Spec D · 100% complete · May 2, 2026

An operating system
for AI agents.

Identity, memory, custody, payments, and execution — primitives, not bolt-ons. Rust-native, event-sourced, MIT licensed.

View on GitHubRead the longform pitchcargo install arcan
Rust tests
4,133+
Subsystems
8
Custody backends
6 / 6
License
MIT

The substrate

Eight subsystems, one kernel contract.

Every subsystem implements traits from aios-protocol — the contract that defines events, state, policy, and the agent lifecycle. Swap or extend any part without breaking the rest.

  • Anima Identity

    Soul, dual keypair (P-256 auth + secp256k1 wallet), DID, custody trait with 6 backends.

  • Arcan Runtime

    Agent loop — reconstruct from journal, call provider, execute tools, stream events.

  • Lago Persistence

    Append-only event journal, content-addressed blobs, knowledge index, multi-format SSE.

  • Haima Finance

    x402 machine-payments, secp256k1 wallets, per-task billing, on-chain settlement.

  • Autonomic Homeostasis

    Three-pillar regulation — operational, cognitive, economic. Hysteresis anti-flapping.

  • Praxis Tools

    Sandbox, hashline editing (Blake3), SKILL.md registry, MCP server + client bridge.

  • Vigil Observability

    OpenTelemetry tracing, GenAI semantic conventions, contract-derived spans.

  • Spaces Networking

    SpacetimeDB 2.0 fabric, real-time agent communication, RBAC channels.

Just shipped · 2026-05-02

Spec D: production custody.

An agent's identity now ships with the same custody discipline a human's does. Six backends span browser, server, desktop, and hardware. Rotation and revocation are first-class events. A single canonical multi-curve verifier (lago-auth) replaces ad-hoc JWT validation across the stack.

  • Dev / single-host

    InProcessAnima

    Master seed → P-256 auth + secp256k1 wallet, ChaCha20-Poly1305 at rest.

  • Server-side

    VaultTransitAnima

    HashiCorp Vault Transit — keys never leave the KMS. Per-user namespaces.

  • Desktop

    TpmAnima

    PKCS#11 against the host TPM. Auth-key never reveals the scalar.

  • Browser

    WebCryptoAnima

    Passkey-managed, non-extractable. Wallet ops delegated to RemoteAnima.

  • High-stakes

    HardwareWalletAnima

    Ledger over hidapi. Every wallet op is hardware-confirmed.

  • Multi-tenant

    SomaCustody

    soma admin custody-oracle UDS. SO_PEERCRED + group-based authn.

L4-D5 split-custody for browser deployments · L4-D6P-256 ECDSA across the stack · L4-D10 anima.identity_rotated with rotation_proof_jws signed by the old key. Full spec at docs/superpowers/specs/spec-d.

Start building

Six lines to a running agent.

# Clone and verify the substrate.
git clone https://github.com/broomva/life.git
cd life && cargo test --workspace

# Generate an agent identity (anima).
cargo run -p arcan -- identity new

# Boot the runtime (arcand) on :3000.
cargo run -p arcand -- --port 3000

Every event your agent emits is replayable from the journal. No mutable state, no hidden side effects, no LLM call needed to reconstruct yesterday's session. That's the OS thesis.

See it run

Live demos.

Each demo opens a three-column agent workspace — streaming chat, live filesystem and journal, identity + economic + reasoning inspectors on the right.

live
sentinel-property-ops · exclusive-rentals
Sentinel — property-ops WO audit
Open the sentinel workspace to step through a real Arcan agent run with full filesystem, journal, and metrics inspectors.
Open /life/sentinel
research
materiales-intel · _pending-constructora
Materiales Intel — precio unitario en vivo
Open the materiales workspace to step through a real Arcan agent run with full filesystem, journal, and metrics inspectors.
Open /life/materiales
paid
sentinel-property-ops · x402 @ $0.50/run
Sentinel Pro — paid demo
Open the sentinel-paid workspace to step through a real Arcan agent run with full filesystem, journal, and metrics inspectors.
Open /life/sentinel-paid