Sandboxed plugin VM with typed capabilities, deterministic replay, and time-travel debugging — written in Rust.
-
Updated
May 15, 2026 - Rust
Sandboxed plugin VM with typed capabilities, deterministic replay, and time-travel debugging — written in Rust.
Native Rust runtime for adversarial extension workloads with deterministic replay, cryptographic decision receipts, and fleet-scale containment.
A scripting language for cowboy coders
plan-bound authorization architecture for governing privileged effects in untrusted computational agents.
Electron runtime layer providing protocol-based separation, component assembly, and capability-based process control.
KAIROS-ARK is a high-performance, Rust-based Agent Runtime Kernel built for industrial-grade reliability. It delivers sub-100µs dispatch latency, event-sourced deterministic replay, and kernel-enforced capability sandboxing, bridging Python prototypes and production AI systems.
Resource-safe, effect-typed programs in syntax you already know. A checked affine core with familiar Faces — JavaScript-, Python-, functional-, and pseudocode-shaped surfaces — compiling to typed WebAssembly.
A capability-native research kernel for explicit authority, isolated execution, temporal state, and verifiable system boundaries. It is particularly efficient with WebAssembly
A capability-centric programming language. Hand-written compiler in Python.
The Estate's primary MCP server — GitHub, GitLab, and 115+ capability cartridges. Formally verified BoJ-server-ABI in Idris2 0.8.0 (%default total) with safety lemmas for credential isolation.
my tinkering notebook (blog)
Provenance-gated tool calls for AI agents. A local YAML+CEL policy gates each tool call on the provenance of its arguments. Deterministic, in-process, no model.
JavaScript on genode using the Moddable XS engine
The Kernel of CharlotteOS, An Experimental Modern Operating System
Tiny Rust runtime turning devices you own into one cooperative compute fabric, gated by typed capabilities
Security-first programming language for building high-assurance services, secure communications, privacy-aware networking tools, policy-enforced runtimes, secret-safe data pipelines, and auditable least-authority systems.
Capability-security kernel for autonomous agents — seccomp/SELinux for agentic AI. Formal, auditable, language-agnostic, cryptographically verifiable.
Cryptographic trust mediation layer for AI agent frameworks. Apache 2.0 reference architecture composing device-attested admission, short-TTL scoped capabilities, runtime continuity envelopes, context provenance anchoring, agent intent binding, FHE context gate, MCP boundary mediation, signed policy bundles, and tamper-evident audit chain.
Add a description, image, and links to the capability-security topic page so that developers can more easily learn about it.
To associate your repository with the capability-security topic, visit your repo's landing page and select "manage topics."