Astrid is an operating system designed for AI agents, treating them as first-class citizens akin to processes in traditional OSes. It offers a user-space microkernel architecture where core functionalities like a virtual filesystem, IPC event bus, and a robust security model are provided by the kernel, while higher-level components such as LLM providers, orchestrators, and tools are implemented as swappable, isolated WebAssembly (WASM) "capsules." This composable approach allows users to build highly customized AI agent environments without forking the core system, enabling rapid prototyping, offline operation, and novel agent architectures.

How It Works

Astrid employs a microkernel architecture where a Rust-based daemon manages core OS resources. AI agents run as isolated WASM processes (capsules), interacting via a typed IPC event bus. A copy-on-write virtual filesystem (VFS) provides agents with a sandboxed view of their workspace. Security is enforced through a five-layer gate: Policy, Capability Tokens (ed25519), Budget Enforcement, Human Approval, and a Cryptographic Audit Trail. Capsules are defined by Capsule.toml manifests, declaring their dependencies and exports, which are resolved via topological sort at boot time. This design prioritizes flexibility and security, allowing components to be swapped or extended dynamically.

Quick Start & Requirements

• Primary install: cargo install astrid (installs CLI and daemon).
• Prerequisites: Rust 1.94+, an LLM provider API key (e.g., Anthropic) for the default distro.
• Build from source: Clone https://github.com/unicity-astrid/astrid.git, then cargo build --release.
• Documentation: CHANGELOG.md for detailed changes.

Highlighted Details

• Security Model: A five-layer gate (Policy, Token, Budget, Approval, Audit) protects sensitive actions, configurable via modes like safe, guided, autonomous, and yolo.
• VFS: A copy-on-write overlay filesystem allows agents to modify their environment ephemerally, with changes optionally committed to a persistent workspace.
• Capsule Types: Supports WASM (via Extism/Wasmtime), MCP (native subprocesses proxied via JSON-RPC), and Static (declarative context injection).
• Multi-Principal Support: Provides strong isolation for individual user principals, including separate capsules, KV data, audit chains, and capability tokens.
• Distro System: Curated sets of capsules defined in Distro.toml manifests enable reproducible deployments, locked via Distro.lock with BLAKE3 hashes.

Maintenance & Community

Copyright is held by Joshua J. Bouw and Unicity Labs for 2025-2026. Specific details on active maintenance, community channels (like Discord/Slack), or notable contributors are not detailed in the provided README.

Licensing & Compatibility

Astrid is dual-licensed under both the MIT and Apache 2.0 licenses. This permissive licensing generally allows for broad compatibility with commercial and closed-source projects.

Limitations & Caveats

Currently at v0.5.0, Astrid is in active early development. Key features like multi-node SurrealDB support, WASM Component Model migration, additional frontends, and a public capsule registry are explicitly listed as "Not yet done." Upgrading to v0.5.0 requires deleting the existing ~/.astrid/ directory due to a restructuring of the FHS layout, indicating a lack of backward compatibility for configuration.