Executors and Deployment Architecture

Posted on

AgenticOS Remote Executors: Run Automation Anywhere—Even Behind Firewalls

agentic-net master ORCHESTRATOR Executor AWS us-east-1 Executor Data Center Executor Edge Device Executor Home Office Executor Air-gapped Executor Kubernetes FIREWALLS ← OUTBOUND POLLING ONLY → NO INBOUND NO INBOUND

A deep dive into AgenticOS’s polling-based executor architecture: how Petri nets can orchestrate work across networks, clouds, and corporate firewalls—without requiring a single inbound port.

The question that started it all

What if your automation platform could reach anywhere? Not just servers in your cloud VPC, but machines behind corporate firewalls. Legacy systems in air-gapped networks. Edge devices in retail stores. Production nodes that security teams refuse to expose.

Traditional orchestration tools fail this test. They require the orchestrator to push work to agents—which means those agents need open inbound ports. The moment you say “open port 8080 on that production server,” security teams reach for their veto stamps.

AgenticOS takes a different approach: executors pull work via outbound connections only. They poll for tasks, execute locally, and report results—all without exposing a single port to the network.

This isn’t just a nice-to-have. It’s the key to running agentic processes across enterprise environments, hybrid clouds, and edge deployments where security constraints are non-negotiable.

The four pillars of AgenticOS

Before diving into the executor architecture, let’s understand the four core services that make AgenticOS work. Think of them as specialized organs in a distributed brain:

agentic-net-node The Memory Tree persistence + events :8080 agentic-net-master The Intelligence LLM + orchestration :8082 agentic-net-gui The Interface Angular visual editor :4200 agentic-net-executor The Hands Command execution :8084 (optional) SA-BlobStore Binary Storage Artifacts + URNs :8095 poll / emit upload
  • agentic-net-node (port 8080): The persistence layer. Stores all Petri net data as a tree-structured meta-filesystem with event sourcing. Think of it as the long-term memory—every token, every place, every transition definition lives here.
  • agentic-net-master (port 8082): The orchestration hub. Handles LLM integration, token binding, transition scheduling, and result routing. When an executor asks “what should I do?”, master figures it out by querying node and sending back the work.
  • agentic-net-gui (port 4200): The visual interface. An Angular app where you design Petri nets, watch tokens flow, and inspect execution state in real-time.
  • agentic-net-executor (port 8084, optional): The action runner. Executes shell commands, file operations, and external tool invocations. This is where the actual work happens—and where the magic of “run anywhere” comes in.
  • SA-BlobStore (port 8095): Binary artifact storage. When commands produce large outputs (logs, PDFs, screenshots), they upload here and pass only a URN reference through the net.

The polling architecture: why “pull” beats “push”

Here’s the core innovation: executors don’t listen for incoming connections. They poll the master every 2 seconds asking “do you have work for me?”

INTERNET / CLOUD PRIVATE NETWORK / ON-PREMISE FIREWALL NO INBOUND agentic-net-master Token binding FIRE command dispatch Result emission GET /api/transitions/poll agentic-net-executor Polls every 2 seconds Executes commands locally Reports results back OUTBOUND CONNECTIONS ONLY 1. poll 2. FIRE + tokens 3. result

This simple inversion has profound implications:

  • No inbound ports on executors: Firewall rules stay closed. Security teams stay happy.
  • Works behind NAT: Executors in home offices, branch networks, or containerized environments just work.
  • Survives network partitions: If the connection drops, the executor just keeps polling. Work queues up on master until connectivity returns.
  • Stateless scaling: Spin up 10 executors, and they all poll independently. No coordination needed.

The polling loop in detail

Every 2 seconds, the executor calls master’s poll endpoint with its identity and currently deployed transitions:

GET /api/transitions/poll?executorId=exec-prod-01&modelId=default&deployed=t-grep,t-analyze

Master responds with lifecycle commands: DEPLOY a new transition, START/STOP polling, or—the important one—FIRE with pre-bound tokens ready for execution.

