Veilfire
AI Agent Framework

Ember

Production-ready AI agent framework enabling organizations to deploy autonomous agents that are powerful, extensible, and inherently safe. Built on the GAME methodology, Ember provides the runtime foundation for agents that operate within defined boundaries while maintaining the flexibility to solve complex, multi-step problems.

Ember AI Agent Framework
Core Capabilities

Built for Production AI Agents

Ember implements the GAME methodology, providing a complete foundation for building intelligent, autonomous agents.

GAME Architecture

Built on the Goals, Actions, Memories, Environment methodology. Define weighted goals with reflection, execute plans via tools and LLM, maintain multi-tier memory with semantic search, and enforce environmental constraints declaratively.

Bounded Autonomy

Agents operate autonomously within explicitly defined boundaries. Every agent declares its constraints in YAML—max reasoning depth, tool allowlists, HTTP method gating, and prompt injection defense—all enforced at the framework level, not as an afterthought.

Multi-Tier Memory System

Ephemeral scratchpad, sliding window session memory, and long-term vector storage for semantic search. Shared memory pool with private, workspace, task, and global scopes—tenant-isolated, policy-checked, versioned, and searchable.

Multi-Agent Coordination

Deploy fleets of specialized agents with master/worker roles. Structured handoff protocol with capability discovery, load balancing, and context transfer. Causal trace propagation flows through handoffs, jobs, and memory ops for full interaction graphs.

Native Tool Calling & Plugins

Rich metadata with auto-generated JSON schemas from type hints. Built-in HTTP client with domain allowlists, MCP client support, and extensible @tool decorator. Drop-in plugins with automatic discovery and type-safe validation.

Deterministic Failure Handling

Every failure path is explicit, bounded, and recoverable. Auto-retry with exponential backoff, dead letter queues for forensic analysis, HTTP transport fallback to shared memory, and configurable fail-mode (open/closed). No silent failures, no undefined behavior.

Runtime Governance

Governance-Aware From Boot

When Lens is enabled, every agent operation is evaluated against active policies in real-time. Sub-millisecond overhead means governance never slows agents down.

Sub-ms Overhead

Lens SDK in-process evaluation adds <1ms to operations

Fail-Mode Config

Fail-open for resilience, fail-closed for high-security

Tamper-Evident Audit

Merkle chain records every policy decision

No Agent Override

Agents cannot bypass or modify policy verdicts

Continuous Oversight

Persistent Visibility

Ember agents report their state continuously to both Lens and FireDeck, providing operators with real-time awareness of their entire agent fleet.

Heartbeat Monitoring

Every 30 seconds, agents report liveness, risk score, and request count

Agent Registration

On startup, agents register with model ID, cluster identity, and capabilities

Risk Scoring

Per-agent and per-cluster risk scores updated with every heartbeat

Interaction Graphs

Visualize handoff patterns between agents in real-time

Behavioral Drift Detection

Automatic detection of persona drift, goal drift, and performance degradation

Quarantine & Containment

Quarantine, terminate, and HITL escalation paths for problematic agents

HTTP API Server

Multi-Protocol API Access

Expose your agents via HTTP with JSON-RPC 2.0, REST API, and WebSocket support. Built-in authentication, rate limiting, and webhook delivery.

JSON-RPC 2.0

Standard protocol support

REST API

RESTful endpoints

WebSocket

Real-time streaming

Admin API

Management endpoints

LLM Providers

Flexible Model Support

Multi-provider support: OpenAI, Anthropic, OpenRouter.

OpenAI

GPT-5, GPT-4, GPT-4o, GPT-3.5-turbo

Anthropic

Claude 4.x, Claude 3.x, Sonnet, Opus

OpenRouter

100+ models via unified API

Deployment

Production-Ready Deployment

Deploy Ember agents anywhere with flexible options for containers, orchestration, and microVMs.

Single Agent

One daemon, one agent via Docker Compose—simplest path to production

Multi-Agent Cluster

Generate fleet deployments from a single YAML with master/worker roles and shared infrastructure

Firecracker VM

Lightweight microVM deployment for maximum isolation on Linux hosts with KVM

Scalable Fleets

Individual agents have a minimal memory footprint, permitting dozens on a typical host

Cluster Safety

Cluster-Level Safety Guarantees

Multi-agent cluster mode enables deploying fleets of specialized agents that coordinate safely with role-based authority and containment guarantees.

Role-Based Authority

Master agents orchestrate; worker agents execute within boundaries. Roles enforced at framework level.

Container Isolation

Each agent in its own Docker container with CPU, memory, PID limits, and log rotation.

Job Queue Isolation

Each agent dequeues only its own jobs—no cross-agent interference.

Memory Scoping

Private, workspace, task, and global scopes with tenant-isolated access controls.

Dead Letter Queue

Failed jobs quarantined for forensic analysis, never silently dropped.

Backpressure Controls

Queue depth limits and payload size limits prevent resource exhaustion.

Observability

Comprehensive Audit Logging

Structured JSON logging with 12+ event types, automatic sensitive data redaction, request correlation, and performance metrics for complete visibility.

Session lifecycle tracking
LLM request/response logging
Tool call execution timing
Memory operation tracking
Guardrail check events
Automatic PII redaction
Who Benefits

Built for Every Team

AI Engineers

  • Drop-in framework—YAML config + Python API
  • Plugin system—add tools without touching core
  • Multi-provider: OpenAI, Anthropic, OpenRouter
  • Type-safe validation for all configuration

Platform Teams

  • Cluster deployment—generate Docker Compose from a single YAML
  • Resource governance—CPU, memory, PID limits per agent
  • Observability—structured JSON audit logs, heartbeats, risk scores
  • Self-healing—auto-restart, auto-retry, dead letter queues

Security & Compliance

  • Bounded autonomy—agents cannot exceed declared boundaries
  • Audit trail—every operation logged with session/request correlation
  • Policy enforcement—Lens integration for real-time governance
  • Containment—quarantine, terminate, and HITL escalation paths
Differentiators

Why Ember?

CapabilityGeneric FrameworksEmber
Safety ModelNone (DIY)Built-in bounded autonomy + Lens governance
Multi-Agent CoordinationBasic message passingStructured handoff protocol with role enforcement
Memory SharingNone or ad-hocTenant-isolated shared pool with scopes and versioning
Resource LimitsNoneContainer-level CPU/memory/PID limits
Failure HandlingCrash and hopeDeterministic: retry → dead letter → alert
Audit LoggingBasic stdoutStructured JSON with 12+ event types, PII redaction
DeploymentManualOne-command cluster generation from YAML
GovernanceBolt-onNative Lens SDK, policy-aware from boot

Native Lens Integration

Ember is governance-aware from boot. When Lens is enabled, every tool call, memory access, and handoff is evaluated against active policies in real-time with sub-millisecond overhead and tamper-evident audit logging.

Learn about Lens

Native FireDeck Integration

Ember agents authenticate, register, and heartbeat with FireDeck-issued credentials. Bind agents to verifiable identities, manage credential lifecycles, track per-agent risk posture, and orchestrate workloads across your entire agent fleet.

Learn about FireDeck