted package release, runtime evidence, and zeroized cleanup.
More articles should come from measured runs, not claims.
The next useful public pieces should turn the current adoption surface into measured design-partner proof: one framework path, one hosted adopter path, one CI lane, and one buyer proof packet with the same restraint as the runtime research.