v2.7.2 · Apache 2.0

The Self-Hosted AI Agent.
Engineered to Operate.

Self-hosted cognitive runtime that plans, executes, and improves itself. Real tasks with real tools, layered memory, and 41 jobs running 24/7. One-line install.

WASP autonomous AI agent, self-hosted cognitive runtime
browser
web_search
shell
python_exec
background-consolidation
self_improve · dry-run
layered memory
multi-agent
response_validator
A serious runtime.
Built to operate.
Truth-Binding Response Layer
Layered Persistent Memory
37 Built-in Skills
Background Memory Consolidation
Multi-Agent Orchestration
Self-Hosted & Private
Self-Improvement Loop · dry-run
40+ Integrations
Multi-Provider LLM Routing
41 Scheduler Jobs
Fail-Closed Telegram · SSRF Protected
Truth-Binding Response Layer
Layered Persistent Memory
37 Built-in Skills
Background Memory Consolidation
Multi-Agent Orchestration
Self-Hosted & Private
Self-Improvement Loop · dry-run
40+ Integrations
Multi-Provider LLM Routing
41 Scheduler Jobs
Fail-Closed Telegram · SSRF Protected

Most agent harnesses
lose operator trust the same way.

Three failure modes show up in almost every autonomous-agent deployment. WASP closes them with named architectural commitments, not better prompts.

Hallucinations

The agent confidently reports actions it never took.

Truth-binding layer

Every response grounded against actions actually taken. Five deterministic guards. No LLM in the policy path.

Lost context

Memory resets between sessions, reboots, and model swaps.

Layered persistent memory

10+ named tiers across 28 Postgres tables. Episodic, semantic, procedural, KG, temporal, behavioral, vector. Persists across reboots.

Untracked actions

Skills run with implicit privileges. No trace of what executed.

Capability tiers + audit

4 explicit privilege tiers per skill. Anticipatory simulation before privileged ops. Audit log per call.

A different architectural
philosophy.

WASP commits to reliability, persistent memory, and observable operation as architectural defaults. The table below shows where that wins against other self-hosted harnesses, and where it doesn't.

Capability
Cognitive architecture
Persistent memory layers 10+ named tiers across 28 PostgreSQL tables + Redis (episodic, semantic, procedural, KG, behavioral, temporal world model, vector, working, goal-scoped, self-model, epistemic) Agent-curated memory + FTS5 session search + Honcho dialectic user modeling Workspace-scoped memory + session model
Knowledge graph + temporal world model Built-in named subsystems (knowledge_nodes, knowledge_relations, world_timeline tables) Not documented in public README Not documented in public README
Background cognitive jobs 41 pre-built jobs (background consolidation, perception, autonomous goal generation, self-integrity monitor, cognitive pressure monitor, behavioral learner) Cron scheduler + background_review module Cron + nodes
Controlled self-improvement Patch-based source modification with persistence across container rebuilds (/data/src_patches/) Autonomous skill creation + in-use skill improvement Skill installation from ClawHub
Reliability & safety
Capability tiers per skill 4 explicit levels: PUBLIC / CONTROLLED / RESTRICTED / PRIVILEGED Command-pattern approval Per-tool allow / deny inside sandbox
Anticipatory simulation LLM previews consequences before privileged operations (5-min cache) Not documented in public README Not documented in public README
Plan critic LLM validates every TaskGraph before execution Not documented in public README Not documented in public README
Response policy layer Named guards: URL substitution, action announcer, response grounder, schedule honesty, prompt-leak redaction Different safety model (file-safety checks) Different safety model (sandbox isolation)
Audit trail / observability Full audit log of every skill call + decision trace + 151 dashboard endpoints across chat, traces, scheduler, memory, integrations Insights module + usage tracking Per-session history
Runtime & orchestration
Multi-agent / subagents Sub-agents with isolation + recursive goals via AgentManagerSkill Isolated subagent spawn for parallel workstreams Per-channel agent routing with workspaces
Runtime isolation backends Docker 7 backends: local / Docker / SSH / Singularity / Modal / Daytona / Vercel Sandbox Docker (default) + SSH + OpenShell
Reach
Communication channels 12 platforms (Telegram, Discord, Slack, Teams, WhatsApp, Signal, Matrix, Nextcloud Talk, iMessage, Zalo, Nostr, WebChat) + web dashboard 6 platforms (Telegram, Discord, Slack, WhatsApp, Signal, Email) 22+ platforms (WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, Teams, Matrix, Feishu, LINE, IRC, and more)
Integration ecosystem 40+ connectors across communication, productivity, smart home, automation, platform bridges, MCP and developer tooling Skills Hub + agentskills.io + MCP integration ClawHub registry + skills
Model layer
LLM providers 5 native (Anthropic, OpenAI, xAI, Google) + Ollama / any OpenAI-compatible local runtime 300+ via Nous Portal + any OpenAI-compatible endpoint Multiple providers with model failover
Trademarks held by their respective owners. Comparison data from public GitHub READMEs, May 2026.

