Nox ComputeNOX COMPUTEThe Private Inference Network
Launch App
Nox Agents

Autonomous agents that think in private.

Give a model memory, tools, and permissions — and it runs a reasoning loop on your behalf. Every step executes inside the private inference network, so the thinking never leaks.

Start buildingRead the docs
private by default enclave isolated
The loop

One agent. A continuous loop.

An agent isn't a single call — it's a cycle. Memory feeds the reasoning core, the core picks a tool, permissions gate the action, and the result loops back as new context.

Memory
persistent context
Tools
function calling
Permissions
scoped + approved
Reasoning
private chain

packets show context circulating the loop in real time

agent core
Memorypersistent context
Toolsfunction calling
Permissionsscoped + approved
Reasoningprivate chain
Reasoning timeline

Watch a single turn unfold.

Think → Recall → Call tool → Observe → Answer. Scroll through the loop, or let it autoplay — the active step lights up as the agent works.

  1. 01 · thinkenclave · sealed

    Reason about the goal

    The agent forms a private chain-of-thought, decomposing the request into a plan. Intermediate reasoning never leaves the secure enclave.

  2. 02 · recallctx · 4 slices

    Load relevant memory

    It pulls only the slices of persistent context that matter for this task — encrypted at rest, retrieved by relevance, scoped to the user.

  3. 03 · call toolfn · search()

    Invoke a permitted tool

    A function call is dispatched through a permission gate. Anything outside the approved scope is blocked before it ever runs.

  4. 04 · observeobs · 1.2 kb

    Read the result

    The tool's output returns to the reasoning core. The agent verifies it against the plan and decides whether another step is required.

  5. 05 · answerdone · 940 ms

    Act, then respond

    With the plan satisfied, the agent commits the action and returns a final answer — while the reasoning trail stays confidential.

What powers an agent

Four capabilities, one private boundary.

Each pillar is independently scoped and observable — and none of it ever crosses the private inference network's edge.

Memory

Persistent context that stays yours

Agents remember across sessions without your data ever leaving the private inference boundary. Context is encrypted at rest and retrieved by relevance, never streamed to a third party.

  • Encrypted vector + episodic store
  • Per-user scoping & isolation
  • Relevance-ranked recall
Tools

Function calling, sandboxed

Give an agent typed tools and it decides when to call them. Every invocation runs inside a sandbox with its arguments and results kept inside the enclave.

  • Typed function schemas
  • Deterministic argument validation
  • Sandboxed execution
Permissions

Scoped and user-approved

Nothing runs that you didn't allow. Capabilities are granted per agent, per scope, and sensitive actions surface an approval gate before they execute.

  • Capability-scoped grants
  • Human-in-the-loop approval
  • Full, auditable action log
Reasoning

Chain-of-thought, kept private

The agent's intermediate reasoning is computed inside a confidential enclave. You get the answer and the audit trail — never an exposed thought stream sent to a vendor.

  • Confidential compute enclave
  • No third-party logging
  • Verifiable execution attestation
guarantee

The thinking stays inside the enclave.

Reasoning, memory, and tool I/O are computed inside confidential hardware. You receive the result and a verifiable attestation — never an exposed thought stream.

100%enclave isolation
0vendor logging
fullaction audit

Build an agent that keeps its thoughts to itself.

Wire up memory, tools, and permissions in minutes — and run the whole reasoning loop on the private inference network.

Start buildingTalk to the team