What Is Secure Agent Workspace?#

Secure Agent Workspace gives enterprises a governed place where autonomous work runs — separated from the endpoint, the corporate network, and the internet, governed by an approved lifecycle, brokered by enterprise identity and bounded by policy at both the network edge and the agent runtime layer.

It includes:

  • Workspace environment. A managed Linux or Microsoft Windows workstation, VM, or GPU-enabled workstation tier where files, tools, agents and long-running processes live.

  • Portal / API for workspace lifecycle. A single authoritative control surface for create, start, stop, expose, connect and decommission.

  • Terminal, IDE, app and GUI attachment modes. Persistent user state for long-running work.

  • Optional GPU acceleration where local inference, accelerated tools, or long agent loops justify it.

  • Runtime-bounded agent execution. A runtime layer below the model — sandbox, policy engine, credential proxy, routed inference, deny-by-default in-runtime egress — so autonomous behavior is bounded by the environment rather than by prompt alone. Reference implementation: NVIDIA OpenShell.

  • Reference agent-framework components — an open-source agent harness, an opinionated reference stack, a catalog of enterprise-agent blueprints, and a GPU-accelerated agent skills + observability toolkit. Reference implementations: NemoClaw, NVIDIA AI-Q Blueprints, NVIDIA NeMo Agent Toolkit.

  • Trusted access broker. Enterprise-SSO-backed broker that issues bounded, auditable, short-lived sessions to the workspace on a defined cadence.

  • A layered identity surface. The user/sponsor (enterprise SSO), the workspace (attested device identity), the agent (logical registration with user/sponsor and lifecycle state) and each running tool call (short-lived, runtime/software-attested credential) — the credential resolves back through the registration to the sponsor before any tool access, so every action is attributable to all four.

  • A per-engagement delegation surface. A signed delegation record binds user/sponsor to agent authority for one engagement: task, scoped resources, tools, duration, and approval mode (autonomous, human-review on writes). The logical registration says the agent exists; the delegation record says what it may do now. Enforced at every tool call by the runtime layer, revocable by the sponsor.

  • An agent governance layer providing signed-policy authoring and distribution, fleet telemetry, audit, and human-review gates above the runtime.

  • Governed access to enterprise systems — Git, ticketing, documentation, chat, mailbox, package repositories, data stores, model endpoints.

Secure Agent Workspace is a deployable reference architecture for governed agent execution. ODIS — the Open Delegation and Identity Standard — is an open interoperability specification for agent identity, delegation, scoped authority, revocation, and audit context. Secure Agent Workspace may implement, consume, or expose ODIS-compatible interfaces so components contributed by different partners can interoperate inside the stack and across other ODIS-compatible deployments. This lets Secure Agent Workspace serve as a concrete reference stack while keeping the identity, delegation, policy, credential, and audit contracts portable across runtimes, clouds, and partner implementations.