The dashboard,
not a mockup.

Six real screens from a live WASP install. Health, scheduler, memory, knowledge graph, skills, integrations, providers. All exposed in the operator dashboard at 127.0.0.1:8080.

Dashboard binds to 127.0.0.1:8080 by default. SSH-tunnel or reverse-proxy for remote access. See the setup guide.

Real execution traces
from the runtime.

Planning, safety validation, memory retrieval, and audit logging. No cinematic AI trailers. Just the system operating.

wasp-runtime · tr_8f3aa2
Idle

Truth Layer Intervention

Unsafe execution automatically intercepted and replanned.

Live runtime trace
tr_8f3aa2

40+ Native Integrations

Drive the agent from where work already happens. Reach the same persistent runtime from Slack, Telegram, Matrix, or a local script. Same memory, same goals, same audit trail across every surface.

Communication

10 channels

Real-time messaging, multi-platform bridges, and federated channels. Reach the agent from anywhere your team already works.

Telegram Discord Slack Teams WhatsApp Signal Matrix iMessage Zalo Nostr

Productivity

7 tools

Read, write, and act across the tools your work already lives in. Email, calendars, code, notes, and project management.

Gmail Google Calendar GitHub Notion Trello Obsidian Email (IMAP/SMTP)

Platform Bridges

5 OS

Native bridges to mobile and desktop operating systems for system-level actions, notifications, and local context.

Android iOS macOS Windows Linux

Smart Home & IoT

Local-first

Drive physical devices and consume sensor data from a local agent. No cloud round-trip required.

Home Assistant Philips Hue Eight Sleep

Automation & Runtime

Orchestration

Wire WASP into existing automation graphs and runtime contracts. Trigger remote workflows, receive webhooks, schedule recurring jobs, expose tools over MCP.

Browser Automation MCP Webhooks Zapier Cron / Scheduler Weather APIs

All connectors live in integrations/connectors/. Explore the full catalog on GitHub.

Product names, logos, and brands shown above are trademarks of their respective owners. Their use here is strictly for identification of supported integrations and does not imply sponsorship or endorsement.

Six Containers.
One Operational Runtime.

Six containers, single responsibility each. One line to install:

sudo bash -c "$(curl -fsSL https://agentwasp.com/install.sh)"

agent-core

The runtime. Goal orchestration, 41 jobs, dashboard (151 endpoints) on port 8080.

FastAPI · Python 3.12

agent-redis

Event bus via Redis Streams + state cache + working memory.

Redis 7

agent-postgres

Long-term memory across 28 tables: episodic, semantic, KG, behavioral, audit, timeline.

PostgreSQL 16

agent-telegram

Telegram bridge. Fail-closed: refuses to start without a user allowlist.

python-telegram-bot

agent-broker

Privileged sidecar with strict Docker-API allowlist. The only container with socket access.

Endpoint allowlist

agent-ollama

Optional local LLM runtime. No models downloaded by default; pull when needed.

Ollama · local-first

Layered
Persistent Memory

Across 28 PostgreSQL tables and Redis. Persists across sessions, reboots, and model switches. Full reference in docs →

01

Episodic

Full conversation history with timestamps, chat IDs, model metadata.

02

Semantic

Distilled facts and preferences extracted from conversations.

03

Procedural

Multi-step solutions abstracted as named procedures with triggers.

04

Knowledge Graph

Entity + relation extraction per message. Postgres + Redis cache.

05

Behavioral

Rules learned from user corrections. Injected into every prompt.

06

Temporal

World timeline of entity states + trend detection + change alerts.

07

Vector

Dense embeddings in Postgres JSONB. Cosine similarity, no external DB.

08

Self-Model

Live skill success rates, known failures, per-domain confidence.

09

+ 3 auxiliary

Visual, working, goal-scoped, consolidation log, recovery, reflection.

Three systems that learn,
three that don't go rogue.

Each loop is bounded, audited, and rate-limited. Capability synthesis is sandbox-validated. Response validation is deterministic. Resource limits are hard-coded fail-open.

Capability Synthesis

When a capability is missing, WASP generates new skill code via LLM, validates it through an AST + security sandbox, and registers it live. Patches persisted to disk and reversible.

sandbox-validated · max 5/day · reversible

Response Validation

Deterministic grounding, drift, and completeness checks on every response. Auto-recovery on failure. Successful patterns cached for reuse. No LLM in the policy path.

deterministic · auto-recovery

Resource Governor

Redis-backed rate limits across goals, agents, tasks, and LLM calls. Fail-open on Redis loss. Hard upper bounds prevent runaway autonomy and stop unbounded recursion.

fail-open · per-user TTL

Security Hardening,
build-gated.

Path traversal, SSRF, prompt injection, CSRF. All hardened with build-gated regression tests. 622 tests passing.

