Skip to content

A3S-Lab/a3s

BranchesTags

Repository files navigation

A3S

Agentic Adaptive Augmentation System

An Agent Operating System — VM-isolated execution, privacy-aware security proxy, and agentic evolution

Overview

A3S is an Agent Operating System. It provides the full stack for declaring, packaging, deploying, securing, and evolving AI agents at scale.

a3s-box (VM runtime — standalone CLI or K8s RuntimeClass)
  └── MicroVM (TEE hardware encryption when available, VM isolation always)
      ├── SafeClaw (security proxy — classify, sanitize, audit)
      └── Your Agent (built with a3s-code framework + a3s-lane scheduling)

a3s-gateway (K8s Ingress Controller — routes traffic, app-agnostic)

A3S Code is a coding agent framework — not a standalone service. Import it as a library (a3s-code-core) and build agents with Agent::new("agent.hcl") or Agent::from_config(config). All subsystems (tools, hooks, security, memory, MCP, planning, subagents) are embedded in the library and active by default. Complex tasks are decomposed into dependency graphs and independent steps execute in parallel via wave-based scheduling (tokio::JoinSet).

A3S Gateway and A3S Box are the two infrastructure components. They are application-agnostic — they don't know or care what runs inside the VM.

Architecture

                         External Traffic (Internet / Messaging Platforms)
          ┌───────┬───────┬───────┬───────┬───────┬──────────┐
          │Telegram│ Slack │ Feishu│DingTalk│WebChat│ HTTP/gRPC│
          └───┬───┴───┬───┴───┬───┴───┬───┴───┬───┴────┬─────┘
              └───────┴───────┴───────┴───────┘        │
                              │                        │
       Standalone: direct     │     A3S OS: via Ingress│
                              │                        │
                ┌─────────────▼────────────────────────▼───────┐
                │            a3s-gateway (optional)             │
                │         K8s Ingress Controller                │
                │  TLS/ACME · Auth · Rate Limit · CORS         │
                │  Privacy Routing · Load Balancing             │
                │  App-agnostic: doesn't know what's behind it  │
                └──────────────────┬───────────────────────────┘
                                   │
                ┌──────────────────▼───────────────────────────┐
                │              a3s-box MicroVM                   │
                │  VM isolation always · TEE (SEV-SNP / TDX)    │
                │                                              │
                │  ┌────────────────────────────────────────┐  │
                │  │       SafeClaw (security proxy)         │  │
                │  │  Channels(7) · Classify · Inject Detect │  │
                │  │  Taint Track · Output Sanitize · Audit  │  │
                │  │  TeeRuntime (self-detect /dev/sev-guest) │  │
                │  └──────────────────┬─────────────────────┘  │
                │                     │ library API              │
                │  ┌──────────────────▼─────────────────────┐  │
                │  │  Your Agent (built with a3s-code)        │  │
                │  │  Agent::new() · Tools · LLM Calls          │  │
                │  │  a3s-lane scheduling · Skills · Memory   │  │
                │  └────────────────────────────────────────┘  │
                └──────────────────────────────────────────────┘
                       │              │
                 ┌─────▼────┐  ┌─────▼────┐
                 │ a3s-power│  │a3s-search│
                 │ LLM Eng. │  │ Search   │
                 └──────────┘  └──────────┘

  Shared: a3s-common (PII classification, tools, transport) · a3s-transport (vsock framing)
  Observability: OpenTelemetry spans · Prometheus metrics · SigNoz dashboards
Layer Component Role
Ingress a3s-gateway K8s Ingress Controller: TLS, auth, privacy routing, load balancing, token metering
VM Runtime a3s-box MicroVM isolation + TEE (SEV-SNP/TDX), 52-command CLI, CRI for K8s, Prometheus metrics, audit logging
Security Proxy SafeClaw 7-channel routing, privacy classification, injection detection, taint tracking, output sanitization, audit
Agent Framework a3s-code Embeddable library: config-driven Agent/AgentSession, 14 tools, skills, subagents, memory, parallel plan execution
Scheduling a3s-lane Per-session priority queue: 6 lanes, concurrency, retry, dead letter
Infrastructure a3s-power / a3s-search LLM inference / meta search
Shared a3s-common PII classification, tool types & redaction / vsock frame protocol

Projects

Project Version Description Docs
a3s-code 0.8.0 AI coding agent framework — parallel plan execution, 14 tools, skills, subagents, memory README
a3s-lane 0.4.0 Per-session priority queue — 6 lanes, concurrency, retry/DLQ README
a3s-box 0.5.2 MicroVM sandbox runtime — VM isolation + TEE (SEV-SNP/TDX), Docker-like CLI (52 commands), CRI for K8s, 1,504 tests README
SafeClaw 0.1.0 Security proxy — privacy classification, taint tracking, injection detection README
a3s-gateway 0.1.0 K8s Ingress Controller — reverse proxy, middlewares, privacy routing README
a3s-power 0.2.0 Local LLM inference engine — Ollama + OpenAI compatible API README
a3s-search 0.8.0 Meta search engine — 8 engines, consensus ranking README
a3s-event 0.3.0 Pluggable event system — provider-agnostic pub/sub, encryption README
a3s-updater 0.2.0 Self-update for CLI binaries via GitHub Releases Source

Community

Join us on Discord for questions, discussions, and updates.

License

MIT — see LICENSE.

Built by A3S Lab

About

a3s-lab.github.io/a3s/

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

a3s-code v0.3.1 Latest
Feb 11, 2026

Packages

No packages published

Contributors 2

  •  
  •  

Languages