Karneleon
by Kordspace
Kordspace · Open Source · Rust-Native

The agentic-first operating substrate.

Karneleon is Kordspace's flagship open-source runtime for secure autonomous agents, local-first model routing, multi-runtime skills, memory, approvals, and auditable machine workflows.

Built in Rust. Designed for local intelligence. Governed by capabilities. Evolving toward an agentic OS layer.

View GitHubStart LocallyExplore Architecture
Rust
native core
Local
first models
Audit
by default
Leon
Skills
Ledger
Memory
MAGIC
Workers
Channels
Policy
Local Models
Karneleon Core
What Is Karneleon?

A secure runtime for autonomous work.

Karneleon gives AI agents a real operating environment. It coordinates tasks, skills, memory, model routing, approvals, events, and audit logs through a Rust-native core. Instead of giving agents unlimited access to your machine, Karneleon wraps autonomous work in explicit permissions, human review, and traceable execution.

Agent Runtime

  • Task scheduling
  • Agentic heartbeat
  • Workflow orchestration
  • Sub-agent delegation

Local-First Models

  • Local model routing
  • Cloud fallback
  • Provider abstraction
  • Machine-aware configuration

Secure Skills

  • Manifest-based tools
  • Capability requirements
  • Runtime sandboxing
  • Worker isolation

Memory Layer

  • Semantic retrieval
  • Context assembly
  • Session continuity
  • Knowledge persistence

Audit Ledger

  • Tamper-resistant records
  • Privileged action tracking
  • Integrity verification
  • Chain anchoring roadmap

Human Governance

  • Approval queue
  • Safe mode
  • Signed authority
  • Deny-by-default policies
Meet Leon

Meet Leon, the adaptive agent inside Karneleon.

Leon is the default agent identity for Karneleon. He interprets user intent, coordinates skills, requests approvals, and works within system boundaries — useful without being reckless, adapting to the environment while respecting the capability model.

Default Agent
Leon
Adaptive · Permission-aware · Memory-enhanced

Adaptive Reasoning

Interprets goals and context, chooses appropriate workflows, and coordinates model calls and skills.

Permission-Aware Action

Operates inside granted capabilities, requests approval for risky actions, and avoids unsafe autonomous behavior.

Memory-Enhanced Work

Uses stored context and knowledge, learns from approved workflows, and supports long-running projects.

Multi-Channel Presence

Desktop interface, CLI workflows, chat adapters, and a voice gateway on the roadmap.

"Leon does not replace the operator. Leon helps the operator command the machine with memory, permission, and traceability."

The Trajectory

From local agent runtime to agentic operating layer.

Most operating systems were designed before AI agents became active participants in computing. Karneleon imagines a new layer where agents are not loose scripts or browser tabs, but permissioned system citizens with identity, memory, tools, policies, approvals, and audit trails.

Stage 1

Agent Runtime

Current foundation
  • Rust orchestration core
  • Local-first model routing
  • Task scheduling
  • Worker execution
  • Skill manifests
  • Desktop and CLI access
Stage 2

Agentic Workspace

Near-term direction
  • Stronger Leon identity
  • Expanded Skill Book
  • Better approvals
  • Richer memory
  • Workflow templates
  • Developer workspace automation
  • Customer solution accelerators
Stage 3

Agentic OS Layer

Long-term direction
  • Linux-adjacent services
  • Local model daemon orchestration
  • Agent permission model
  • Native policy and audit services
  • Agent userland concepts
  • Skill package ecosystem
  • Secure autonomous system workflows

Karneleon is not presented as a completed operating system. The OS direction is a roadmap: a long-term effort to move agentic infrastructure closer to the machine.

System Components

The Karneleon system stack.

Karneleon Core

The Rust orchestrator that coordinates APIs, events, task scheduling, workers, policies, memory, and agentic execution.

Leon

The default adaptive agent identity that interprets intent and coordinates safe autonomous workflows.

