{"id":28412893,"url":"https://github.com/light-magician/capsule","last_synced_at":"2025-06-24T18:31:19.918Z","repository":{"id":293329155,"uuid":"975149719","full_name":"light-magician/capsule","owner":"light-magician","description":"Agent Security Runtime","archived":false,"fork":false,"pushed_at":"2025-06-17T05:59:58.000Z","size":3908,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-17T06:33:27.582Z","etag":null,"topics":["agent","audit","langchain","linux","linux-kernel","runtime","rust","seccomp","seccomp-bpf","seccomp-profile","security-tools"],"latest_commit_sha":null,"homepage":"https://capsuledesu.com","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/light-magician.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-29T21:34:15.000Z","updated_at":"2025-06-13T17:39:11.000Z","dependencies_parsed_at":"2025-05-14T20:26:22.142Z","dependency_job_id":"588aae63-586f-492a-98a4-f875f705e99c","html_url":"https://github.com/light-magician/capsule","commit_stats":null,"previous_names":["light-magician/capsule"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/light-magician/capsule","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/light-magician%2Fcapsule","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/light-magician%2Fcapsule/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/light-magician%2Fcapsule/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/light-magician%2Fcapsule/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/light-magician","download_url":"https://codeload.github.com/light-magician/capsule/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/light-magician%2Fcapsule/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261733588,"owners_count":23201680,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","audit","langchain","linux","linux-kernel","runtime","rust","seccomp","seccomp-bpf","seccomp-profile","security-tools"],"created_at":"2025-06-03T02:00:41.324Z","updated_at":"2025-06-24T18:31:19.907Z","avatar_url":"https://github.com/light-magician.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Capsule\n\n\u003cimg src=\"capsule-flavor-art.png\" alt=\"Capsule logo\" width=\"500\" /\u003e\n\nCapsule is an open‑core security runtime designed for teams embedding agents into production workflows. It compiles a human‑readable `capsule.yaml` policy into an OS‑native sandbox (Seccomp on Linux, Seatbelt on macOS), executes each agent tool invocation under that fine‑grained syscall filter, and writes a tamper‑evident Merkle–chained audit log of every action.\n\nMost “typical” secirity mitigations sit outside the agent—Kubernetes NetworkPolicy, Cloudflare Gateway, seccomp templates, ANSI scrubbers in web consoles, etc. Capsule fuses those layers into one declarative policy that\n(1) is stored, versioned, and hashed alongside code,\n(2) yields a Merkle-chained syscall log you can replay, and\n(3) reloads live without a container rebuild. For teams that already maintain strong infra controls, Capsule is complementary (adds syscall-level proof and simpler audit). For green-field agent startups it’s often strict-superset coverage with far less YAML sprawl.\n\n## Who Is Capsule For?\n\n- **AI Platform Engineers \u0026 DevOps** who need to safely integrate untrusted AI agents into CI/CD, cloud and on‑prem environments without proliferating bespoke container or VM configurations.\n- **Security \u0026 Compliance Teams** that require cryptographic audit trails of every automated task an agent performs, with verifiable detection of tampering or unauthorized calls.\n- **Dev Teams \u0026 Data Scientists** demanding low‑latency, local execution of AI assistants on sensitive codebases or customer data, without surrendering security controls to opaque container runtimes or high‑privilege daemons.\n\n## Problem\n\nAs organizations race to embed AI agents directly into their code, infrastructure and data‑processing pipelines, they face an explosion of fragmented sandboxing and logging solutions:\n\n1. **Containers \u0026 VMs** ship broad syscall whitelists by default, leaving unknown kernel interfaces exposed and requiring cumbersome image maintenance.\n2. **Custom seccomp rules** are often scattered across projects, lacking a unified policy language or automated audit logging.\n3. **Opaque agent runtimes** obscure what code and syscalls an AI can invoke, undermining compliance and forensic investigations.\n\nThese gaps create critical attack vectors—arbitrary code execution, covert data exfiltration via unconventional syscalls, privilege escalation through forgotten interfaces, and undetectable post‑hoc tampering of audit records.\n\n## What Capsule Offers\n\n- **Human‑Readable Policy, Machine‑Enforced**: Define a concise YAML policy once (`capsule.yaml`). The Python SDK validates syntax and emits a JSON policy for the Rust CLI.\n- **Syscall‑Level Isolation**: Seccomp‑BPF filters in the kernel enforce only the syscalls your agents need—no containers, no extra daemons, minimal overhead and no hidden gaps.\n- **Cryptographic Audit Trail**: Every invocation and syscall event is appended to `capsule.log` as a Blake3–Merkle chain. Any insertion, deletion or modification is immediately detectable via `capsule verify`.\n- **Unified Tooling**: The same `capsule run` CLI and `@capsule.tool` Python decorator handle policy enforcement, sandbox setup, execution, logging and verification—no scattered scripts.\n\n_Compared to stitching together Dockerfiles, custom AppArmor profiles, and ad‑hoc loggers, Capsule offers a consolidated, end‑to‑end security architecture that’s easier to reason about, lighter to maintain, and stronger against kernel‑level exploits._\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flight-magician%2Fcapsule","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flight-magician%2Fcapsule","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flight-magician%2Fcapsule/lists"}