AWS VPC deployment: the enterprise pattern

Let’s make this concrete with a real-world AWS deployment. This pattern works for any cloud provider, but AWS terminology makes it easy to visualize:

AWS VPC (10.0.0.0/16) Public Subnet (10.0.1.0/24) Internet Gateway attached agentic-net-master LLM + Orchestration ALB → :8082 agentic-net-gui Angular Frontend (CDN) CloudFront → :4200 SA-BlobStore S3 backend → :8095 Private Subnet (10.0.2.0/24) No Internet Gateway agentic-net-node Tree Persistence + Events Internal NLB → :8080 EFS / RDS (persistence) On-Premise / Edge / Other Cloud agentic-net-executor Production server (behind firewall) EGRESS ONLY agentic-net-executor Data center (air-gapped) EGRESS ONLY agentic-net-executor Retail store edge device EGRESS ONLY All executors poll master via HTTPS Zero inbound ports required

The key insight: executors live anywhere. They could be:

  • EC2 instances in another AWS account
  • VMs in an on-premise data center
  • Kubernetes pods in a different cluster
  • Raspberry Pis at retail locations
  • Developer laptops during testing

As long as they can make HTTPS calls to your master endpoint, they can participate in agentic processes.

How command transitions actually work

Now let’s trace the complete journey of a command through the system. This is where the distributed Petri net model really shines:

① TOKEN CREATED ② MASTER BINDS ③ EXECUTOR FIRES ④ RESULT EMITTED ⑤ INPUT CONSUMED p-commands command tokens T1 agentic-net-master ArcQL query Token reservation Bind to preset “input” Send FIRE command agentic-net-executor Receive bound tokens Parse CommandToken Execute bash command Format CommandResult t-process p-results result tokens R1 Token T1 consumed (deleted from place) Complete round-trip: poll → bind → FIRE → execute → emit → consume Executor never stores state. All persistence in agentic-net-node via master. Token reservation prevents double-execution by multiple executors.

Command token structure

A command token is just JSON that tells the executor what to run:

{
  "kind": "command",
  "id": "cmd-grep-001",
  "executor": "bash",
  "command": "exec",
  "args": {
    "command": "grep -rn 'TODO' ./src",
    "workingDir": "/app",
    "timeoutMs": 60000
  },
  "expect": "text"
}

The executor field routes to the right handler (bash, filesystem, MCP tools, etc.). The args contain everything needed for execution. The expect tells the handler how to format the response.

Binary artifacts: when tokens shouldn’t carry files

What happens when your command produces megabytes of output? A log tail, a PDF report, a screenshot, a heap dump?

Embedding large content in tokens breaks everything. The Petri net slows down, debugging becomes impossible, and you’re one buffer overflow away from disaster.

The solution: store the artifact in SA-BlobStore, pass only a URN reference.

Executor grep -rn ‘pattern’ . Output: 5MB text file upload SA-BlobStore Stores 5MB binary urn:agenticos:blob:2026-01-24/abc123 URN ref Result Token (~200 bytes) {“binaryUrn”: “urn:agenticos:blob:…”, “downloadUrl”: “http://…”, “binarySize”: 5178, “sha256”: “…”} Downstream transition (e.g., AI analysis) curl -s “$downloadUrl” | claude -p “Analyze this output” fetch bytes

To enable this pattern, add two fields to your command token:

{
  "resultAs": "binaryUrn",
  "blobStore": {
    "host": "http://blobstore:8095",
    "idStrategy": "timestamp"
  }
}

The executor automatically uploads output files and returns a lightweight URN reference. Downstream transitions fetch the actual bytes only when needed.

