heatdrop.ai

The hottest AI & LLM repositories on GitHub — measured, ranked, and explained.

← all repositories
unicity-astrid/astrid

AI agents get an OS: processes, sandboxes, and a real boot sequence

Astrid treats AI agents like Linux treats processes—complete with a microkernel, WASM isolation, and swappable capsules instead of hardcoded frameworks.

8.1k stars Rust AgentsLLMOps · Eval
View on GitHub
astrid
Velocity · 7d
+72
★ / day
Trend
steady
star history

What it does

Astrid is a user-space microkernel that runs AI agents as isolated WASM processes. It boots a kernel, mounts a copy-on-write filesystem, enforces ed25519 capability tokens, and routes inter-capsule messages over an IPC event bus. Everything beyond the kernel—LLM providers, orchestrators, tools, frontends—is a hot-swappable “capsule” loaded at runtime. You compose, you don’t fork.

The interesting bit

The architecture inverts typical agent frameworks. Instead of importing an LLM client library and hacking the orchestration loop, you drop in a provider capsule that speaks the same IPC schema as every other provider. The orchestrator doesn’t know if it’s talking to Ollama, OpenAI, or a cached stub. Researchers can write a Monte Carlo tree search orchestrator or a chain-of-verification loop without touching sandboxing, audit, or budget code—that’s the kernel’s job.

Key highlights

  • Five-layer security gate: policy hard-blocks → capability tokens → dual budget enforcement → human approval → cryptographic audit trail with chained hashes
  • WASM capsules via Extism/Wasmtime: 64 MB memory ceiling, 5-minute timeout, BLAKE3 binary verification, 49 host ABI functions for filesystem, IPC, HTTP, KV storage, etc.
  • Copy-on-write VFS overlay: reads from workspace, writes to ephemeral temp layer; path traversal blocked before hitting the host filesystem
  • Self-modifying agents: agents can author, build, and install new capsules at runtime, extending their own OS within capability boundaries
  • #[capsule] proc macro in Rust SDK handles all WASM ABI boilerplate; TypeScript plugins compile through an all-Rust pipeline (OXC → QuickJS/Wizer)

Caveats

  • Only frontend today is a built-in CLI (astrid chat); no web UI or IDE integration yet
  • v0.5.0, user-space only; unikernel deployment is designed-for but not shipped
  • Many ambitious scenarios (multi-provider routing, autonomous overnight workers) are architecturally possible but capsule ecosystem is early; README explicitly notes “how many capsules have been built on top of this foundation so far” varies

Verdict

Worth watching if you’re building agent infrastructure or doing research on novel agent architectures—someone finally separated the sandbox from the strategy. Skip it if you need a polished product today; this is a kernel waiting for its distro ecosystem.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.