Get started Install Quickstart CLI reference

Philosophy Non-negotiables (ADR-0001)Depend on AgentsKit (ADR-0002)

Architecture overview @agentskit/os-core Workspace model Event bus (ADR-0005)Principal & RBAC (ADR-0006)Error model (ADR-0007)Distribution tiers (ADR-0014)

Packages @agentskit/os-core @agentskit/os-cli @agentskit/os-flow @agentskit/os-runtime @agentskit/os-runtime-agentskit @agentskit/os-storage @agentskit/os-audit @agentskit/os-plugins @agentskit/os-sandbox @agentskit/os-templates @agentskit/os-import @agentskit/os-marketplace-sdk

planned

@agentskit/os-desktop (planned)@agentskit/os-ui (planned)@agentskit/os-triggers (planned)@agentskit/os-marketplace (planned)@agentskit/os-observability (planned)@agentskit/os-security (planned)@agentskit/os-cloud-sync (planned)@agentskit/os-generative (planned)@agentskit/os-collab (planned)@agentskit/os-mcp-bridge (planned)

Flow overview Multi-agent patterns (RFC-0003)Run modes (ADR-0009)

Audit log signing (ADR-0008)Sandbox levels (ADR-0010)Egress default-deny (ADR-0011)

Roadmap Release readiness Architecture Decision Records Requests for Comments

Security

Audit log signing (ADR-0008)

Tamper-evident audit trail via Merkle batch chain, HSM-ready.

Every interesting event lands in the audit log. The log is structured for SOC 2, HIPAA, and GDPR review without per-event signing overhead.

Shape

Events stream through the os-core bus.
@agentskit/os-audit batches them into Merkle trees.
Each batch's root references the previous batch's root, forming a chain.
The chain head can be signed via HSM / KMS in production deployments.

What this gives you

Tamper-evident by design — flipping one event invalidates the chain.
Per-event verifiability without per-event signature cost.
Forwards-compatible with SIEM ingestion.
Air-gap-friendly — chain export is a single file, importable into any external auditor's verifier.

Source: ADR-0008.

Previous

Run modes (ADR-0009)

Next

Sandbox levels (ADR-0010)

On this page

Shape What this gives you