Real-world patterns this enables

Once you have executors that can run anywhere and BlobStore for artifact handoff, entire categories of distributed automation become straightforward:

🔍 Distributed Log Forensics Remote executor tails/greps production logs Uploads to BlobStore (no log data leaves network as token) AI executor analyzes: root cause, timeline, recommendations grep -A50 “ERROR” /var/log/app.log → URN → claude analyze 🌐 Cross-Environment Automation Executors in dev, staging, prod—all polling same master Promotion agentic processes: build in dev → test in staging → deploy to prod Environment-specific secrets fetched at runtime, not stored Same net definition, different executors per environment 🚨 Incident Response Bundles Multiple executors collect artifacts in parallel: • Logs from app server • Configs from deployment • Thread dumps from JVM Bundling transition creates incident report from all URNs Parallel execution + BlobStore URN aggregation 🤖 AI-Powered Code Analysis Executor runs grep/ripgrep on codebase, uploads matches Analysis executor (with Claude/GPT) reviews and summarizes Generates: vulnerability report, refactoring suggestions, PR draft rg “TODO|FIXME” → URN → AI summarize → create issue 📡 Edge Computing / IoT Executors on Raspberry Pis, retail kiosks, factory sensors Collect data locally, batch upload when connectivity available Central Petri net orchestrates fleet-wide operations 1000 edge devices, 1 master, 1 net definition ☁️ Hybrid Cloud Orchestration Sensitive data processing on-prem (compliance requirements) Scalable compute in cloud (burst capacity) Petri net routes work based on data classification tags Token metadata drives executor selection

The security model: designed for zero-trust

The polling architecture isn’t just about network traversal—it fundamentally changes the security posture:

Security Properties of Polling Architecture ✓ No Inbound Ports Executors initiate all connections Firewall allows only egress to master Attack surface: zero network listeners ✓ No Stored Secrets Credentials fetched at runtime Token contains just the task definition Compromised executor = limited blast radius ✓ Complete Audit Trail Every token move is event-sourced Who did what, when, with what result Immutable history in agentic-net-node ✓ Token Reservation Atomic CAS prevents double-execution TTL-based locks with auto-expiry Multiple executors can’t grab same token ✓ Artifact Integrity BlobStore returns SHA256 with URN Downstream can verify artifact unchanged Tamper detection built into protocol ✓ Stateless Executors No local state between polls Kill and restart without data loss Ephemeral containers work perfectly

Putting it all together: a complete distributed agentic process

Let’s trace a realistic scenario end-to-end: automated security scanning across a hybrid environment.

AWS Cloud Corporate Data Center Developer Laptop agentic-net-master Orchestrates entire agentic process p-scan- requests p-scan- results p-final- report Executor: prod-scanner Scans production servers nmap + trivy + custom scripts SA-BlobStore (local) Scan results stay in data center Executor: ai-analyzer Analyzes scan results with AI claude -p “summarize findings” Executor: dev-local Scans local dev environment Same net, different target Agentic Process: 1. Scan request → p-scan-requests 2. prod-scanner executes, uploads URN 3. ai-analyzer fetches URN, summarizes 4. Report emitted to p-final-report All polling. Zero inbound ports.

Notice how different executors handle different parts of the agentic process—each in its own security zone—while the Petri net in the cloud orchestrates the overall flow. Raw scan data never leaves the data center as a token; only the BlobStore URN reference passes through.

Key takeaways

The AgenticOS executor architecture solves a fundamental problem in distributed automation: how do you orchestrate work across network boundaries without compromising security?

The answers:

  1. Polling over pushing: Executors pull work via outbound HTTPS. No inbound ports, no firewall exceptions, no attack surface.
  2. URN over embedding: Large artifacts go to BlobStore; tokens carry only references. The net stays fast and debuggable.
  3. Stateless by design: Executors don’t store state. Kill them, move them, scale them—the Petri net keeps running.
  4. Single net, many environments: The same agentic process definition drives dev, staging, and prod—executors in each environment handle their part.
  5. Event-sourced audit trail: Every token movement, every execution, every result—captured in agentic-net-node’s immutable event log.

This isn’t just architecture for architecture’s sake. It’s the foundation for automation that works in the real world—where security teams have veto power, where legacy systems exist, where “just open a port” isn’t an option.

Built with AgenticOS, agentic-net-executor, SA-BlobStore, and the polling architecture that makes it all work.

Date: January 24, 2026

Leave a Reply

Your email address will not be published. Required fields are marked *