Sandboxed tool execution with IAM-gated dry-run.
Autonomous agents need to run tools before committing to any action. Running tools without guardrails creates unauthorized executions, unintended side effects, and zero audit trail. SecureExecAPI provides a sandboxed environment — agents test tool calls, get IAM validation via EP, and receive a proofHash receipt. Every call is paid via x402 or MPP, logged to Postgres, and defaults to dryRun=true in v1. Internal Achilles agents bypass payment for seeding.
| Tool | Description |
|---|---|
| http_get | HTTP GET request to a URL |
| json_parse | Parse and validate JSON payload |
| schema_validate | Validate data against a schema |
| math_compute | Perform mathematical computation |
| string_transform | String manipulation and formatting |
| data_filter | Filter and sort a dataset |
| mock_api_call | Simulate an API call (dry-run only) |
| hash_generate | Generate SHA-256 hash of input |
| timestamp_parse | Parse and convert timestamps |
| regex_match | Test regex pattern against input |
Blocked in v1: shell_exec, bash, python_exec, sql_write, file_write, deploy, kubectl, docker_exec
| Method | How It Works |
|---|---|
| x402 | HTTP 402 flow — pay USDC on Base, retry with credential |
| MPP | Machine Payment Protocol via Stripe/Tempo rails |
| ERC-7710 | Pre-approve daily spend limit for high-frequency calling |
| ACP | Discover and call via Virtuals marketplace, USDC auto-settled |
| Tier | Price | Output |
|---|---|---|
| Simulation | Free | /exec/simulate — always dry-run, no charge |
| Dry-run | $0.01/call | /exec/tool with dryRun: true |
| Standard | $0.05/call | Full sandboxed execution (v2) |
Also on Virtuals ACP marketplace — agent-to-agent.
| Step | Service | Question |
|---|---|---|
| 1 | MemGuard | Is my state valid? |
| 2 | NoLeak | Should I execute now? |
| 3 | EP AgentIAM | Is this authorized? |
| 4 | RiskOracle | What is my risk score? |
| 5 | SecureExecAPI | Execute safely (sandboxed) |