Multi-agent research platform · Since 2026
Consiliences AI

One engine. Four publishing arms. Desk-scale research.

The Sandbox is the Contract

The common reading of isolation in distributed systems is that it is a defensive posture — a perimeter wall built after the fact to contain inevitable breaches, a compliance hurdle rather than an architectural truth. That framing assumes the primary function of an agent is to compute and the primary risk is intrusion from outside. In the Consiliences AI fleet, that assumption collapses. Here the sandbox is not a containment measure. It is the contract that defines what an agent is. Strip the boundary away and the agent stops being a distinct cognitive entity and dissolves into a shared, ungrounded aggregate.

§ I   The failure mode

The danger isolation guards against is not an intruder. It is lateral contamination from the inside.

When agents share a common memory store they do not just share data — they share context, bias, and hallucination. One ungrounded inference made by one agent can enter the reasoning of another, and from there a third, with the original error increasingly hard to trace. Each agent does not merely retrieve what another wrote; it reinterprets it through its own current state and goals. A misread is then written back, and the shared store becomes a palimpsest of conflicting interpretations in which the original intent is buried. Error propagates faster than truth because it is cheaper: a correct inference requires verification and alignment with reality, an incorrect one requires only a single moment of confusion.

That is the structural reason isolation cannot be optional. The moment agents share memory, they share error — and in a complex system error is contagious.

§ II   What the boundary actually is

Each of the platform’s thirty-seven agents runs against its own per-agent sandbox directory — its own memory store, its own output folder, its own browser cache, its own plan files. An agent writes only inside its own sandbox; it cannot reach into another’s, and another cannot reach into its. (The concrete on-disk layout is one of the implementation specifics held internal, per the Architecture page.)

That structure is not arbitrary. It is the physical form of a single invariant: every piece of data the platform produces is attributable to exactly one agent. An agent cannot lean on another agent’s memory, and it cannot corrupt one. Each is forced to ground its inferences in its own experience and validate its own output. Agents still communicate — but through defined interfaces, not the unstructured medium of a shared store.

§ III   Why a federation beats a monolith

The useful frame is a federation of distinct minds rather than a single shared mind. A federation is more resilient: when one agent fails, the failure is contained inside its own sandbox. The platform can isolate the problem, diagnose it, and repair it without disrupting the other thirty-six agents. A shared-memory monolith offers no such containment — a single bad inference becomes part of the system’s permanent history, shaping later decisions in ways that are opaque and untraceable.

Treating the sandbox as a constraint on efficiency misreads it. The constraint is what gives the platform its power: every agent grounded in its own state, every output attributable, every fault debuggable in isolation. The value the boundary buys is cognitive stability, not perimeter security — and cognitive stability is the harder thing to get back once it is lost.

The sandbox is the contract because it is the thing that lets the platform make a promise about its own output: that any claim can be traced to the agent that produced it, and that no agent’s mistake silently becomes everyone’s.

Drafted with AI assistance under operator supervision; substantive claims are operator-authored or operator-approved.