Animus is a policy-first, reproducible agentic coding infrastructure:
- Intelligence in cloud (OpenAI Codex / Responses API).
- Execution + validation locally in an isolated cluster (k3s primary).
- Runners have no upstream secrets and no external egress.
- Git transport is gated via internal git-proxy mirror.
- Every run produces an EventLog + Proof Bundle + Replay.
- Project memory is Memory-as-Code in
.animus/with guarded writes and provenance.
- Not a prompt pack.
- Not a UI design system.
- Not a single-host-only auto-coder.
The primary profile is k3s (homelab-k3s). Acceptance MUST pass on k3s.
- Default-deny egress runner jobs (enforced).
- Git-only-through-proxy (job token TTL+scope).
- Proof Bundles (immutable) + EventLog (append-only) + Replay (hash-checked).
- Memory-as-Code:
.animus/*with Memory Guard and provenance.
docs/specs, ADR, opsschemas/runtime schema validationcharts/Helm chart for k3s deployment.animus/project memory
- K3s networking: https://docs.k3s.io/networking
- K3s installation: https://docs.k3s.io/installation
- Cilium on k3s: https://docs.cilium.io/en/stable/installation/k3s.html
- Pod Security Standards: https://kubernetes.io/docs/concepts/security/pod-security-standards/
- git-http-backend: https://git-scm.com/docs/git-http-backend
- OpenAI Responses API: https://platform.openai.com/docs/api-reference/responses
See LICENSE.