ProbityClaude Code

Integration · Claude Code

Prove what Claude Code did inside your own infrastructure.

Keep Claude Code and its native sandbox controls. Probity adds a hardware-isolated boundary around each session and signs a tamper-evident record of every action, collected from outside the agent's reach and streamed to the SIEM your security team already runs.

Works with Anthropic Managed Agents self-hosted sandboxes. Anthropic's self-hosted sandbox docs ↗

The problem

Native sandboxing reduces risk. It does not create an independent boundary.

Claude Code's native sandboxing uses OS-level controls such as Seatbelt on macOS and bubblewrap on Linux. Those controls restrict filesystem and network access, but they still rely on the host operating system and do not create a hypervisor boundary or an independent evidence trail.

OS-level sandboxing still relies on the host kernel.

Approved exceptions can run work outside the native sandbox.

Logs inside the execution environment are not independent evidence.

How it integrates

Keep Claude Code. Add a hardware boundary and independent evidence.

Grounded in the vendor's own documentation, not a bolt-on. Anthropic's self-hosted sandbox docs ↗

1

Keep Claude Code's native safeguards

Keep Claude Code's permission model, filesystem controls, network controls, and self-hosted orchestration. Probity does not replace those safeguards or change how engineers launch sessions.

2

Run each session in a Probity microVM

Point your environment worker's per-session spawn hook at Probity. Every tool call, from process to file read/write to network egress to MCP call, executes inside a hardware-isolated microVM with a host sensor the agent cannot see or reach.

3

Ship one signed record per session

Each session becomes a signed, append-only record and streams to the SIEM and object store you already run. That supports Article 12 traceability where high-risk classification applies and NYDFS evidence controls for covered entities.

Claude Code+ any other agent you runGUEST · microVMsessionSESSION · supporting detailBOUNDARY · evidenceHOST · evidence0x9f2cok0x9f2dok0x9f2eflaggedsigned · append-only

What you get

Your engineers keep shipping. Your security team can prove it.

For engineering

  • Keep Claude Code's native controls with no workflow change.
  • Every session stays on your own infrastructure and credentials.
  • Nothing to install in the agent; Probity wraps the sandbox.

For security & compliance

  • A tamper-evident record of every action, collected from outside the agent's reach.
  • Lands in the SIEM and object store you already run, no new console.
  • Support Article 12 traceability where applicable and NYDFS evidence controls for covered entities.

What's captured

Every Claude Code session, fully recorded.

Seven classes of behavioral evidence per Claude Code session, protected by one tamper-evident integrity chain.

Process activity

Every spawn, argument, and exit code.

File reads

Every path opened, secrets included.

File writes

Every file created or modified.

Network calls

Every outbound destination and method.

MCP tool calls

Every tool the agent invoked.

Syscall surface

The kernel calls it was allowed.

Session identity

Which scoped token, expiring per task.

Exports to

One signed record per Claude Code session, streamed to the SIEM and object store you already run.

Splunk
CrowdStrike
Datadog
Elastic
Grafana
Snowflake

Compliance

Your Claude Code trail has to survive an audit.

Evidence debt starts nowYou cannot reconstruct an unrecorded agent session later

Article 12 applies to high-risk AI systems, and NYDFS Part 500 applies to covered entities. For every team, a Claude Code session recorded only inside its own environment remains an incident and audit gap.

Private beta. Twelve deployments.

Probity is in private beta: the first cohort is limited to twelve deployments, each reviewed and onboarded by a NOFire AI founder.

No sales process. Reviewed by a founder within one business day.

Questions first? Write to contact@nofire.ai.