Symbiont Documentation

AI-native agent framework for building autonomous, policy-aware agents with scheduling, channel adapters, and cryptographic identity — built in Rust.

Get started now View on GitHub

---

🌐 Other Languages

English

中文简体

Español

Português

日本語

Deutsch

---

What is Symbiont?

Symbiont is an AI-native agent framework for building autonomous, policy-aware agents that safely collaborate with humans, other agents, and large language models. It provides a complete production stack — from a declarative DSL and scheduling engine to multi-platform channel adapters and cryptographic identity verification — all built in Rust for performance and safety.

Key Features

• 🛡️ Security-First Design: Zero-trust architecture with multi-tier sandboxing, policy enforcement, and cryptographic audit trails
• 📋 Declarative DSL: Purpose-built language for defining agents, policies, schedules, and channel integrations with tree-sitter parsing
• 📅 Production Scheduling: Cron-based task execution with session isolation, delivery routing, dead-letter queues, and jitter support
• 💬 Channel Adapters: Connect agents to Slack, Microsoft Teams, and Mattermost with webhook verification and identity mapping
• 🌐 HTTP Input Module: Webhook server for external integrations with Bearer/JWT auth, rate limiting, and CORS
• 🔑 AgentPin Identity: Cryptographic agent identity verification via ES256 JWTs anchored to well-known endpoints
• 🔐 Secrets Management: HashiCorp Vault integration with encrypted file and OS keychain backends
• 🧠 Context & Knowledge: RAG-enhanced knowledge systems with vector search (Qdrant) and optional local embeddings
• 🔗 MCP Integration: Model Context Protocol client with SchemaPin cryptographic tool verification
• ⚡ Multi-Language SDKs: JavaScript and Python SDKs for full API access including scheduling, channels, and enterprise features
• 🏗️ High Performance: Rust-native runtime optimized for production workloads with async execution throughout

---

Getting Started

Quick Installation

# Clone the repository
git clone https://github.com/thirdkeyai/symbiont.git
cd symbiont

# Build unified symbi container
docker build -t symbi:latest .

# Or use pre-built container
docker pull ghcr.io/thirdkeyai/symbi:latest

# Test the system
cargo test

# Test the unified CLI
docker run --rm symbi:latest --version
docker run --rm -v $(pwd):/workspace symbi:latest dsl parse --help
docker run --rm symbi:latest mcp --help

Your First Agent

metadata {
    version = "1.0.0"
    author = "developer"
    description = "Simple analysis agent"
}

agent analyze_data(input: DataSet) -> Result {
    capabilities = ["data_analysis"]
    
    policy secure_analysis {
        allow: read(input) if input.anonymized == true
        deny: store(input) if input.contains_pii == true
        audit: all_operations with signature
    }
    
    with memory = "ephemeral", privacy = "high" {
        if (validate_input(input)) {
            result = process_data(input);
            audit_log("analysis_completed", result.metadata);
            return result;
        } else {
            return reject("Invalid input data");
        }
    }
}

---

Architecture Overview

graph TB
    A[Governance & Policy Layer] --> B[Core Rust Engine]
    B --> C[Agent Framework]
    B --> D[Tree-sitter DSL Engine]
    B --> E[Multi-Tier Sandboxing]
    E --> F[Docker - Low Risk]
    E --> G[gVisor - Medium/High Risk]
    B --> I[Cryptographic Audit Trail]

    subgraph "Scheduling & Execution"
        S[Cron Scheduler]
        H[Session Isolation]
        R[Delivery Router]
    end

    subgraph "Channel Adapters"
        SL[Slack]
        TM[Teams]
        MM[Mattermost]
    end

    subgraph "Context & Knowledge"
        J[Context Manager]
        K[Vector Database]
        L[RAG Engine]
        MD[Markdown Memory]
    end

    subgraph "Secure Integrations"
        M[MCP Client]
        N[SchemaPin Verification]
        O[Policy Engine]
        P[AgentPin Identity]
        SK[Skill Scanner]
    end

    subgraph "Observability"
        MET[Metrics Collector]
        FE[File Exporter]
        OT[OTLP Exporter]
    end

    C --> S
    S --> H
    S --> R
    R --> SL
    R --> TM
    R --> MM
    C --> J
    C --> M
    C --> SK
    J --> K
    J --> L
    J --> MD
    M --> N
    M --> O
    C --> P
    C --> MET
    MET --> FE
    MET --> OT

---

Use Cases

Development & Research

• Secure code generation and automated testing
• Multi-agent collaboration experiments
• Context-aware AI system development

Privacy-Critical Applications

• Healthcare data processing with privacy controls
• Financial services automation with audit capabilities
• Government and defense systems with security features

---

Project Status

v1.4.0 Production

Symbiont v1.4.0 is the latest stable release, delivering a complete AI agent framework with production-grade capabilities:

• Persistent Memory: Markdown-backed agent memory with facts, procedures, and learned patterns — retention-based compaction, daily logs, DSL memory block
• Webhook Verification: SignatureVerifier trait with HMAC-SHA256 and JWT implementations, built-in presets for GitHub, Stripe, Slack, and Custom providers — DSL webhook block
• HTTP Security Hardening: Loopback-only default binding, explicit CORS origin allow-lists, JWT EdDSA validation, health endpoint separation
• Skill Scanning: ClawHavoc scanner with 10 built-in rules detecting pipe-to-shell, env exfiltration, identity tampering, eval+fetch, base64 obfuscation, and destructive operations
• Metrics & Telemetry: File and OTLP exporters with composite fan-out, background collection, /metrics API endpoint
• Scheduling Engine: Cron-based task execution with session isolation, delivery routing, dead-letter queues, jitter, and concurrency limits
• Channel Adapters: Slack (community), Microsoft Teams and Mattermost (enterprise) with webhook verification and HMAC signing
• HTTP Input Module: Webhook server for external integrations with Bearer/JWT auth, rate limiting, and CORS
• DSL Extensions: schedule, channel, memory, and webhook blocks for declarative agent configuration
• AgentPin Identity: Cryptographic agent identity verification via ES256 JWTs with domain-anchored well-known endpoints
• Secrets Management: HashiCorp Vault, encrypted file, and OS keychain backends with runtime provider abstraction
• JavaScript & Python SDKs: Full API clients covering scheduling, channels, webhooks, memory, skills, metrics, and more

🔮 Planned Features

• Multi-modal RAG support (images, audio, structured data)
• Cross-agent knowledge synthesis and collaboration
• Federated agent networks with cross-domain trust
• Additional channel adapters (Discord, Matrix)

---

Community

• Documentation: Comprehensive guides and API references
  • API Reference
  • Scheduling Guide
  • HTTP Input Module
  • DSL Guide
  • Security Model
  • Runtime Architecture

• Packages: crates.io/crates/symbi

  npm symbiont-sdk-js

  PyPI symbiont-sdk

• Issues: GitHub Issues
• Discussions: GitHub Discussions
• License: Open source software by ThirdKey

---

Next Steps

🚀 Get Started

Follow our getting started guide to set up your first Symbiont environment.

Quick Start Guide

📖 Learn the DSL

Master the Symbiont DSL for building policy-aware agents.

DSL Documentation

🏗️ Architecture

Understand the runtime system and security model.

Architecture Guide