ZitPit: Consumer-Side Admission Control for Agentic Software Intake

Computer Science > Cryptography and Security [Submitted on 5 Apr 2026] ZitPit: Consumer-Side Admission Control for Agentic Software Intake Jepson Taylor (VEOX Research Group), Chris Brousseau (VEOX Research Group), Jordan Hildebrandt (VEOX Research Group), Kelli Quinn (VEOX Research Group) AI IDEs and coding agents compress discovery, fetch, workspace open, installation, and execution into one low-observability loop. Existing defenses such as provenance frameworks, package and repository firewalls, runtime protection, and tool-approval prompts each cover part of that path, but they often leave the final consumer-side execution decision implicit. ZitPit is a 100% open-source Rust system that argues for a stricter boundary: first-seen external artifacts should become durable policy events before they gain execution rights on protected developer or CI hosts. The current public evidence is intentionally narrow and explicit. It includes repeated Git smart-HTTP intake measurements showing that approved artifacts can remain faster than unmanaged public fetch, plus implemented protected-session and governed-egress proof families. The broader contribution is architectural rather than universal-coverage-by-assertion: ZitPit unifies artifact admission, repo-open state, capability-scoped execution, and durable policy records at the consumer execution boundary for agentic workflows. Comments: 6 pages, 2 figures Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2604.06241 [cs.CR]   (or arXiv:2604.06241v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2604.06241 Focus to learn more Submission history From: Ben Taylor [view email] [v1] Sun, 5 Apr 2026 08:15:13 UTC (99 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-04 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)