# Warden Runtime

`Warden` is the Clawdie name for its isolated execution layer.

It is not a replacement for FreeBSD jails or Bastille. It is the project-level name for how Clawdie runs agent work safely.

## Definition

- **FreeBSD jail**: the operating-system isolation primitive
- **Bastille**: the host-side jail manager
- **Warden runtime**: Clawdie's isolated agent execution layer built on top of jails

In practice:

- Bastille creates and manages the jails
- FreeBSD enforces the isolation
- Clawdie dispatches agent work into the Warden runtime

## Why Use the Name

`Warden` gives the runtime a project-specific identity without hiding the underlying tooling.

That keeps operations clear:

- use standard Bastille docs and commands when managing jails
- use `Warden` when describing Clawdie's execution model

## Recommended Usage

Use `Warden` in:

- architecture docs
- operator language
- future helper scripts and wrapper commands
- future jail names such as `warden-worker` or `warden-browser`

Do not use `Warden` to rename:

- `bastille.conf` keys
- Bastille's default path layout
- FreeBSD jail terminology itself

## Long-Term Direction

The intended model is:

- **Warden jail runtime** for PI, coding, CLI work, and low-overhead task execution
- optional **Warden browser VM** later via `bhyve` for Linux desktop and browser automation workloads

That keeps the lightweight path lightweight while still leaving room for a heavier GUI executor later.