Sandboxed plugin VM with typed capabilities, deterministic replay, and time-travel debugging — written in Rust.
Native Rust runtime for adversarial extension workloads with deterministic replay, cryptographic decision receipts, and fleet-scale containment.
A scripting language for cowboy coders
plan-bound authorization architecture for governing privileged effects in untrusted computational agents.
Electron runtime layer providing protocol-based separation, component assembly, and capability-based process control.
KAIROS-ARK is a high-performance, Rust-based Agent Runtime Kernel built for industrial-grade reliability. It delivers sub-100µs dispatch latency, event-sourced deterministic replay, and kernel-enforced capability sandboxing, bridging Python prototypes and production AI systems.
my tinkering notebook (blog)
The Estate's primary MCP server — GitHub, GitLab, and 115+ capability cartridges. Formally verified BoJ-server-ABI in Idris2 0.8.0 (%default total) with safety lemmas for credential isolation.
Cryptographic trust mediation layer for AI agent frameworks. Apache 2.0 reference architecture composing device-attested admission, short-TTL scoped capabilities, runtime continuity envelopes, context provenance anchoring, agent intent binding, FHE context gate, MCP boundary mediation, signed policy bundles, and tamper-evident audit chain.
A WASM‑first, capability‑native unikernel designed to run small, isolated WASI workloads on edge/cloud hosts, providing deterministic temporal snapshots, capability‑based authority transfer, and in‑kernel verification to enable secure, auditable migration and replay. It targets security and audit-sensitive deployments and systems‑research
The Kernel of CharlotteOS, An Experimental Modern Operating System
Bounded shell and CLI execution for AI agents: structured contracts, policy-gated execution, hardened Linux runtime enforcement, and signed receipts.
JavaScript on genode using the Moddable XS engine
Capability-security kernel for autonomous agents — seccomp/SELinux for agentic AI. Formal, auditable, language-agnostic, cryptographically verifiable.
🚀 Streamline agentic AI workflows with KAIROS-ARK, a robust OS focused on integrity, reproducibility, and superior governance for critical applications.
Tiny Rust runtime turning devices you own into one cooperative compute fabric, gated by typed capabilities
A sample fastapi web app to integrate with a Tahoe-LAFS grid
agent-h: modular research-grade autonomous agent stack — capability-sandboxed execution (kiln), multi-provider LLM routing, capability inference, signed audit attestation, and more.
Add a description, image, and links to the capability-security topic page so that developers can more easily learn about it.
To associate your repository with the capability-security topic, visit your repo's landing page and select "manage topics."