Security-first authority and delegation layer for AI agents

---

Overview

Caracal is a security-first authority and delegation layer for autonomous agents. It solves the platform problem of letting agents act in real environments without exposing long-lived secrets or uncontrolled access. Instead of giving agents broad standing permissions, Caracal lets teams issue scoped authority, delegate it safely, revoke it when needed, and keep a clear audit trail of every sensitive action.

Read the full documentation at docs.caracal.run.

---

Installation & Setup

End Users

Prerequisites

• Docker Desktop 4.x or Docker Engine 24+ with Compose v2
• Git 2.x

Install

The installer provides the thin caracal runtime CLI and the caracal-console management interface.

Check GitHub Releases for the latest available tag.

Pin a version: --version vYYYY.MM.DD on Unix or -Version vYYYY.MM.DD in PowerShell.

Linux (amd64 / arm64)

# Console
curl -fsSL https://raw.githubusercontent.com/Garudex-Labs/caracal/main/install-console.sh | \
  sh -s -- --version v2026.06.22-rc.1

macOS (Intel / Apple Silicon)

# Console
curl -fsSL https://raw.githubusercontent.com/Garudex-Labs/caracal/main/install-console.sh | \
  sh -s -- --version v2026.06.22-rc.1

Windows (amd64) PowerShell

# Console
$installer = "$env:TEMP\install-console.ps1"
iwr -useb https://raw.githubusercontent.com/Garudex-Labs/caracal/main/install-console.ps1 -OutFile $installer
powershell -ExecutionPolicy Bypass -File $installer -Version v2026.06.22-rc.1

Start the stack

caracal up                            # start all services, override with `CARACAL_VERSION=vYYYY.MM.DD caracal up`
caracal status [--ready]              # probe all services

caracal down                          # stop; add -v to remove volumes
caracal purge                         # interactive cleanup (containers, volumes, config, runtime, examples, caches)

caracal console                       # launch Console (terminal)
caracal web                           # launch the web console (UI + backend-for-frontend)
caracal run -- node worker.js         # workload execution

---

Contributing

See CONTRIBUTING.md for setup, workflow, tests, and pull request standards.

---

Maintainers

RAWx18

Slo-Pix

---

Security & Trust

See the Enterprise Security Readiness guide for the security posture, supply-chain controls, release signing, SBOMs, and the enterprise-adoption review checklist.

Report vulnerabilities privately through SECURITY.md.

---

Community & Partnerships

Program	Timeline
	Feb 2026
	Spring 2026
	Apr – Jun 2026
	May 2026 – Present
	Jun 2026 – present

---

License

Caracal is open-source software licensed under the Apache-2.0 License. See the LICENSE file for details.

Developed by Garudex Labs.