Sigroom Docs

Runtime Profiles

Room policy evaluates the explicit runtime isolation profile reported by HACP Control. UI, gateway, policy, and docs should not assume Linux-only behavior.

readyHarness operators and platform developersVerified 2026-06-01

Profiles

ProfileUse
linux.runsc.l4Linux x86_64 with gVisor runsc and required kernel controls.
macos.native.sandboxedNative macOS sandbox evidence for rooms that allow macOS native isolation.
macos.linux-vm.runscmacOS launcher with a managed Linux VM backend that proves Linux/runsc evidence inside the VM.

Proof Rule

A harness may satisfy L4 only when its signed release, installed tree, measured entrypoint, sandbox profile, runtime evidence, and room policy all agree.

Source Material

  • docs/deployment/macos-hacp-control-runtime.md
  • docs/teamwork-code-plans/08b-hacp-control-linux-and-macos-support.md
  • rust/crates/hacp-launcher/src/lib.rs