Skill Book

A curated catalog of tools and skills that agents can activate and execute through approved runtimes.

Workers

Execution runtimes for Node.js, Python, WebAssembly, and native Rust operations.

Policy Engine

The deny-by-default permission layer that controls what agents and skills are allowed to do.

Ledger

A tamper-resistant audit trail for privileged actions, agent decisions, and security-relevant events.

Memory

A semantic retrieval and context layer for sessions, knowledge, learned patterns, and reusable context.

MAGIC

An entropy and context variation layer for non-deterministic selection, mantra rotation, and integrity workflows.

Channels

Communication adapters for connecting Karneleon to chat, voice, and external interaction surfaces.

Desktop UI

A native interface for monitoring tasks, approvals, skills, events, agents, settings, and system state.

Architecture

Built like infrastructure, not a toy agent loop.

Every layer is explicit. Every powerful action passes through capability boundaries. Skills execute in isolated runtimes. Context and audit are not optional.

Layer 1
Interfaces
Desktop UICLIChannelsAPI
Layer 2
Leon · Agentic Orchestration
ReasoningPlanningSub-agentsApprovals
Layer 3
Karneleon Core (Rust)
SchedulerEvent BusTask GraphHeartbeat
Layer 4
Policy · Memory · Ledger · MAGIC
CapabilitiesContextAuditEntropy
Layer 5
Workers
Node.jsPythonWASMNative Rust
Layer 6
Model Gateway
Local LLMsCloud FallbackProvider Routing
Security Model

Agents need boundaries.

Karneleon is built around the belief that autonomous agents should not receive blanket trust. The more powerful an agent becomes, the more important it is to define what it can access, what it can change, what requires approval, and what must be recorded.

Capability-Based Permissions

Agents and skills require explicit capabilities before performing privileged actions.

File readFile writeNetwork accessGit operationsShell executionExternal messagingDeployment workflows

Approval Queue

Risky actions pause for human review before execution.

Delete filesModify production configurationSend external communicationsRun destructive commandsAccess sensitive secretsDeploy to live infrastructure

Safe Mode

An emergency brake for autonomous workflows that suspends risky capabilities and narrows the system to controlled operations.

Audit Ledger

Privileged events are recorded into a tamper-resistant audit trail so autonomous work can be reviewed, verified, and improved.

Signed Authority

Owner-signed authority and worker identity, so operators can prove who requested, approved, and executed sensitive actions.

Skills & Workers

A real skill system for real machines.

Karneleon agents become useful through skills. Each skill declares what it does, which runtime it needs, which capabilities it requires, and how it should be sandboxed. Practical automation without turning every tool into an unbounded security risk.

CodeResearchCommunicationCreativeDataAutomationQuantum
Runtime

Node.js Worker

Web automation, API integrations, JavaScript tooling, and compatibility with existing automation ecosystems.

Runtime

Python Worker

Machine learning, data analysis, browser automation, research tools, and scripting.

Runtime

WebAssembly Worker

Portable, sandboxed, future-facing skill execution.

Runtime

Native Rust Worker

High-performance trusted operations: file hashing, Git status, directory scanning, Docker inspection, system utilities.

skill.manifest.json
workspace-search.skill.json
{
  "name": "workspace-search",
  "description": "Searches a local project workspace for matching files and symbols.",
  "runtime": "wasm",
  "version": "1.0.0",
  "capabilities_required": ["fs.read"],
  "sandbox": {
    "network": "disabled",
    "max_memory_mb": 128
  },
  "metadata": {
    "emoji": "🔎",
    "tags": ["code", "workspace", "search"]
  }
}
Local-First Models

Run intelligence close to the machine.

Karneleon is designed around local-first AI. Run agents on your own machines, route tasks to local models, and use cloud providers selectively when higher reasoning power or specialized capabilities are needed.

