KRAIT

Kill-switched · Reproducible · Auditable · Intelligent · Taskrunner

Open-source polyglot self-evolving AI agent. Every mutation is cryptographically proven. Evolves skills in 6 languages — you hold the keys.

Watch it think

Why Krait

The agent with judgment.

Others gave AI hands. We gave it a spine — and a kill switch.

Typical Agent	Krait
NoSingle-threaded crash = total death	YesBEAM supervision trees — self-healing
NoPlain-text credential storage	YesShort-lived JWTs + encrypted vault
NoAgent can `rm -rf /` on host	YesEphemeral Docker sandboxes via FLAME
NoSelf-mod = immediate execution	YesGit branch → PR → human merge → deploy
NoWhatever LLM outputs, runs	Yes7 KRAIT rules + allowlist + taint analysis
NoPython-only, single language	Yes6-language polyglot NIF (Elixir, Python, JS/TS, Go, Rust)
NoPrompt injection → credential exfil	YesSandbox has no host mounts — nowhere to go

Typical Agent

Single-threaded crash = total death

Krait

BEAM supervision trees — self-healing

Typical Agent

Plain-text credential storage

Krait

Short-lived JWTs + encrypted vault

Typical Agent

Agent can rm -rf / on host

Krait

Ephemeral Docker sandboxes via FLAME

Typical Agent

Self-mod = immediate execution

Krait

Git branch → PR → human merge → deploy

Typical Agent

Whatever LLM outputs, runs

Krait

7 KRAIT rules + allowlist + taint analysis

Typical Agent

Python-only, single language

Krait

6-language polyglot NIF (Elixir, Python, JS/TS, Go, Rust)

Typical Agent

Prompt injection → credential exfil

Krait

Sandbox has no host mounts — nowhere to go

Live Feed

Watch it evolve.

Every PR the agent opens against itself is a visible artifact of machine cognition — shareable, auditable, real.

Evolution Feed

0 evolutions

The 7 Laws

What the agent can never do.

Enforced structurally via AST analysis in 6 languages — not string matching, not vibes. These rules are in the immutable core.

critical

KRAIT-001

No Code Eval

No eval() in any language. Elixir: Code.eval_string. Python: eval/exec. JS: eval/new Function. Go: reflect.

critical

KRAIT-002

No Shell Execution

No shell execution across all languages. Elixir: System.cmd. Python: subprocess/os. JS: child_process. Go: os/exec.

critical

KRAIT-003

No Credential Access

Taint analysis blocks file reads on ~/.ssh, ~/.aws, .env, and all secrets paths.

high

KRAIT-004

No Network Exfil

Raw HTTP clients are blocked. Outbound calls must go through the allowlisted WebFetch skill.

critical

KRAIT-005

No Hot Code Loading

No Code.load_file, no Node.connect. The BEAM runtime is sealed.

critical

KRAIT-006

No Core Tampering

Generated code cannot reference immutable paths — the analyzer, the rules, the validator.

critical

KRAIT-007

No Recursive Self-Mod

The evolution system itself is off-limits. The agent evolves skills, not its own evolution machinery.

Architecture

Immutable core. Mutable periphery.

The agent is a contributor with no merge rights. It can conceive, write, validate, and propose — never deploy.

InterfaceGateway

CognitionBrain (ReAct)

StorageMemory

▲ mutable periphery

ProposeEvolution

ValidatePolyglot NIF

GateGitHub PR

▼ immutable core — read only

SecurityAnalyzer

PolicyKRAIT Rules

SandboxFLAME + Docker