Security layer · Commercial

Labyrinth Scout

Scout is the security layer for Carina, not a distro built on the kernel in the same sense as Propreneur or Flitz. Carina core is MIT and free; Scout is a separate paid product for production governance.

Secured by Scout Commercial subscription

The problem

Self-hosted agents with shell, HTTP, and file tools need injection protection, audit trails, and operator kill switch. Teams outgrow ad-hoc logging but should not fork the Carina kernel to add security.

Scout sits beside Carina: the kernel runs agents; Scout observes, governs, and can suspend risky sessions through a commercial control plane.

How Scout works with Carina

Client SDK@carina/scout (MIT) reports sanitized telemetry from the kernel

ServerScout console (commercial Docker product) stores events and policies

ControlsKill switch, tool quarantine, session rate limits via Redis pub/sub

IntegrationLABYRINTH_ENABLED + optional Scout server URL and API key

Carina runs identically without Scout. When you need enterprise audit and suspension, you add Scout; you do not replace the kernel.

Products using Scout

Distros such as Propreneur and planned production deployments for ABBIS may badge “Secured by Scout” when Scout is integrated. That badge refers to the commercial security product, not the MIT core.

Results

Scout pricing and plan details live at labyrinthscout.com. Public customer metrics are published on the Scout site and trust dashboard when available. Scout is not free and is not bundled with npm install carina-agent.

Next steps

Start with the free Carina kernel; add Scout when you need production governance.

Scout product site Scout docs on Carina Pricing boundary