Open-source security framework for autonomous AI systems. 4-tier defense pipeline, kernel sandboxing, tamper-evident audit — because an agent that can execute anything will eventually execute the wrong thing.
An agent that thinks and the system that acts must never be the same process.
OpenParallax is the reference implementation of the ideas presented in Parallax: Why AI Agents That Think Must Never Act (PDF, arXiv forthcoming). The central argument: giving an LLM direct execution capability is an architectural failure. The thinking process — which talks to external APIs and can be manipulated through prompt injection — must be physically separated from the execution process, with a security pipeline between them.
In OpenParallax, the Agent (sandboxed, kernel-isolated) proposes actions. The Engine (privileged, unsandboxed) evaluates every proposal through a 4-tier security pipeline before executing anything. Even a fully compromised Agent cannot cause harm — the sandbox prevents unauthorized access, and Shield blocks dangerous actions.
OpenParallax is two things:
A complete AI agent — CLI, web UI, WhatsApp, Telegram, Discord, Signal, iMessage. It reads your files, runs commands, manages your calendar, sends emails, and learns across conversations. Every action is secured and audit-logged.
A composable security stack — every module is a standalone Go package. Building your own agent? Import what you need.
// Drop a 4-tier security pipeline into any agent in 10 lines.
shield, _ := shield.NewPipeline(shield.Config{
PolicyFile: "policy.yaml",
HeuristicEnabled: true,
FailClosed: true,
})
verdict := shield.Evaluate(ctx, &shield.ActionRequest{
Type: "execute_command",
Payload: map[string]any{"command": "rm -rf /"},
})
// verdict.Decision == "BLOCK"| Module | What It Does | Go | Python | Node.js | Standalone |
|---|---|---|---|---|---|
| Shield | 4-tier AI security pipeline | ✓ | ✓ | ✓ | ✓ |
| Memory | Semantic memory with pluggable backends | ✓ | planned | planned | |
| Audit | Tamper-evident hash chain logging | ✓ | ✓ | ✓ | |
| Channels | WhatsApp, Telegram, Discord, Signal, iMessage | ✓ | planned | planned | |
| Sandbox | Kernel-level process isolation | ✓ | ✓ | ✓ | |
| Chronicle | Copy-on-write snapshots with rollback | ✓ | |||
| LLM | Anthropic, OpenAI + compatible, Google, Ollama | ✓ | |||
| Eval | Adversarial security test suite | ✓ | planned |
Every module is a standalone Go package with zero dependencies on the rest of OpenParallax. Read The Ecosystem for the full story.
A single file. No Python, no Node.js, no Docker, no package managers. Download it and run it — on Linux, macOS, or Windows.
curl -sSL https://get.openparallax.dev | sh
openparallax init
openparallax startThe init wizard configures your LLM provider, security pipeline, and memory backend. After that, start launches the agent, opens the CLI, and starts the web UI. Three commands, any operating system, zero prerequisites.
Building from Source
See the Quick Start guide for git clone && make build-all, or jump to the Architecture to understand the design.