Authority Nanos

Appearance

Authority NanosThe Only Real Way to Run Computer Use Agents

Production-grade security for agents that control real systems

Get Started
View on GitHub
🔐

Cryptographic Authorization

HMAC-signed capabilities for every operation. No permission guessing, no ambient authority, no privilege escalation.

📝

Immutable Audit Trail

Hash-chained logs prove what the agent did (or didn't do). Tamper-evident, compliance-ready, incident-provable.

🚫

Fail-Closed by Default

Unknown operations denied, not allowed then logged. Zero-trust enforcement before execution, not after.

🤖

Tool Sandboxing

WASM-isolated tool execution with explicit capability passing. No shell escapes, no system access, no surprises.

Zero Privilege Escalation

No users, no sudo, no setuid, no capabilities. Single-process unikernel eliminates entire attack classes.

🎯

Built for Computer Use

Syscalls designed for autonomous agents controlling production systems, not human operators clicking buttons.

System Architecture

Request Flow

Every operation in Authority Nanos follows this security pipeline:

What is Authority Nanos?

Authority Nanos is a fork of Nanos that adds the Authority Kernel — a capability-based security layer purpose-built for running autonomous AI agents in production.

Security Model

Quick Example

Create a policy file (/ak/policy.json):

json
{
  "version": "1.0",
  "fs": {
    "read": ["/app/**", "/lib/**"],
    "write": ["/tmp/**"]
  },
  "net": {
    "dns": ["api.example.com"],
    "connect": ["dns:api.example.com:443"]
  },
  "profiles": ["tier1-musl"]
}

Build and run:

bash
authority build myapp -c config.json
authority run myapp

Deployment Options

Project Status

ComponentStatus
Core KernelStable
Authority KernelStable
Security Invariants (INV-1 to INV-4)Enforced
DocumentationActive

See the roadmap for upcoming features.

Apache 2.0 License

Copyright © 2024-present NanoVMs, Inc.