·2 min read·Ryvos Team

Introducing Ryvos

announcementopen-source

:::caution[Updated] Since this post, Ryvos has evolved to a constitutional self-learning safety model. Tools are no longer blocked by tier — the agent reasons about safety using learned principles. Read the current security docs → :::

Introducing Ryvos

Today we're open-sourcing Ryvos — an autonomous AI assistant built from the ground up in Rust with a single conviction: AI agents should be safe by default.

The Problem We Saw

AI coding assistants are incredible. They write code, debug issues, deploy infrastructure. But they all share a dangerous flaw: they run with your permissions, execute arbitrary commands, and have zero guardrails.

We've seen agents:

  • Run rm -rf / without blinking
  • Leak API keys to third-party logging services
  • Execute untrusted code from the internet
  • Make production database changes without confirmation

This isn't hypothetical. It's happening today, in production, at real companies.

Our Approach

Ryvos classifies every action into one of five security tiers (T0–T4). Safe operations like reading files execute instantly. Dangerous operations like deleting data are blocked automatically. Everything in between follows a clear approval flow.

On top of tier classification, Ryvos can run shell commands inside Docker containers with no network access, read-only mounts, and resource limits. A Guardian watchdog monitors for doom loops, stalls, and budget overruns in real time.

Why Rust

We chose Rust for three reasons:

  1. Memory safety — No garbage collector, no null pointer exceptions, no data races
  2. Performance — Sub-millisecond tool dispatch, 15MB memory footprint
  3. Reliability — If it compiles, it works. The type system catches entire classes of bugs at compile time.

39,000 lines of Rust across 10 crates. Zero unsafe blocks. Zero dependencies on Python or Node.js at runtime.

What's Included

  • 5-tier security model with configurable policies
  • Docker sandboxing for isolated execution
  • Multi-channel support — Terminal, TUI, Web, Telegram, Discord, Slack
  • MCP protocol support for tool interoperability
  • Drop-in skills — extend Ryvos with custom tools
  • Any LLM backend — Ollama, Groq, OpenRouter, or your own
  • Goal-driven execution — agents run until the task is done, not until turns run out
  • Cron scheduler — recurring tasks with persistent state across restarts
  • Checkpoint / resume — crashes recover automatically

Get Started

curl -fsSL https://raw.githubusercontent.com/Ryvos/ryvos/main/install.sh | sh
ryvos init
ryvos

Three commands. That's it.

Check out the documentation to learn more, or star us on GitHub.