AGENT RUNTIME ยท OPEN SOURCE ยท MIT LICENSE

The agent OS
that stays home.

Built in Rust ยท Process-level sandbox ยท Embedding-based memory ยท OpenTelemetry traces ยท Self-hosted ยท No cloud ยท One binary.

Athena runs autonomous coding agents on your own infrastructure. Every decision is logged. Every execution is sandboxed. Every memory is yours. No third-party cloud. No data leakage. No black boxes.

๐Ÿฆ€ 100% Rust ๐Ÿ”’ Hardened Sandbox ๐Ÿง  Semantic Memory ๐Ÿ“ก Full Observability โšก tokio async
$ curl -fsSL https://athena.run/install | sh click to copy
View on GitHub โ†’ How it works โ†“
Architecture

Three layers. Total control.

Athena is built around three orthogonal subsystems โ€” each replaceable, each observable, each yours. No magic. No hidden state. Just agents that do what you tell them and remember what they've learned.

๐Ÿ”’

Hardened Sandbox

Every agent runs in a process-isolated environment. The sandbox enforces resource limits, blocks filesystem escapes, and filters syscalls โ€” at the OS level.

seccomp-bpf namespaces cgroups rlimits pledge
๐Ÿง 

Semantic Memory

Agents build and query a persistent memory store using embeddings. Context flows across sessions โ€” your codebase, past decisions, and domain knowledge, always available.

embedding index vector search cross-session pluggable backend
๐Ÿ“ก

Deep Observability

Every tool call, reasoning step, and memory retrieval emits structured telemetry. Plug into Jaeger, Grafana, Prometheus, or any OTEL-compatible backend.

OpenTelemetry Prometheus SSE streaming audit log

A sandbox that actually holds.

Most agent frameworks give you a subprocess. Athena gives you a locked cage. Agents cannot escape their execution boundaries โ€” not through symlinks, not through undeclared network calls, not through shell injection.

  • Process isolation โ€” each agent is a separate OS process with its own namespace
  • Syscall filtering โ€” seccomp-bpf allowlist, deny-by-default
  • Resource limits โ€” CPU time, memory, open files โ€” all bounded
  • Filesystem policy โ€” per-agent read/write scopes, no global escapes
  • Violation events โ€” every attempted breach emits a telemetry event
athena.toml
# Sandbox policy [sandbox] isolation = "process" syscall_allowlist = "strict" [sandbox.filesystem] read = ["/workspace", "/usr/lib"] write = ["/workspace/output"] [sandbox.resources] cpu_ms = 30_000 mem_mb = 512 fds_max = 64

Memory that compounds.

Athena's semantic memory turns a stateless agent into one that improves with every session. It indexes your codebase, previous decisions, team conventions, and bug patterns โ€” and surfaces exactly the right context when the agent needs it.

  • Embedding index โ€” code, docs, decisions stored as semantic vectors
  • Codebase-aware โ€” indexes repo structure and git history
  • Pluggable backends โ€” LanceDB, Qdrant, pgvector, or local flat files
  • Relevance scoring โ€” retrieves by semantic distance, not recency alone
  • Private by default โ€” all data stays on your infrastructure

Memory retrieval latency

semantic search (10k docs) < 4ms
index update (incremental) < 12ms
full repo re-index (50k files) < 8s

M3 Pro ยท LanceDB ยท 1536-dim embeddings

Engineering

Built in Rust. No compromises.

Autonomous agents that manage processes, enforce sandboxes, and handle concurrent memory writes need a runtime that can't leak memory, can't race, and can't be surprised by adversarial input.

โšก

Fearless concurrency

Run dozens of agents in parallel with Tokio's async runtime. The ownership model makes data races a compile-time error, not a production incident.

tokio 1.40 async/await rayon
๐Ÿ”

Memory safety

No GC pauses. No use-after-free. No buffer overflows. The borrow checker eliminates whole classes of security vulnerabilities before they reach production.

zero unsafe core MSRV: 1.79
๐Ÿ“ฆ

Single binary

Ship one binary. No runtime dependencies, no package manager, no version conflicts. Copy it to a server and it runs.

~12MB <50ms cold start musl support
Quick Start

Up and running in minutes.

One command to install. One config file to describe your agent. One binary to ship.

Install

terminal
curl -fsSL https://athena.run/install | sh # Or build from source git clone https://github.com/Enreign/athena cargo build --release athena --version athena 0.1.0 (tokio 1.40)

Configure

athena.toml
[agent] name = "coding-agent" model = "claude-sonnet-4-6" [memory] backend = "lancedb" path = ".athena/memory" [telemetry] otel_endpoint = "http://localhost:4317" metrics_port = 9090

Run your first agent

terminal
athena run --task "Add input validation to the auth module, write tests, open a PR" โ–ถ Starting coding-agent (sandbox: process, memory: lancedb) โ–ถ Indexing workspace: 2,847 files in 3.1s โ†’ [Memory] Retrieved 12 relevant context snippets โ†’ [Think] Reviewing auth module at src/auth/mod.rs โ€ฆ โ†’ [Tool] read_file("src/auth/mod.rs") โ†’ [Think] Missing validation on email and password fields. Writing patch โ€ฆ โ†’ [Tool] write_file("src/auth/mod.rs", โ€ฆ) โ†’ [Tool] write_file("tests/auth_validation.rs", โ€ฆ) โ†’ [Tool] run_tests("tests/auth_validation.rs") โœ“ 7 tests passed in 0.4s โ†’ [Tool] open_pr("Add input validation to auth module") โœ“ Done. PR #142 opened. Trace: http://localhost:16686/trace/abc123

Self-hosted. MIT licensed.
Completely yours.

Star it. Fork it. Deploy it. Contribute back. Or just use it and sleep better knowing your agents stay on your infrastructure.

View on GitHub โ†’ Get in Touch