Compile-time capability-based security for Rust
Decentralized Agentic OS — sandboxed WASM agents with capability-based security over Cap'n Proto RPC
An operating system where AI agents are the native processes and humans are supervisors. Capability-based security, MCP-native IPC, kernel-level audit trail, human-in-the-loop approval.
The markdown coordination layer for agents. One readable timeline where agents claim tasks, post results, and hand off work. You see everything. They never duplicate work.
A local-first WebAssembly sandbox runtime with capability-based security
A data-driven, cryptographically signed, registry-backed AI operating system, with capability-scoped execution and graph-executable workflows — living inside your projects, running through a recursive MCP that goes as deep as you dare.
Deterministic, auditable, capability-safe autonomous agent framework in Rust. Event-sourced, replayable, with governed self-evolution.
Rust microkernel for GPU-isolated AI inference
Secure-execution domain repository providing modular runtime-security components for sandboxing, capability enforcement, cryptographic isolation, audit logging, and policy-driven execution control — designed for building hardened application and infrastructure runtimes.
InferNode is a security-focused 64-bit Inferno® OS (ARM64/AMD64) for embedded systems, servers, and AI agents. GPL-free, headless-capable, with 280+ utilities and 9P filesystem protocol. Providing a namespace-based alternative to MCP servers. Namespace-bounded security has been formally verified.
Capability-based authorization and policy enforcement for agents using large MCP and A2A tool ecosystems.
Semantic substrate for programming languages
🛡️ WASI 0.2 security simulation: A data diode runtime that allows sensor reads but blocks network exfiltration. Built with Rust, Leptos, and the Component Model
A deterministic, distributed, capability-safe execution fabric for agent workflows with verifiable replay and certified audit trails
VAC Protocol - Capability-based security for AI agents. Task-scoped credentials, receipt-based state, instant revocation.
Toy governance CLI demo: deny-by-default “danger actions” gated by signed, expiring capability leases (global revoke-all + nonce revoke) plus guarded memory quarantine. Simulation-only: no real network/shell/files. Includes tripwire + tests to prevent misuse.
Edge computing demo with Rust + WASM. Features URL shortener, rate limiter, and capability-based security—all running on Cloudflare Workers. Interactive Leptos dashboard with live stats. Demonstrates Workers KV, edge-based rate limiting, and WASI security patterns.
Secure execution substrate for immutable agent skills with explicit capabilities, cryptographic provenance, and auditable deterministic runs.
Embedded typed effect language for Go — Atkey indexed monads with row-typed capabilities. Purpose-built for AI agent sandboxing.
Example skills, manifests, and reference projects for building on Inactu.
Add a description, image, and links to the capability-based-security topic page so that developers can more easily learn about it.
To associate your repository with the capability-based-security topic, visit your repo's landing page and select "manage topics."