Welcome to Scarab-Runtime
Scarab-Runtime is an AI-agent-first runtime built on Linux. It provides first-class primitives for agent identity, capability-based security, tool invocation, and lifecycle management, all implemented in userspace using existing Linux kernel primitives.
What is Scarab-Runtime?
Traditional operating systems manage processes. Scarab-Runtime manages agents: long-running, LLM-driven programs that reason, plan, use tools, and communicate with each other. Agents are:
- Isolated by capability tokens, seccomp-BPF, AppArmor profiles, cgroups, and nftables rules
- Audited - every action is written to an append-only, tamper-evident log
- Observable - structured per-agent observation logs capture the full reasoning trace
- Composable - agents can spawn children, communicate over a message bus, and share state via a blackboard
Components
| Component | Binary | Purpose |
|---|---|---|
| agentd | agentd | Core daemon: agent lifecycle, tool dispatch, capability enforcement, audit logging |
| ash | ash | CLI shell for spawning, inspecting, terminating, and configuring agents |
| libagent | (library) | Shared types, manifest parser, IPC protocol, Agent SDK |
| example-agent | example-agent | Reference implementation of the Plan→Act→Observe loop |
Audiences
This documentation is written for two audiences:
- Operators - people who run
agentd, spawn agents, manage secrets, review audit logs, and approve sensitive operations. Start with Getting Started. - Agent developers - Rust programmers writing agent binaries using
libagent. Start with the Developer Guide.