Cadence: the resource-oriented smart contract programming language of the Flow network. Capability-based security, type safety, and move semantics

Sandboxed plugin VM with typed capabilities, deterministic replay, and time-travel debugging — written in Rust.

Decentralized OS for multi-tool agent swarms.

Three packages: @kernel.chat/agent-os (POSIX for AI agents — capabilities, namespaces, quotas, taint, audit, vault, outcomes), @kernel.chat/kbot (terminal AI agent, MCP-native, BYOK), @kernel.chat/kbot-finance (audit-grade AI for regulated industries). Provenance-engineering substrate.

Compile-time capability-based security for Rust

Make AI agent actions authorized, auditable, and replayable — not trust-the-prompt. A Rust execution kernel where signed capability writs + effect-ceiling enforcement gate every tool call, and an append-only hash-chained ledger lets you replay and audit exactly what an agent did and why. Cognition proposes; the runtime governs; the ledger records.

The home of the Cadence website

InferNode is a security-focused 64-bit Inferno® OS (ARM64/AMD64) for embedded systems, servers, and AI agents. GPL-free, headless-capable, with 280+ utilities and 9P filesystem protocol. Providing a namespace-based alternative to MCP servers. Namespace-bounded security has been formally verified.

Aster RPC -- peer-to-peer RPC framework with identity in the connection. Machines authenticate to machines, on behalf of users. Built on iroh QUIC + Apache Fory + capability-based credentials.

The markdown coordination layer for agents. One readable timeline where agents claim tasks, post results, and hand off work. You see everything. They never duplicate work.

Semantic substrate for programming languages

Multi-version WASI polyfill (preview1/2/3) for browsers and JavaScript runtimes, with Web Platform API host imports for WebAssembly components.

Deterministic, auditable, capability-safe autonomous agent framework in Rust. Event-sourced, replayable, with governed self-evolution.

A deterministic, distributed, capability-safe execution fabric for agent workflows with verifiable replay and certified audit trails

A local-first WebAssembly sandbox runtime with capability-based security

A Rust-based research microkernel operating system for RISC-V, focused on capability-based security, deterministic testing, and a Service-Plane userspace.

A data-driven, cryptographically signed, registry-backed AI operating system, with capability-scoped execution and graph-executable workflows — living inside your projects, running through a recursive MCP that goes as deep as you dare.

Zero-trust, capability-based Rust microkernel targeting formal verification. Tri-arch (x86_64 / AArch64 / RISC-V). Sovereign and generative: no telemetry, user owns keys and data. Early-stage — see STATUS.md. Inspired by seL4, Hubris, and Redox.

VAC Protocol - Capability-based security for AI agents. Task-scoped credentials, receipt-based state, instant revocation.

Secure-execution domain repository providing modular runtime-security components for sandboxing, capability enforcement, cryptographic isolation, audit logging, and policy-driven execution control — designed for building hardened application and infrastructure runtimes.