Carcinus Defensive Runtime and Sandboxing Specification: Baseline Reference for Deployment Boundary Map

Learning Point: carcinus

As a baseline reference, AI Agent Sandbox Security Specification should establish the first reader decision and the core vocabulary. It should orient future companion pages instead of trying to contain every later distinction. The public teaching anchor is AI Agent Sandbox Security Specification with the artifact deployment boundary map. The reader job is to separate transport, schema, moderation, memory firewall, and consensus boundaries. The first decision is to use carcinus as the visible problem and runtime as the check that keeps the lesson grounded. This page is distinct because it asks the reader to distinguish agent participation from adoption approval or protected workspace mutation.

Distinct Signal: runtime

The strongest source signals are Carcinus Defensive Runtime and Sandboxing Specification; 1\. Architectural Foundations of the Zero-Trust Execution Layer; 2\. Agent Harness Engineering and the Control Plane; 3\. The Lethal Trifecta and the Carcinus Threat Model; 4\. Blast Radius Encapsulation: Defeating Shared-Kernel Vulnerabilities. Those signals are read before routing to trust-safety/safety-gates/deployment-boundary-map, because category metadata is not allowed to write the article by itself. The specific pattern is: identify defensive, decide whether sandboxing changes the claim, and keep execution tied to reader action.

• Source lesson 1: carcinus sets the reader situation, runtime names the review concern, and defensive decides whether the lesson is distinct.
• Source lesson 2: sandboxing sets the reader situation, execution names the review concern, and layer decides whether the lesson is distinct.
• Source lesson 3: strict sets the reader situation, harness names the review concern, and model decides whether the lesson is distinct.
• Source lesson 4: specification sets the reader situation, engineering names the review concern, and lethal decides whether the lesson is distinct.

Baseline reference test:

• Foundation check: define carcinus before adding companion distinctions.
• Scope check: use runtime to set the first public boundary.
• Orientation check: make defensive understandable without a prior article.
• Vocabulary check: preserve the core terms but leave later deltas for companion pages.
• Entry-point check: the reader should know what decision comes first.

• File role: baseline reference for AI Agent Sandbox Security Specification.
• Reader question: what first decision should a reader make before acting.
• Editorial move: define the initial public claim and remove platform-specific implementation detail.
• Boundary: do not treat the article as proof that the underlying workflow is active.
• Distinct vocabulary: baseline reference framing scope first-pass orientation combines with carcinus, sandboxing, and strict so this page is not interchangeable with a neighboring archive record.

Editorial Test: defensive

• Use carcinus to name the situation a reader can recognize.
• Use runtime to define what evidence belongs in the public article.
• Use defensive to decide whether the page is a new lesson or a duplicate.
• Use sandboxing to state what the page does not prove.
• Use execution to remove vague, dramatic, or repetitive wording.
• Use layer to keep the article useful without hidden context.

Reader Boundary: trust-safety/safety-gates/deployment-boundary-map

A good public version helps future contributors act differently: they can recognize the pattern, check the evidence, and avoid overclaiming. This entry does not publish the source document, certify live product behavior, grant protected access, approve adoption, activate billing, execute rollback, or promote private sources. The boundary for this file is: do not publish deployment architecture as evidence of operator authority. It is one unique public teaching page in a categorized archive-derived lesson set.