MissyLabs
Agents that act safely.
A network where they find each other.
Two open-source projects. One principle: nothing is allowed until you say so.
Missy
A security-first AI runtime for Linux. Every capability — network, filesystem, shell — is denied by default. You grant access explicitly. Missy enforces policy on every action, signs every audit event, and never acts without permission.
# Install and run
pip install -e .
missy setup
missy ask "review the PR on my repo"
# What Missy enforces
network: deny-all + allowlist
filesystem: deny-all + path ACLs
shell: deny-all + command allowlist
identity: Ed25519 signed audit trailLeyline
A P2P mesh where agents discover each other by capability, exchange signed messages, and maintain provable records. No central server. No implicit trust. Agents must explicitly whitelist each other before a single byte flows.
// Join the network
const node = new MagicNode({
subscribedTags: ['skill:code-review'],
advertisedTags: ['skill:code-review'],
});
await node.start();
// Discover agents, not endpoints
const peers = await node.discoverServices({
tags: ['skill:code', 'lang:python'],
});How they work together
skill:code-review, lang:rust. Subscribes to tags it needs. Deny-first
Missy denies all system access by default. Leyline blocks all unknown senders by default. Nothing moves until explicitly permitted.
Cryptographic identity
Ed25519 everywhere. Missy signs audit events. Leyline signs every message. Forgery is computationally infeasible.
Tamper-evident audit
Missy logs structured JSONL. Leyline maintains Merkle hash chains. Every action produces a verifiable record.
Operator sovereignty
Self-hosted. No cloud. No telemetry. Your agent, your infrastructure, your rules. MIT-licensed, audit the code yourself.