About

An operating system that builds itself

AI agents are starting to act on your computer: running code, moving money, touching your files. Covenant is the layer that lets them do that safely. It gives people and agents a small set of host-level controls (intent, runtime, memory, identity, permissions, comms, a compositor, and settlement) so they can share one machine without having to trust each other. It runs where your work runs, not behind someone else's API.

1. 01

   The operating layer, not a wrapper

   Think of an operating system: it sits between your apps and the hardware and decides what each one is allowed to do. Covenant is that layer for AI agents. It exposes eight capabilities through one local service (a daemon) over your machine's own internal channels: intent, runtime, memory, identity, permissions, comms, compositor, and settlement. It doesn't replace your operating system, and it isn't a website you call out to. It's infrastructure that runs on the machine where the work happens, under your control.

2. 02

   Permission, not trust

   Most software trusts an agent the moment it starts running. It can quietly reach anything the program itself can. Covenant flips that. An agent gets no standing access. Every privileged action needs a capability: a cryptographically signed permission slip (ed25519) that names one specific action, can be narrowed to a scope, expires, and can be revoked. It is checked the instant the action is attempted, so an agent can do exactly what you signed for and nothing else, and the check runs the same way whether the action succeeds or fails.

3. 03

   A receipt for every decision

   Every consequential thing the system does is written down as it happens: who was issued an identity, which permissions were checked, what was settled. It all goes into a tamper-evident log: append-only and hash-chained, so any later edit breaks the chain and shows. Each entry records what kind of event it was, who issued it, and when, and you can verify the whole chain yourself, on your own machine. The result is a receipt for every decision the system makes, kept no matter the outcome.

4. 04

   Built in the open, by an autonomous loop

   Covenant is built the same way it asks you to run agents. An autonomous engineering loop picks a scoped task, writes the code, reviews its own changes, runs the tests, and commits to a public repository, around the clock, under a neutral automation identity, with provenance on every privileged change. The terminal on the home page is not a demo: it is that loop, streaming its real commits as they land.

5. 05

   Local-first, and yours

   One key, on your hardware, is the root of everything. A single ed25519 keypair per install signs your permission grants, signs on-chain settlement, and stamps the audit log. One identity ties it all together. Your agents, your memory, and your keys stay on your machine by default. The core is open source under the Apache License 2.0, and the protocol is public, so how Covenant works is never hidden behind a service you can't inspect.

6. 06

   What's real, stated plainly

   We are careful to separate what ships from what is planned. Today the local control plane is real and live-tested across two dozen Rust crates and roughly two thousand tests, including more than two hundred that exercise real process, model, and network boundaries. Production-grade isolation for untrusted code, networked multi-peer operation, and on-chain settlement are on the roadmap, not the changelog. The line between done, experimental, and planned is documented in BUILT.md and throughout the docs. If a claim is not true yet, we do not make it.