中文简体 | Español | Português | 日本語 | Deutsch

---

🚀 What is Symbiont?

Symbi is a Rust-native, zero-trust agent framework for building autonomous, policy-aware AI agents. It fixes the biggest flaws in existing frameworks like LangChain and AutoGPT by focusing on:

• Security-first: cryptographic audit trails, enforced policies, and sandboxing.
• Zero trust: all inputs are treated as untrusted by default.
• Enterprise-grade compliance: designed for regulated industries (HIPAA, SOC2, finance).

Symbiont agents collaborate safely with humans, tools, and LLMs — without sacrificing security or performance.

---

⚡ Why Symbiont?

Feature	Symbiont	LangChain	AutoGPT
Language	Rust (safety, performance)	Python	Python
Security	Zero-trust, cryptographic audit	Minimal	None
Reasoning Loop	Typestate-enforced ORGA with policy gate	Simple chains	Ad-hoc
Knowledge Bridge	Vector search + episodic memory	RAG only	None
Policy Engine	Built-in DSL + Cedar	Limited	None
Deployment	REPL, Docker, HTTP API	Python scripts	CLI hacks
Audit Trails	Cryptographic logs	No	No

---

🏁 Quick Start

Prerequisites

• Docker (recommended) or Rust 1.88+
• No external vector database required (LanceDB embedded; Qdrant optional for scaled deployments)

Run with Pre-Built Containers

# Parse an agent DSL file
docker run --rm -v $(pwd):/workspace ghcr.io/thirdkeyai/symbi:latest dsl parse /workspace/agent.dsl

# Run MCP Server
docker run --rm -p 8080:8080 ghcr.io/thirdkeyai/symbi:latest mcp

# Interactive development shell
docker run --rm -it -v $(pwd):/workspace ghcr.io/thirdkeyai/symbi:latest bash

Build from Source

# Build dev environment
docker build -t symbi:latest .
docker run --rm -it -v $(pwd):/workspace symbi:latest bash

# Build unified binary
cargo build --release

# Run REPL
cargo run -- repl

# Parse DSL & run MCP
cargo run -- dsl parse my_agent.dsl
cargo run -- mcp --port 8080

---

🔧 Key Features

• ✅ DSL Grammar – Define agents declaratively with built-in security policies, memory, webhook, schedule, and channel blocks.
• ✅ Agent Runtime – Task scheduling, resource management, and lifecycle control.
• 🔄 Agentic Reasoning Loop – Typestate-enforced Observe-Reason-Gate-Act (ORGA) cycle with multi-turn conversation management, unified inference across cloud and local SLM providers, circuit breakers, and durable journal. Five implementation phases: core loop, policy integration, human-in-the-loop, multi-agent patterns, and observability.
• 🧠 Knowledge-Reasoning Bridge – Opt-in integration between the knowledge/context system and the reasoning loop. Injects relevant context before each reasoning step, exposes recall_knowledge/store_knowledge as LLM-callable tools, and persists learnings after loop completion.
• ⏰ Cron Scheduling – Persistent SQLite-backed cron engine with jitter, concurrency guards, dead-letter queues, and heartbeat pattern.
• 🧠 Persistent Memory – Markdown-backed agent memory with facts, procedures, learned patterns, daily logs, and retention-based compaction.
• 🪝 Webhook Verification – HMAC-SHA256 and JWT signature verification with GitHub, Stripe, and Slack presets.
• 🛡️ Skill Scanning – ClawHavoc scanner with 40 rules across 10 attack categories (reverse shells, credential harvesting, process injection, privilege escalation, network exfiltration, and more). 5-level severity model (Critical/High/Medium/Warning/Info) with executable whitelisting.
• 📈 Metrics & Telemetry – File and OTLP metric exporters with composite fan-out and background collection. OpenTelemetry distributed tracing spans for the reasoning loop.
• 🔒 HTTP Security Hardening – Loopback-only binding, CORS allow-lists, JWT EdDSA validation, health endpoint separation.
• 🔒 Sandboxing – Tier-1 Docker isolation for agent execution.
• 🔒 SchemaPin Security – Cryptographic verification of tools and schemas.
• 🔒 AgentPin Identity – Domain-anchored cryptographic identity for scheduled agents.
• 🔒 Secrets Management – HashiCorp Vault / OpenBao integration, AES-256-GCM encrypted storage.
• 🔑 Per-Agent API Keys – Argon2-hashed API key authentication with per-IP rate limiting.
• 🧠 Context Compaction – Automatic context window management with tiered compaction: LLM-driven summarization (Tier 1) and truncation (Tier 4). Multi-model token counting (OpenAI, Claude, Gemini, Llama, Mistral, and more).
• 📊 RAG Engine – Vector search (LanceDB embedded) with hybrid semantic + keyword retrieval. Optional Qdrant backend for scaled deployments.
• 🧩 MCP Integration – Native support for Model Context Protocol tools, plus Composio SSE integration for external tool access.
• 📡 Optional HTTP API – Feature-gated REST interface for external integration.
• 📋 Delivery Routing – Route scheduled agent output to webhooks, Slack, email, or custom channels.
• 📝 AGENTS.md Support – Bidirectional agent manifest generation and parsing for interoperability.
• ⚡ Performance Verified – Benchmarked claims: policy evaluation <1ms, ECDSA P-256 verification <5ms, 10k agent scheduling with <2% CPU overhead.

---

📦 Workspace Crates

Crate	Description	Status
symbi	Unified CLI binary	Stable
symbi-runtime	Core agent runtime	Stable
symbi-dsl	DSL parser and evaluator	Stable
symbi-channel-adapter	Slack/Teams/Mattermost adapters	Stable
repl-core	REPL engine	Stable
repl-proto	JSON-RPC protocol	Stable
repl-cli	Interactive CLI + JSON-RPC server	Stable
repl-lsp	Language Server Protocol	Stable
symbi-a2ui	Admin dashboard (Lit/TypeScript)	Alpha

---

📐 Symbiont DSL Example

metadata {
    version = "1.0.0"
    author = "Your Name"
    description = "Data analysis agent"
}

agent analyze_data(input: DataSet) -> Result {
    capabilities = ["data_analysis", "visualization"]
    
    policy data_privacy {
        allow: read(input) if input.anonymized == true
        deny: store(input) if input.contains_pii == true
        audit: all_operations
    }
    
    with memory = "persistent", requires = "approval" {
        if (llm_check_safety(input)) {
            result = analyze(input);
            return result;
        } else {
            return reject("Safety check failed");
        }
    }
}

---

🔒 Security Model

• Zero Trust – all agent inputs are untrusted by default.
• Sandboxed Execution – Docker-based containment for processes.
• Audit Logging – Cryptographically tamper-evident logs.
• Secrets Control – Vault/OpenBao backends, encrypted local storage, agent namespaces.

---

📚 Documentation

• Getting Started
• DSL Guide
• Runtime Architecture
• Reasoning Loop Guide
• Security Model
• API Reference

---

🎯 Use Cases

• Development & Automation

  • Secure code generation & refactoring.
  • AI agent deployment with enforced policies.
  • Knowledge management with semantic search.

• Enterprise & Regulated Industries

  • Healthcare (HIPAA-compliant processing).
  • Finance (audit-ready workflows).
  • Government (classified context handling).
  • Legal (confidential document analysis).

---

📄 License

• Community Edition: MIT License
• Enterprise Edition: Commercial license required

Contact ThirdKey for enterprise licensing.

---

Symbiont enables secure collaboration between AI agents and humans through intelligent policy enforcement, cryptographic verification, and comprehensive audit trails.