title: Overview

ecOS Overview

ecOS is a modular, CLI-native framework that brings sensing, reasoning, and enforcement to the endpoint. It pairs with LTM to deliver an autonomous, auditable, and explainable security experience.

Why ecOS

  • Speed with assurance — Faster triage and response with transparent evidence and calibrated confidence.
  • Lower operational friction — Evolution is governed by an external mapping (no code changes), reducing coupling and maintenance.
  • Continuous improvement — The Self‑Reinforcing Generative Learning (SRGL) loop converts outcomes and feedback into lasting capability.
  • Trust and accountability — Deterministic policies, auditable learning steps, and precise provenance from collection to decision.

Key Capabilities

  • CLI-native operations — Query local state, run micro‑investigations, stream decisions, and apply policies at the prompt.
  • Explainable autonomy — Decisions include rationale, evidence, uncertainty, and recommended next actions.
  • Evidence‑gap guidance — When confidence is limited, ecOS pinpoints missing signals to collect.
  • Modes of operationObserve, Protect, Learn, Research.
  • Portable — Single‑binary, zero‑install delivery for servers, endpoints, labs, and edge.

See also: Core ComponentsSRGLWorking with LTM