Self-hosted cognitive runtime that plans, executes, and improves itself. Real tasks with real tools, layered memory, and 41 jobs running 24/7. One-line install.
Three failure modes show up in almost every autonomous-agent deployment. WASP closes them with named architectural commitments, not better prompts.
The agent confidently reports actions it never took.
Truth-binding layerEvery response grounded against actions actually taken. Five deterministic guards. No LLM in the policy path.
Memory resets between sessions, reboots, and model swaps.
Layered persistent memory10+ named tiers across 28 Postgres tables. Episodic, semantic, procedural, KG, temporal, behavioral, vector. Persists across reboots.
Skills run with implicit privileges. No trace of what executed.
Capability tiers + audit4 explicit privilege tiers per skill. Anticipatory simulation before privileged ops. Audit log per call.
WASP commits to reliability, persistent memory, and observable operation as architectural defaults. The table below shows where that wins against other self-hosted harnesses, and where it doesn't.
Six real screens from a live WASP install. Health, scheduler, memory, knowledge graph, skills, integrations, providers. All exposed in the operator dashboard at 127.0.0.1:8080.
System pulse at a glance: live KG, memory tier weights, scheduler queue, latency, events per hour.
Score 100 / CPU 0% / RAM 13.2% / 0% error rate. Per-service latency probes for Redis, Postgres, Ollama. 24h activity buckets.
Live KG with 39 nodes, 38 relations. Color-coded across core, skills, knowledge, memory, epistemic, goals, self-model. Density slider, scroll-to-zoom, drag-to-rotate.
All 37 built-in skills with explicit capability tier per row. Toggleable. Audit-logged. Custom Python skills register live without restart.
40+ connectors with per-integration toggle, status pill, and credentials vault. Communication, productivity, smart-home, automation.
Multi-provider model registry. Per-model active toggle. Fallback chain configured per provider. Native Anthropic, OpenAI, xAI, Google plus Ollama for local-only.
Dashboard binds to 127.0.0.1:8080 by default. SSH-tunnel or reverse-proxy for remote access. See the
setup guide.
Planning, safety validation, memory retrieval, and audit logging. No cinematic AI trailers. Just the system operating.
Unsafe execution automatically intercepted and replanned.
Drive the agent from where work already happens. Reach the same persistent runtime from Slack, Telegram, Matrix, or a local script. Same memory, same goals, same audit trail across every surface.
Real-time messaging, multi-platform bridges, and federated channels. Reach the agent from anywhere your team already works.
Read, write, and act across the tools your work already lives in. Email, calendars, code, notes, and project management.
Native bridges to mobile and desktop operating systems for system-level actions, notifications, and local context.
Drive physical devices and consume sensor data from a local agent. No cloud round-trip required.
Wire WASP into existing automation graphs and runtime contracts. Trigger remote workflows, receive webhooks, schedule recurring jobs, expose tools over MCP.
All connectors live in integrations/connectors/. Explore the full catalog on
GitHub.
Product names, logos, and brands shown above are trademarks of their respective owners. Their use here is strictly for identification of supported integrations and does not imply sponsorship or endorsement.
Six containers, single responsibility each. One line to install:
sudo bash -c "$(curl -fsSL https://agentwasp.com/install.sh)"
The runtime. Goal orchestration, 41 jobs, dashboard (151 endpoints) on port 8080.
FastAPI · Python 3.12Event bus via Redis Streams + state cache + working memory.
Redis 7Long-term memory across 28 tables: episodic, semantic, KG, behavioral, audit, timeline.
PostgreSQL 16Telegram bridge. Fail-closed: refuses to start without a user allowlist.
python-telegram-botPrivileged sidecar with strict Docker-API allowlist. The only container with socket access.
Endpoint allowlistOptional local LLM runtime. No models downloaded by default; pull when needed.
Ollama · local-firstAcross 28 PostgreSQL tables and Redis. Persists across sessions, reboots, and model switches. Full reference in docs →
Full conversation history with timestamps, chat IDs, model metadata.
Distilled facts and preferences extracted from conversations.
Multi-step solutions abstracted as named procedures with triggers.
Entity + relation extraction per message. Postgres + Redis cache.
Rules learned from user corrections. Injected into every prompt.
World timeline of entity states + trend detection + change alerts.
Dense embeddings in Postgres JSONB. Cosine similarity, no external DB.
Live skill success rates, known failures, per-domain confidence.
Visual, working, goal-scoped, consolidation log, recovery, reflection.
Each loop is bounded, audited, and rate-limited. Capability synthesis is sandbox-validated. Response validation is deterministic. Resource limits are hard-coded fail-open.
When a capability is missing, WASP generates new skill code via LLM, validates it through an AST + security sandbox, and registers it live. Patches persisted to disk and reversible.
sandbox-validated · max 5/day · reversibleDeterministic grounding, drift, and completeness checks on every response. Auto-recovery on failure. Successful patterns cached for reuse. No LLM in the policy path.
deterministic · auto-recoveryRedis-backed rate limits across goals, agents, tasks, and LLM calls. Fail-open on Redis loss. Hard upper bounds prevent runaway autonomy and stop unbounded recursion.
fail-open · per-user TTLPath traversal, SSRF, prompt injection, CSRF. All hardened with build-gated regression tests. 622 tests passing.
Argon2 hashing, Redis sessions (24h TTL), 5-attempt lockout, audit-logged.
Session-bound single-use tokens. X-CSRF-Token validation on every mutating request.
realpath containment in self_improve. Symlink traversal blocked.
Centralized guard with DNS rebinding protection + manual redirect re-validation. Applied to all HTTP-touching skills.
Bridge refuses to start without a user allowlist. No public-bot mode.
Per-address or @domain.com. Defense vs prompt-injection exfiltration.
AST validation of all generated skill code. Blocks subprocess, eval, ctypes, pickle, importlib.
API keys auto-redacted in audit logs (OpenAI, Anthropic, Google, Stripe, Slack, HuggingFace, Bearer).
5 levels (SAFE → PRIVILEGED). Sandbox allowlists per agent. Every execution audit-logged.
App containers run as UID 1000 (non-root). Docker socket only via broker allowlist proxy.
What it does, how it deploys, where the data lives, and how it compares.
sudo bash -c "$(curl -fsSL https://agentwasp.com/install.sh)". The installer detects your distro (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, Fedora, Arch, openSUSE, Alpine, macOS), installs Docker if missing, generates secure secrets, walks you through onboarding, and starts the stack. Windows via WSL2 also supported. For contributors who prefer to clone the source: curl -fsSL https://agentwasp.com/install.sh -o install.sh && sudo bash install.sh --install-method git clones from github.com/agentwasp/agentwasp.One Docker-capable host. Your VPS, your keys, your data. No vendor in the loop.
Or install from GitHub source
For contributors, forks, or pinning to a specific commit. Clones the public repo at agentwasp/agentwasp.
Cookies & analytics. We use Google Analytics to understand how WASP is discovered. No personal data, no ads, no tracking across other sites. Your choice — accept or reject, both are fine.