Local Model Routing

  • Prioritize local inference where possible
  • Reduce dependency on external APIs
  • Keep sensitive workflows closer to the operator

Cloud Fallback

  • Route complex tasks to remote providers when needed
  • Maintain flexibility across model ecosystems
  • Avoid locking to a single AI vendor

Machine Profiles

  • Configure behavior based on CPU, GPU, VRAM, RAM, and workload

Provider Gateway

  • Abstract model providers behind a unified routing layer
  • Support experimentation across local and hosted models

Standard Workstation

For developers running compact local models with optional cloud fallback.

Performance Workstation

For heavier local reasoning, larger models, and higher worker concurrency.

Server / Lab Machine

For always-on agentic infrastructure, shared workspaces, and experimental OS-layer services.

Memory · Ledger · Learning

Memory for continuity. Ledger for trust. Learning for momentum.

Pillar 1

Memory

Karneleon assembles relevant context, retrieves useful knowledge, and supports long-running projects without starting from zero every session.

Pillar 2

Ledger

A traceable history of privileged actions, approvals, and execution events — the accountability layer for autonomous work.

Pillar 3

Learning Artifacts

Karneleon turns repeated success into reusable knowledge, helping Leon and other agents improve without losing human oversight.

Use Cases

What Karneleon can power.

Developer Workstation Automation

Scan projects, identify TODOs, queue tasks, run tests, inspect errors, and coordinate code-related skills.

Secure AI Operations

Create controlled agent workflows where sensitive actions require permissions, approvals, and logs.

Local AI Research Lab

Experiment with local models, provider routing, memory systems, and multi-agent workflows.

Customer Solution Runtime

A Kordspace foundation for custom client systems that need secure automation, AI-assisted operations, and local-first control.

Agentic Desktop Companion

Leon as a persistent reasoning companion for tasks, notes, project management, code workflows, and system operations.

Future OS Experiments

A foundation for Linux-adjacent agent services, model daemons, skill packages, and agent-native desktop workflows.

Roadmap

The road to an agentic OS layer.

  1. Phase 1

    Public Brand and Marketing Foundation

    • Launch Karneleon website
    • Establish visual identity
    • Introduce Leon
    • Clarify positioning as a Kordspace flagship
    • Create GitHub-focused contributor funnel
  2. Phase 2

    Developer Experience

    • Improve setup flows
    • Polish CLI onboarding
    • Improve desktop UI clarity
    • Add local model profile guidance
    • Expand example workflows
    • Improve logs and diagnostics
  3. Phase 3

    Skill Ecosystem

    • Expand Skill Book categories
    • Improve skill activation
    • More WASM-first skills
    • Skill templates
    • Contributor documentation
    • Public skill showcase
  4. Phase 4

    Secure Agent Workspace

    • Strengthen approval flows
    • Improve safe mode
    • Expand policy templates
    • Audit ledger visualization
    • More worker sandboxing controls
    • Operator dashboards
  5. Phase 5

    Kordspace Solution Layer

    • Customer solution accelerators
    • Agency workflows
    • Templates for client automation
    • Commercial support pathways
    • Reference implementations
  6. Phase 6

    Agentic OS Research

    • Linux service integration
    • Agent userland concepts
    • Local model daemon orchestration
    • Native agent shell experiences
    • Policy-bound system automation
    • Long-term OS distribution strategy
Quick Start

Start Karneleon locally.

Clone the repo, build the Rust core, and run your first agentic workflow with Leon in minutes.

zsh — karneleon
$ git clone https://github.com/kordspace/karneleon.git
$ cd karneleon
 
$ cargo build --release
$ karneleon init
$ karneleon start
Clone on GitHub Read Setup Docs
Open Source · MIT-Spirited · Kordspace

Help build the agentic-first operating substrate.

Karneleon is for developers who believe AI agents need more than prompts. They need runtimes, permissions, memory, skills, audit trails, and local-first infrastructure. Contributors can help build skills, improve workers, harden security, polish the desktop UI, expand documentation, and shape the long-term agentic OS roadmap.

Star on GitHubRead Contributor GuideBuild a SkillExplore the Roadmap