Sandboxed plugin VM with typed capabilities, deterministic replay, and time-travel debugging — written in Rust.

Operating system written in Erlang and Rust

Native Rust runtime for adversarial extension workloads with deterministic replay, cryptographic decision receipts, and fleet-scale containment.

A scripting language for cowboy coders

plan-bound authorization architecture for governing privileged effects in untrusted computational agents.

Electron runtime layer providing protocol-based separation, component assembly, and capability-based process control.

KAIROS-ARK is a high-performance, Rust-based Agent Runtime Kernel built for industrial-grade reliability. It delivers sub-100µs dispatch latency, event-sourced deterministic replay, and kernel-enforced capability sandboxing, bridging Python prototypes and production AI systems.

my tinkering notebook (blog)

Cryptographic trust mediation layer for AI agent frameworks. Apache 2.0 reference architecture composing device-attested admission, short-TTL scoped capabilities, runtime continuity envelopes, context provenance anchoring, agent intent binding, FHE context gate, MCP boundary mediation, signed policy bundles, and tamper-evident audit chain.

A WASM‑first, capability‑native unikernel designed to run small, isolated WASI workloads on edge/cloud hosts, providing deterministic temporal snapshots, capability‑based authority transfer, and in‑kernel verification to enable secure, auditable migration and replay. It targets security and audit-sensitive deployments and systems‑research

The Kernel of CharlotteOS, An Experimental Modern Operating System

JavaScript on genode using the Moddable XS engine

Bounded shell and CLI execution for AI agents: structured contracts, policy-gated execution, hardened Linux runtime enforcement, and signed receipts.

Capability-security kernel for autonomous agents — seccomp/SELinux for agentic AI. Formal, auditable, language-agnostic, cryptographically verifiable.

🚀 Streamline agentic AI workflows with KAIROS-ARK, a robust OS focused on integrity, reproducibility, and superior governance for critical applications.

agent-h: modular research-grade autonomous agent stack — capability-sandboxed execution (kiln), multi-provider LLM routing, capability inference, signed audit attestation, and more.

A sample fastapi web app to integrate with a Tahoe-LAFS grid

Tiny Rust runtime turning devices you own into one cooperative compute fabric, gated by typed capabilities

Capability-based containment for autonomous agents.

Toy governance CLI demo: deny-by-default “danger actions” gated by signed, expiring capability leases (global revoke-all + nonce revoke) plus guarded memory quarantine. Simulation-only: no real network/shell/files. Includes tripwire + tests to prevent misuse.