EDAMAME Posture
Secure runners, build hosts, and self-hosted AI agents
Use EDAMAME Posture to harden CI/CD runners and build hosts, then extend the same host-trust model to OpenClaw and Hermes servers and other self-hosted agent environments. It is runtime verification for unattended code: each agent host is observed independently, from outside the agent, so runtime findings catch credential harvest, token exfiltration, tool poisoning, and suspicious package behavior where no human is watching.
Two lanes
One control surface for runners and self-hosted agents
Stop suspicious egress and fail builds when behavior violates allowlisted destinations. EDAMAME Posture turns supply-chain response from post-mortem into measurable runtime evidence across CI/CD runners, build hosts, and self-hosted agent servers — catching the attack patterns that reach CI through the package chain, such as the axios npm RAT, the tj-actions/changed-files GitHub Actions compromise, and the litellm PyPI takeover.
Runners and build hosts
Run posture checks before secrets, builds, and deploys. Keep Linux, macOS, and Windows runners aligned with the policy you expect.
Policy gates and posture proof
Turn host trust into automated gates for repository access, secrets access, and build approvals without inventing a separate security workflow.
Self-hosted agent hosts
Use the same EDAMAME Posture foundation to harden OpenClaw and Hermes servers and isolated VMs, then observe each agent independently from outside — at the host boundary — layering runtime verification and attack-pattern findings for defense in depth.
Features
Harden the host. Layer runtime detection on top.
Measure pipelines failed due to network policy violations. Track mean time to detect anomalous egress, credential harvest, token exfiltration, and tool poisoning during CI jobs. Lane A is CI/CD posture hardening for runners and build hosts. Lane B is self-hosted AI-agent infrastructure with runtime evidence and attack-pattern findings.







