Compile-time capability-based security for Rust
Decentralized Agentic OS — sandboxed WASM agents with capability-based security over Cap'n Proto RPC
An operating system where AI agents are the native processes and humans are supervisors. Capability-based security, MCP-native IPC, kernel-level audit trail, human-in-the-loop approval.
The markdown coordination layer for agents. One readable timeline where agents claim tasks, post results, and hand off work. You see everything. They never duplicate work.
A local-first WebAssembly sandbox runtime with capability-based security
A data-driven, cryptographically signed, registry-backed AI operating system, with capability-scoped execution and graph-executable workflows — living inside your projects, running through a recursive MCP that goes as deep as you dare.
Rust microkernel for GPU-isolated AI inference
InferNode is a security-focused 64-bit Inferno® OS (ARM64/AMD64) for embedded systems, servers, and AI agents. GPL-free, headless-capable, with 280+ utilities and 9P filesystem protocol. Providing a namespace-based alternative to MCP servers. Namespace-bounded security has been formally verified.
Secure-execution domain repository providing modular runtime-security components for sandboxing, capability enforcement, cryptographic isolation, audit logging, and policy-driven execution control — designed for building hardened application and infrastructure runtimes.
Capability-based authorization and policy enforcement for agents using large MCP and A2A tool ecosystems.
Deterministic, auditable, capability-safe autonomous agent framework in Rust. Event-sourced, replayable, with governed self-evolution.
Semantic substrate for programming languages
🛡️ WASI 0.2 security simulation: A data diode runtime that allows sensor reads but blocks network exfiltration. Built with Rust, Leptos, and the Component Model
VAC Protocol - Capability-based security for AI agents. Task-scoped credentials, receipt-based state, instant revocation.
A pattern for implementing "insider" encapsulation (trusted/"friend"-only access) of properties and methods in native JavaScript using ES2022 private fields and explicit trust declarations.
A deterministic, distributed, capability-safe execution fabric for agent workflows with verifiable replay and certified audit trails
Secure execution substrate for immutable agent skills with explicit capabilities, cryptographic provenance, and auditable deterministic runs.
Edge computing demo with Rust + WASM. Features URL shortener, rate limiter, and capability-based security—all running on Cloudflare Workers. Interactive Leptos dashboard with live stats. Demonstrates Workers KV, edge-based rate limiting, and WASI security patterns.
Toy governance CLI demo: deny-by-default “danger actions” gated by signed, expiring capability leases (global revoke-all + nonce revoke) plus guarded memory quarantine. Simulation-only: no real network/shell/files. Includes tripwire + tests to prevent misuse.
Embedded typed effect language for Go — Atkey indexed monads with row-typed capabilities. Purpose-built for AI agent sandboxing.
Add a description, image, and links to the capability-based-security topic page so that developers can more easily learn about it.
To associate your repository with the capability-based-security topic, visit your repo's landing page and select "manage topics."