finds.dev← search

// the find

astrid-runtime/astrid

★ 10,321 · Rust · Apache-2.0 · updated Jul 2026

Astrid is a portable, capability-secure operating system for composable software.

Astrid is a WASM-based agent runtime that treats security as an OS problem rather than a prompt problem — each capability (file access, network, tools) requires an explicit signed grant, not model cooperation. It's aimed at developers who need to run AI agents on real infrastructure and can't afford to trust the model to police itself. Pre-1.0, but already shipping a real capability model with ed25519 tokens, per-principal isolation, and a signed audit chain.

The security model is decomposed across seven independent enforcement points rather than a single interceptor — breaking one doesn't break the others. The kernel genuinely holds no LLM state or tool registry; all intelligence lives in capsules, so a compromised capsule can't corrupt shared kernel state. Live capsule hot-swap without daemon restart is real and already in 0.9, which matters for agent uptime. The SSRF airlock and local-egress consent (transport-origin marker + runtime elicitation) show the authors are thinking about second-order attack vectors, not just the obvious ones.

The capsule SDK targets wasm32-unknown-unknown, which means no std threading and limited ecosystem compatibility — authors of capsules will hit friction fast when pulling in anything that expects a real OS. The distro model (curated capsule bundles with a Distro.lock) is load-bearing for supply-chain safety, but there's only one reference distro so far; if you're not using the default bundle you're on your own for verification. With 130 forks and no public production deployments mentioned, the operational story beyond a single developer machine is thin — the HTTP gateway deployment runbook exists but there's nothing about multi-node or HA. The `astrid-cli-mockup` crate living in the same repo as production code is a yellow flag for where the UX is right now versus where it was demoed.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →