KRAIT

Kill-switched · Reproducible · Auditable · Intelligent · Taskrunner

Open-source self-modifying AI agent. Every mutation is cryptographically proven. The agent evolves — you hold the keys.

Watch it think

Why Krait

The agent with judgment.

Others gave AI hands. We gave it a spine — and a kill switch.

Typical Agent

Krait

✗Single-threaded crash = total death

✓BEAM supervision trees — self-healing

✗Plain-text credential storage

✓Short-lived JWTs + encrypted vault

✗Agent can rm -rf / on host

✓Ephemeral Docker sandboxes via FLAME

✗Self-mod = immediate execution

✓Git branch → PR → human merge → deploy

✗Whatever LLM outputs, runs

✓111 security rules + taint analysis

✗Prompt injection → credential exfil

✓Sandbox has no host mounts — nowhere to go

Live Feed

Watch it evolve.

Every PR the agent opens against itself is a visible artifact of machine cognition — shareable, auditable, real.

Evolution Feed

0 evolutions

The 7 Laws

What the agent can never do.

Enforced structurally via AST analysis — not string matching, not vibes. These rules are in the immutable core.

critical

KRAIT-001

No Code Eval

No Code.eval_string, no :erl_eval. Generated code must not evaluate arbitrary code at runtime.

critical

KRAIT-002

No Shell Execution

No System.cmd, no Port.open. The agent cannot spawn processes on the host.

critical

KRAIT-003

No Credential Access

Taint analysis blocks file reads on ~/.ssh, ~/.aws, .env, and all secrets paths.

high

KRAIT-004

No Network Exfil

Raw HTTP clients are blocked. Outbound calls must go through the allowlisted WebFetch skill.

critical

KRAIT-005

No Hot Code Loading

No Code.load_file, no Node.connect. The BEAM runtime is sealed.

critical

KRAIT-006

No Core Tampering

Generated code cannot reference immutable paths — the analyzer, the rules, the validator.

critical

KRAIT-007

No Recursive Self-Mod

The evolution system itself is off-limits. The agent evolves skills, not its own evolution machinery.

Architecture

Immutable core. Mutable periphery.

The agent is a contributor with no merge rights. It can conceive, write, validate, and propose — never deploy.

InterfaceGateway

→

CognitionBrain (ReAct)

→

StorageMemory

▲ mutable periphery

ProposeEvolution

→

ValidateNarsil NIF

→

GateGitHub PR

▼ immutable core — read only

SecurityAnalyzer

PolicyKRAIT Rules

SandboxFLAME + Docker