// the find
unicity-astrid/astrid
Unicity Astrid OS: a secure operating system for AI agents.
Astrid is a capability-based OS-grade runtime for AI agents, written in Rust. It runs agent components as WebAssembly capsules with no ambient authority — every file, network, or process access requires an explicit signed capability grant. It is for teams who need hard security boundaries around agent execution, not prompt-level instructions that a model can be talked out of.
The kernel-is-dumb design is the right call: it routes events and enforces capabilities but holds no model state or tool schemas, so a compromised capsule cannot corrupt shared kernel internals. The capability model is properly decomposed — seven independent enforcement points (WASM sandbox, manifest gate, IPC ACL, capability token, approval gate, OS sandbox, audit chain) rather than a single interceptor that becomes a single point of failure. The signed, hash-linked audit trail is verifiable offline and per-principal, which is the kind of thing enterprise security teams actually need. Hot-swap capsule lifecycle without a daemon restart is a real operational win for long-running agent workflows.
Ten thousand stars and 130 forks is a bad ratio — suggests most interest is passive, not adoption-driven; the capsule ecosystem is nascent and a runtime without capsules is just overhead. The `wasm32-unknown-unknown` target means capsules cannot use WASI, so anything touching the filesystem or network must go through the Astrid WIT ABI — every third-party Rust library that assumes std I/O is a porting problem. The distro + `Distro.lock` model for capsule distribution has no obvious public registry yet, which means writing your own capsules is the only reliable path. Windows is missing from the install instructions and the OS sandbox layer (bwrap/seatbelt) is Linux/macOS-only, making this a non-starter for Windows-heavy shops.