Hardware isolation, not containers
Agents are isolated with real hardware virtualization for maximum security — a Firecracker or Hyper-V microVM per agent, not just a container.
Maturana lets you build, operate, and trust your own AI agents. You drive everything from Codex; each agent runs in its own hardware-isolated hypervisor for maximum security.
A lean Rust core, a skill for every workflow, a built-in knowledge graph for memory, and a security model where secrets never enter the agent VM.
Bash · Firecracker + KVM. Append -s -- --firecracker to also provision the microVM agent host.
Most agent frameworks are a wrapper around a model. Maturana is built around two ideas: the AI itself is the workflow, and an agent should be as isolated and auditable as any other production workload.
Agents are isolated with real hardware virtualization for maximum security — a Firecracker or Hyper-V microVM per agent, not just a container.
Pipelock keeps secrets like API keys and credit-card numbers out of agent reach, and an egress proxy controls which systems your agents talk to. Treat your agent as an adversary and lock it down.
Maturana is built on and for Codex, the premier OpenAI agent-engineering environment. Everything is a skill, from agent creation to tools — so you customise your agents with prompts and nothing else.
An internal WASM engine lets Maturana agents build their own tools on the fly — safely sandboxed, with no ambient authority.
Maturana ships with a shared knowledge graph that scales past markdown files. Agents build their own memory, so you don't have to.
Maturana is built in Rust with a modular core from the start. Skills are extensions to the core — you run only what you need.
Maturana is an open-source, Codex-native platform for building and running your own AI agents. You define an agent once, launch it into its own isolated virtual machine, and operate it entirely through Codex — the same tool you use to build it. Build and deploy your own skills in seconds.
The installer downloads the prebuilt binary, registers services, and installs the Codex skills. Then you build your first agent from Codex.
Agents need at least one AI harness signed in: the Codex CLI (codex login) or Claude Code. The installer checks this and tells you what's missing.
Linux hosts use Firecracker microVMs, which need KVM available. Pass --firecracker to provision the microVM host and boot-time fleet recovery.
Windows hosts use Hyper-V as the isolation provider. Setup registers a privileged hostd task and boot services via one UAC-approved step.
Installs the CLI, services, and Codex skills. Add -s -- --firecracker to also provision the microVM agent host.
Installs the Windows runtime path with Hyper-V isolation, hostd, and boot services.
Open Codex in the repo and ask it to create and launch an agent, or invoke /skills directly. That's the whole workflow.
Stuck on setup, or want to compare notes on agent design? The community is the best place to start.
The full README and docs/: install and your first agent, the MATURANA.md spec reference, architecture, and the Firecracker/Hyper-V operations guides.
The fastest way to get unstuck. Ask setup questions, share agent patterns, and follow development with the community.
Maturana is open source under BSD-3-Clause. Read the code, file issues, and see exactly how isolation, pipelock, and the graph work.

16 years in strategy, tech, and transformation. MBB background. I architect and ship agentic AI systems for tier-1 financial services, telco, and PE — from boardroom strategy to agents in production.