Symbiont Documentation¶

Policy-governed agent runtime for production. Execute AI agents and tools under explicit policy, identity, and audit controls.

What is Symbiont?¶

Symbiont is a Rust-native runtime for executing AI agents and tools under explicit policy, identity, and audit controls.

Most agent frameworks focus on orchestration. Symbiont focuses on what happens when agents need to run in real environments with real risk: untrusted tools, sensitive data, approval boundaries, audit requirements, and repeatable enforcement.

How it works¶

Symbiont separates agent intent from execution authority:

Agents propose actions through the reasoning loop (Observe-Reason-Gate-Act)
The runtime evaluates each action against policy, identity, and trust checks
Policy decides — allowed actions execute; denied actions are blocked or routed for approval
Everything is logged — tamper-evident audit trail for every decision

Model output is never treated as execution authority. The runtime controls what actually happens.

Core capabilities¶

Capability	What it does
Policy engine	Fine-grained Cedar authorization for agent actions, tool calls, and resource access
Tool verification	SchemaPin cryptographic verification of MCP tool schemas before execution
Agent identity	AgentPin domain-anchored ES256 identity for agents and scheduled tasks
Reasoning loop	Typestate-enforced Observe-Reason-Gate-Act cycle with policy gates and circuit breakers
Sandboxing	Docker-based isolation with resource limits for untrusted workloads
Audit logging	Tamper-evident logs with structured records for every policy decision
Secrets management	Vault/OpenBao integration, AES-256-GCM encrypted storage, scoped per agent
MCP integration	Native Model Context Protocol support with governed tool access

Additional capabilities: threat scanning for tool/skill content, cron scheduling, persistent agent memory, hybrid RAG search (LanceDB/Qdrant), webhook verification, delivery routing, OTLP telemetry, HTTP security hardening, channel adapters (Slack/Teams/Mattermost), and governance plugins for Claude Code and Gemini CLI.

Quick start¶

Installation¶

Install script (macOS / Linux):

curl -fsSL https://symbiont.dev/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Docker:

docker run --rm -p 8080:8080 -p 8081:8081 ghcr.io/thirdkeyai/symbi:latest up

From source:

git clone https://github.com/thirdkeyai/symbiont.git
cd symbiont
cargo build --release

Pre-built binaries are also available from GitHub Releases. See the Getting Started guide for full details.

Your first agent¶

agent secure_analyst(input: DataSet) -> Result {
    policy access_control {
        allow: read(input) if input.verified == true
        deny: send_email without approval
        audit: all_operations
    }

    with memory = "persistent", requires = "approval" {
        result = analyze(input);
        return result;
    }
}

See the DSL guide for the full grammar including metadata, schedule, webhook, and channel blocks.

Project scaffolding¶

symbi init        # Interactive project setup with profile templates
symbi run agent   # Run a single agent without starting the full runtime
symbi up          # Start the full runtime with auto-configuration

Architecture¶

graph TB
    A[Policy Engine — Cedar] --> B[Core Runtime]
    B --> C[Reasoning Loop — ORGA]
    B --> D[DSL Parser]
    B --> E[Sandbox — Docker]
    B --> I[Audit Trail]

    subgraph "Scheduling"
        S[Cron Scheduler]
        H[Session Isolation]
        R[Delivery Router]
    end

    subgraph "Channels"
        SL[Slack]
        TM[Teams]
        MM[Mattermost]
    end

    subgraph "Knowledge"
        J[Context Manager]
        K[Vector Search]
        L[RAG Engine]
        MD[Agent Memory]
    end

    subgraph "Trust Stack"
        M[MCP Client]
        N[SchemaPin]
        O[AgentPin]
        SK[Threat Scanner]
    end

    C --> S
    S --> H
    S --> R
    R --> SL
    R --> TM
    R --> MM
    C --> J
    C --> M
    J --> K
    J --> L
    J --> MD
    M --> N
    C --> O
    C --> SK

Security model¶

Symbiont is designed around a simple principle: model output should never be trusted as execution authority.

Actions flow through runtime controls:

Zero trust — all agent inputs are untrusted by default
Policy checks — Cedar authorization before every tool call and resource access
Tool verification — SchemaPin cryptographic verification of tool schemas
Sandbox boundaries — Docker isolation for untrusted execution
Operator approval — human review gates for sensitive actions
Secrets control — Vault/OpenBao backends, encrypted local storage, agent namespaces
Audit logging — cryptographically tamper-evident records of every decision

See the Security Model guide for full details.

Guides¶

Getting Started — Installation, configuration, first agent
Security Model — Zero-trust architecture, policy enforcement
Runtime Architecture — Runtime internals and execution model
Reasoning Loop — ORGA cycle, policy gates, circuit breakers
DSL Guide — Agent definition language reference
API Reference — HTTP API endpoints and configuration
Scheduling — Cron engine, delivery routing, dead-letter queues
HTTP Input — Webhook server, auth, rate limiting

Community and resources¶

Packages: crates.io/crates/symbi | npm symbiont-sdk-js | PyPI symbiont-sdk
Plugins: Claude Code | Gemini CLI
Issues: GitHub Issues
License: Apache 2.0 (Community Edition)

Next steps¶

Get Started

Install Symbiont and run your first governed agent.

Quick Start Guide

Security Model

Understand the trust boundaries and policy enforcement.

Security Guide

DSL Reference

Learn the agent definition language.

DSL Guide