From zero to governed
agent in 60 seconds.
Install the CLI, initialize a project, write an agent, and deploy — all policy-gated and sandboxed from the start.
Install
Three ways to get Symbiont on your machine. The install script auto-detects your platform and drops the binary into ~/.symbiont/bin.
# Install script — auto-detects OS & arch $ curl -fsSL https://symbiont.dev/install.sh | bash Detected: linux-x86_64 Downloading symbiont v1.9.1... ✓ Installed to ~/.symbiont/bin/symbi ✓ Added to PATH
# From crates.io $ cargo install symbiont-cli
# Docker image $ docker pull ghcr.io/thirdkeyai/symbi:latest
Initialize
Interactive project setup. Generates Cedar policies, agent definitions, and sandbox configuration in one pass.
$ symbi init my-project ? Select a profile: minimal ? Enable SchemaPin verification? yes ? Sandbox tier: docker ✓ Created my-project/symbiont.toml ✓ Created my-project/policies/default.cedar ✓ Created my-project/agents/assistant.dsl ✓ Created my-project/.env.example cd my-project && symbi run assistant
Write Agents
Declarative DSL for agent definitions. Supports both // and # comment styles. Model, tools, policies, and behavior in a single file.
// Agent definition — declarative DSL # Both comment styles are supported agent assistant { model "gpt-4o" temperature 0.3 max_turns 10 system "You are a helpful assistant." tools [web_search, file_read] policy "policies/default.cedar" sandbox docker }
Run
Test agents locally with a single command. Full reasoning loop, policy enforcement, and token tracking out of the box.
$ symbi run assistant -i 'hello' ▸ Loading agent: assistant ▸ Policy check: ✓ default.cedar ▸ Sandbox: docker Hello! I'm your assistant. How can I help you today? ────────────────────────────────── iterations: 1 │ tokens: 142 │ tools: 0
Deploy
Start the full runtime with API server, auto-routing, and all configured agents. Production-ready from a single command.
$ symbi up ╭──────────────────────────────────────╮ │ Symbiont Runtime │ ╰──────────────────────────────────────╯ ✓ Auth: bearer token (JWT + Cedar) ✓ Loaded 3 agents: assistant, researcher, coder ✓ Auto-routing: enabled ✓ SchemaPin: verified ✓ Sandbox tier: docker Listening on http://0.0.0.0:3000 Docs at http://0.0.0.0:3000/docs
Feature Flags
Toggle capabilities at compile time or in symbiont.toml.
| Flag | Description | Default |
|---|---|---|
| cedar | Cedar policy engine | on |
| schemapin | SchemaPin tool verification | on |
| sandbox | Docker/gVisor/Firecracker sandboxing | on |
| audit | Cryptographic audit trail | on |
| composio | Composio MCP integration | off |
| clawhavoc | Adversarial prompt testing | off |
| scheduling | Cron-based agent scheduling | off |
SDKs
First-class client libraries for JavaScript and Python. Full typed API, streaming support, and built-in auth.
$ npm i symbiont-sdk-js import { Symbiont } from 'symbiont-sdk-js' const client = new Symbiont({ baseUrl: 'http://localhost:3000', token: process.env.SYMBIONT_TOKEN })
$ pip install symbiont-sdk from symbiont import Symbiont client = Symbiont( base_url="http://localhost:3000", token=os.environ["SYMBIONT_TOKEN"] )
Govern Your Coding Assistant
First-party plugins bring Symbiont governance directly into your coding workflow. Three tiers of protection — from advisory logging to hard Cedar policy enforcement.
Claude Code
symbi-claude-codeBlocking hooks, local deny lists, Cedar policy evaluation, SchemaPin tool verification, and cryptographic audit trails.
Gemini CLI
symbi-gemini-cliDefense-in-depth: manifest-level blocking, native policy engine, and hook-based deny lists — three independent enforcement layers.
Both plugins share the same .symbiont/local-policy.toml config. No symbi binary required for Tier 2 protection.