{
"$schema": "https://context7.com/schema/context7.json",
"url": "https://context7.com/thirdkeyai/symbiont",
"public_key": "pk_Ehy7QXQTu2Keb0e5BNeyx",
"projectTitle": "Symbiont",
"description": "AI-native agent runtime with typestate-enforced ORGA reasoning loop, Cedar policy authorization, knowledge bridge, zero-trust security, multi-tier sandboxing, webhook verification, markdown memory persistence, skill scanning, metrics collection, scheduling, channel adapters, and a declarative DSL. Part of the ThirdKey trust stack (SchemaPin → AgentPin → Symbiont).",
"folders": [
"SKILL.md",
"README.md",
"docs/getting-started.md",
"docs/dsl-guide.md",
"docs/dsl-specification.md",
"docs/api-reference.md",
"docs/runtime-architecture.md",
"docs/security-model.md",
"docs/scheduling.md",
"docs/http-input.md",
"docs/native-execution-guide.md",
"docs/repl-guide.md",
"docs/reasoning-loop.md",
"docs/index.md",
"docs/docker.md",
"docs/contributing.md",
"agents"
],
"excludeFolders": [
"**/target",
"**/node_modules",
"src",
"crates",
"docs/assets",
"docs/_sass",
"docs/_includes",
"docs/_plugins",
"docs/plans",
"enterprise",
"scripts",
"docker",
"tools",
"examples"
],
"excludeFiles": [
"**/*.png",
"**/*.jpg",
"**/*.ico",
"**/*.rs",
"**/*.lock",
"docs/*.de.md",
"docs/*.es.md",
"docs/*.ja.md",
"docs/*.pt.md",
"docs/*.zh-cn.md",
"README.de.md",
"README.es.md",
"README.ja.md",
"README.pt.md",
"README.zh-cn.md",
"CHANGELOG.md",
"ROADMAP.md",
"SECURITY.md",
"CODE_OF_CONDUCT.md",
"Cargo.toml",
"Cargo.lock",
"deny.toml",
"Dockerfile",
".dockerignore",
".gitignore"
],
"rules": [
"Symbiont uses a declarative DSL for agent definitions — metadata, agent blocks, policy blocks, and with-clauses for memory/security/timeout configuration",
"Zero-trust by default: all inputs are untrusted, explicit allow/deny policies required, multi-tier sandboxing (Docker → gVisor → Firecracker)",
"Policy-as-code: security rules are declared inline with 'policy' blocks containing allow, deny, require, and audit directives",
"Workspace crates: runtime (core engine with http-input, http-api, vector-db features), dsl (parser + compiler), channel-adapter (Slack/Teams/Mattermost), repl-core/repl-cli/repl-lsp (REPL tooling)",
"Webhook verification: HmacVerifier and JwtVerifier with provider presets for GitHub, Stripe, Slack — constant-time signature comparison",
"Markdown memory persistence: agent context stored as markdown files with daily logs, retention-based compaction, and atomic writes",
"Skill scanning: 10 built-in ClawHavoc security rules detect pipe-to-shell, env file references, SOUL.md tampering, eval+fetch, base64-decode-exec, rm-rf, chmod-777",
"Metrics collection: FileMetricsExporter (atomic JSON), CompositeExporter (fan-out), background MetricsCollector — runtime exposes /metrics/snapshot, /metrics/scheduler, /metrics/system endpoints",
"SchemaPin integration for MCP tool schema verification; AgentPin integration for agent identity credentials (ES256 only)",
"Reasoning loop uses typestate-enforced ORGA cycle (Observe-Reason-Gate-Act) with compile-time phase transition safety — Reasoning → PolicyCheck → ToolDispatching → Observing",
"Cedar policy gate (feature-gated behind 'cedar') uses cedar-policy crate Authorizer::is_authorized() for formal authorization — entity types: Agent (principal), Action (action), Resource (resource)",
"Journal system emits all 7 LoopEvent variants (Started, ReasoningComplete, PolicyEvaluated, ToolsDispatched, ObservationsCollected, Terminated, RecoveryTriggered) for durable execution and crash recovery",
"Knowledge bridge provides context-aware reasoning: vector-backed retrieval, automatic learning persistence, and knowledge-aware tool execution via KnowledgeAwareExecutor"
]
}