Tactus
Features | Tactus

Built for Real Systems

Tactus is a language + runtime for building tool-using agents that can run safely in production.

Built for real systems

The headline feature is not a keyword — it’s the control surface: sandboxing, capability control, durable HITL, and a secretless broker boundary (so even if something breaks in, there’s nothing valuable inside to steal).

Docker sandbox by default

Procedures run in a Lua sandbox inside a Docker container: keep the monkey in the box, and keep sensitive information out of the box.

Networkless by default

Keep the sandbox on network: none. This reduces the blast radius: the agent can’t download arbitrary code or steal data directly from inside the runtime environment.

API keys stay outside the sandbox

API keys never live in the runtime container, and never get passed into model prompts. The agent gets answers, not credentials.

Brokered tools

Tools that need secrets or privileged access can run outside the sandbox via a broker, streaming back results so the agent gets answers, not credentials. Host modules can expose broad application APIs through the same controlled boundary.

Least privilege controls

Give the right tools and context at the right time: default-deny capabilities, per-step tool access, host-module API boundaries, and approval gates.

Durable + testable

Checkpoint long workflows, add HITL where needed, and measure reliability with specs + evaluations.

Agent-level retry (with rollback)

Retry a single agent turn on transient failures (and optional output validation failures) without committing partial turns into durable conversation state.

Human-in-the-loop approvals

Approvals are a first-class primitive. When a workflow reaches an approval, it can suspend and wait—without hacks like “keep a process alive.”

HumanInput QueueAgentHuman Queue
local approved = Human.approve({ message = "Deploy to production?", timeout = 3600, default = false }) if approved then deploy() end

Transparent durability

Long-running workflows are durable: they can pause, resume, and survive restarts. The key is transparency—the workflow’s durable “waiting” points are explicit in code and visible in behavior.

-- A durable workflow can pause... local approved = Human.approve({ message = "Publish these findings?", timeout = 3600, default = false }) -- ...and resume later, without losing state.

Docker sandbox by default

Procedures run in a Lua sandbox inside a Docker container: keep the monkey in the box, and keep sensitive information out of the box.

agent = Agent { model = "openai/gpt-4o", -- Runs in an isolated container by default }

Networkless by default

Keep the sandbox on network: none. This reduces the blast radius: the agent can’t download arbitrary code or exfiltrate data directly from inside the runtime environment.

-- In production, keep the runtime container networkless. -- Model calls and tool calls happen through controlled host transports.

Brokered tools (secrets stay out of prompts)

Some tools need secrets or privileged access. Tactus supports a brokered model: sensitive tools run outside the sandbox, and the agent receives results—not credentials.

-- The broker can call privileged tools... -- ...while keeping secrets outside the agent runtime. -- The agent gets outputs, not API keys.

Capability control (least privilege)

Agents only get the tools you explicitly provide. The default posture is deny-by-default: no ambient access to files, shell, or network—only what you grant.

-- Tools are explicit; nothing is implicit. agent = Agent { model = "openai/gpt-4o", tools = { create_contact, -- no other tools granted } }

Specifications (executable behavior)

Specifications define what must be true. They help you test workflows, catch regressions, and build confidence before you run unattended in production.

Specifications([[ Feature: Safe deployments Scenario: Requires approval Given a deployment request When the workflow runs Then it should wait for approval And not deploy without confirmation ]])

Validation built in

Procedures declare typed inputs and outputs. The runtime validates inputs at the boundary, structures outputs, and makes failures explicit instead of silently drifting.

Procedure { input = {topic = field.string{required = true}}, output = {approved = field.boolean{required = true}}, function(input) -- ... end, }

Ready to start building?

Follow a short walkthrough and build your first tool-using agent workflow.

Get Started
Part of the Anthus Platform
Tactus icon

Tactus

Tactus is a programming language and runtime for durable AI agent procedures with checkpointing, sandboxing, and built-in human-in-the-loop controls.

PART OF

The Anthus Platform

Solve complex business problems with AI and ML using a proven, reusable technology stack. These interoperable building blocks give our solutions a stronger operational foundation: durable procedures, MLOps control loops, workload orchestration, knowledge systems, observability, and programmable media workflows.

Plexus

MLOps platform for agent evaluation and iteration.

Tactus

Durable runtime for agent procedures.

Korporus

Agent operating system and federated shell.

Biblicus

Corpus analysis for extraction and retrieval.

Babulus

Marketing automation built around VideoML.

Kanbus

Durable multi-agent task management.

Caducus

Monitoring, alerts, and operator support.

Free and open-source softwareDesigned cybernetically by Ryan Porter
Contact us

How can we help?

GitHub

Browse the code.

LinkedIn

Company updates.

Discord

Join the chat.