ElastOS

Hey, I'm Flint. Welcome to the Elastos SmartWeb Runtime.

You know why Elastos exists. Your data should belong to you. Your identity should belong to you. Your apps should work for you, not harvest you.

We built a runtime that actually enforces this. Pure Rust, runs on Linux (x86_64, aarch64, Jetson, Raspberry Pi). Everything runs inside Digital Capsules: signed, sandboxed, governed by a real security policy. The shell decides what each capsule can access, with secure defaults that fit the situation.

The runtime is minimal and timeless. Everything else is a capsule.

Storage is a capsule. Chat is a capsule. Your AI agent is a capsule. The shell itself is a capsule. They all go through the same sandbox, the same permission system, the same audit trail.

How It's Built

Runtime The trusted base. Handles isolation, signatures, capabilities, and the elastos:// namespace. Small on purpose. Shell A capsule with orchestrator privilege. Sits between you and every other capsule. Today it's a CLI. Tomorrow, the PC2 desktop. Capsules Apps, providers, agents, data bundles. All signed, all sandboxed. They request access. The shell decides. You stay in control.

Digital Capsules

A Digital Capsule is a signed, portable, content-addressed object. The same app logic, wire format, and capability model carry across WASM and microVM, with each substrate providing its own UI surface. MicroVMs get a full TUI. WASM runs stdio on WASI Preview 1. The Capsule Runtime (the AppCapsule Runtime) is the shared contract that ties them together.

Two families: executable capsules (apps, providers, the shell, agents) and data capsules (signed content paired with viewer capsules).

Carrier

Carrier lives inside the runtime. Peer discovery, gossip messaging, NAT relay. Capsules talk through URI contracts like elastos://peer/send and Carrier handles the rest underneath. The protocol layer is transport-agnostic. Currently running on iroh (QUIC, DHT, relay), with room for more transports as they come.

WebSpaces

Every resource gets a URI. The runtime routes it to the right provider capsule with capability checks at every step:

elastos://Qm123abc                  # content by hash
localhost://storage/documents/file   # local encrypted storage
elastos://peer/alice/shared          # P2P messaging
elastos://ai/complete                # AI inference

Capsules address what they need. They never know where data physically lives or how packets travel.

Identity

Every node generates a did:key backed by an Ed25519 keypair. CID identifies content. DID identifies who made it. Both self-certifying, no registry needed. This becomes the bridge to the Elastos DID sidechain when blockchain integration lands.

Actor Equality

Humans and AI agents go through the same capability system. Same tokens, same rules, same enforcement. Nobody gets a shortcut.

What Works Today

These things run on real hardware. Recorded operator proofs, not slide decks.

Ten Rust crates, a dozen capsules, hundreds of tests. Pure Rust, no C dependencies, no OpenSSL.

What	Status
Runtime core	Verified	Capability tokens, Ed25519 signatures, 12 checks per invocation, audit logging
Capsule execution	Verified	WASM (Wasmtime) and microVM (crosvm/KVM), rootless launch on Jetson and WSL
Carrier	Verified	DID identity, DHT discovery, gossip, relay, cross-network P2P
P2P Chat	Proven	Native + WASM + microVM on one runtime, same wire format, cross-network via DHT
DID identity	Verified	`did:key` with Ed25519, ready for DID sidechain bridge
Encrypted storage	Working	AES-256-GCM via `localhost://storage/`
Content sharing	Working	`elastos share` bundles files, publishes to IPFS, gives you a browser link
Signed releases	Proven	Ed25519-signed publish, install, update pipeline on both platforms
Data capsules	Working	Signed content + viewer capsules (markdown viewer, GBA emulator)
AI provider	Working	LLM routing via `elastos://ai/`
Blockchain	Next	Elastos nodes as capsules, DID sidechain bridge, payment-aware flows

Fresh install to chat: curl | bash on x86_64 and Jetson. Signatures verified, chat running. Proven through 0.19.0-rc4.

3-mode chat, one runtime: native, WASM, and microVM capsules all on one shared runtime with one Carrier node.

Cross-network: seed server to Jetson via DHT. No manual tickets needed.

Rootless microVM: app capsules run without sudo on Jetson and WSL.

The Bigger Picture

ElastOS is one part of the SmartWeb. The part everything else needs to stand on.

	Role	Status
Runtime	Runs capsules. Enforces capabilities. Owns `elastos://`. This project.	RC4
PC2	Your node. Every ElastOS node is a PC2 node. PC2.net is the proof-of-concept web desktop. Next: break it into capsules on this runtime.	PoC exists
Carrier	Peer transport, relay, content delivery. Built into the runtime. Transport-agnostic.	Working
Blockchain	Elastos Smart Chain, DID sidechain, payments, ownership. Will run as capsules and bridge to EVM wallets.	Planned

When these four pieces come together, that's the SmartWeb.

Try It

Install (Linux x86_64 or aarch64)

curl -fsSL https://elastos.elacitylabs.com/install.sh | bash

Puts the elastos binary in ~/.local/bin/elastos. Needs curl, python3, and openssl 1.1.1+ (the installer uses openssl to check Ed25519 signatures; the runtime itself has no OpenSSL dependency).

Chat with someone

# on your machine
elastos chat --nick alice

# on another machine, use the ticket alice printed
elastos chat --nick bob --connect "<ticket>"

# or let DHT find peers (30-120s cross-network, instant on LAN)
elastos chat --nick bob

Five capsules working together: runtime, shell, localhost-provider, did-provider, and Carrier. No sudo needed.

Other things you can do

elastos --version          # your version and DID
elastos update --check     # check for signed updates
elastos setup --list       # see what's available

Content sharing, notepad, GBA emulator, and an AI agent also exist in the codebase. They're being revalidated after recent work. Chat is the solid path right now.

What's Ahead

Open the source on GitHub. Cleanup and audit are underway.
Blockchain integration. Bridge did:key to the Elastos DID sidechain. Run chain nodes as capsules. Enable payment flows.
PC2 as capsules. Break the PC2.net web desktop into capsules running on this runtime. The shell becomes a web experience.
Encrypted capsules and dDRM. Capsule-level encryption, decryption-gated access, royalty flows through Elastos Smart Chain.
More platforms. macOS, hardened Jetson, better WSL.

What Could Be Built

The capsule model opens up a lot. Some things we've been thinking about:

A marketplace capsule where creators publish encrypted content and fans pay to unlock it, with royalties enforced on-chain
Personal AI agents that run in your sandbox, with your data, under your control. Not someone else's cloud.
Decentralized social apps where your posts, your followers, your history live in your capsules. You move platforms, your data moves with you.
IoT device management on Jetson and Raspberry Pi nodes, each one a sovereign PC2 node with signed capsule updates
Collaborative workspaces where teams share encrypted data capsules peer-to-peer, no central server
Your idea. Seriously.

Build with us

ElastOS is early and moving fast. If you're a developer, a creator, or just someone who cares about how computing should work, we'd love to hear from you.

The runtime is written in Rust. Capsules can be WASM or full Linux VMs. The capability system, the Carrier protocol, the provider model, the DID bridge to blockchain... there are real things to build here and real problems to solve together.

Come talk to us: ela.city · elacitylabs.com · elastos.info

Principles

Zero ambient authority. Capsules start with no permissions. The shell policy decides what gets granted.
Content-addressed. Code and data identified by hash. No server to trust. No URL to hijack.
Offline-first. Capsules have no concept of "the internet." You have the CID or you don't.
Actor equality. Humans and AI agents get the same tokens, same sandbox, same rules.
Auditable. Every capability grant, every security action, cryptographically logged.