Auth & Rate Limiting

Argon2 hashing, Redis sessions (24h TTL), 5-attempt lockout, audit-logged.

CSRF Protection

Session-bound single-use tokens. X-CSRF-Token validation on every mutating request.

Path Traversal

realpath containment in self_improve. Symlink traversal blocked.

SSRF Prevention

Centralized guard with DNS rebinding protection + manual redirect re-validation. Applied to all HTTP-touching skills.

Fail-Closed Telegram

Bridge refuses to start without a user allowlist. No public-bot mode.

Gmail Allowlist

Per-address or @domain.com. Defense vs prompt-injection exfiltration.

LLM Code Injection

AST validation of all generated skill code. Blocks subprocess, eval, ctypes, pickle, importlib.

Secret Redaction

API keys auto-redacted in audit logs (OpenAI, Anthropic, Google, Stripe, Slack, HuggingFace, Bearer).

Capability Tiers

5 levels (SAFE → PRIVILEGED). Sandbox allowlists per agent. Every execution audit-logged.

Container Isolation

App containers run as UID 1000 (non-root). Docker socket only via broker allowlist proxy.

Questions About
Running WASP

What it does, how it deploys, where the data lives, and how it compares.

What is an autonomous AI agent?
An autonomous AI agent takes a high-level goal, breaks it into executable steps, runs each step with a real tool (browser, shell, API call), monitors what actually happened, retries or replans on failure, and stops when the goal is met or unreachable. The "autonomous" part means no human keystroke per step, not no human oversight. WASP keeps the operator in the loop through an audit log, a dashboard, and a deterministic policy layer that vetoes actions outside declared capability bounds.
How does WASP execute tasks automatically?
WASP's Goal Engine decomposes your objective into a dependency graph (DAG). Each node is executed using one of 37 built-in skills: web browser, shell, Python, Gmail, and more. The Plan Critic validates every graph before execution. If a task fails, WASP replans automatically (budget: 5 replans + storm detection). 41 background jobs keep the agent active 24/7, even when you're offline.
How does WASP compare to OpenClaw or Hermes Agent?
All three are serious self-hosted agent harnesses with different bets. OpenClaw optimizes for consumer-surface breadth: 22+ messaging channels, mobile and desktop apps, per-channel agent routing with isolated workspaces. Hermes Agent optimizes for runtime and model ecosystem breadth: 7 sandbox backends (Docker, SSH, Modal, Daytona, Vercel, Singularity, local), 300+ models via Nous Portal, autonomous skill creation. WASP optimizes for cognitive depth and a reliability-oriented runtime: 10+ named memory tiers across 28 Postgres tables, a knowledge graph and temporal world model as named subsystems, 4 explicit capability tiers per skill with anticipatory simulation, an LLM plan critic that validates every TaskGraph before execution, and a truth-binding response layer with named deterministic guards. See the comparison table above for a row-by-row breakdown.
How do I install WASP?
One line on any Docker-capable host: sudo bash -c "$(curl -fsSL https://agentwasp.com/install.sh)". The installer detects your distro (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, Fedora, Arch, openSUSE, Alpine, macOS), installs Docker if missing, generates secure secrets, walks you through onboarding, and starts the stack. Windows via WSL2 also supported. For contributors who prefer to clone the source: curl -fsSL https://agentwasp.com/install.sh -o install.sh && sudo bash install.sh --install-method git clones from github.com/agentwasp/agentwasp.
What is a self-hosted AI agent?
A self-hosted AI agent runs entirely on infrastructure you control: your own VPS, server, or private cloud. WASP deploys with the one-line installer above. All data (memory, goals, audit logs, behavioral rules) stays on your machines. You connect your own LLM API keys. No vendor accesses your conversations or agent state.
What are the system requirements?
Minimum: 2 CPU cores, 4 GB RAM, 10 GB disk. Recommended: 4 cores, 8 GB RAM, 20 GB disk. Linux x86_64 (Debian 11+, Ubuntu 22.04+, RHEL/AlmaLinux/Rocky 9+, Fedora 38+, Arch, Alpine 3.18+, openSUSE) or macOS 13+, or Windows via WSL2. At least one LLM provider key (Anthropic / OpenAI / xAI / Google) or local Ollama.
What tools and integrations are included?
37 built-in skills: web browser (nodriver + Selenium, persistent sessions), web search, sandboxed shell, Python runtime (subprocess + RLIMIT + AST), Gmail with recipient allowlist, file I/O, SSRF-protected HTTP, crypto price monitoring, memory search/store, agent management, sub-agent orchestration, self-improve with dry-run. Plus 40+ external integrations and custom Python skills created at runtime through natural language.
What is WASP's memory system?
Layered persistent memory across 28 PostgreSQL tables and Redis. Primary layers inject into every context: episodic, semantic, procedural, visual, knowledge graph, behavioral rules, temporal world model, vector embeddings, working memory, goal-scoped, self-model, per-domain epistemic confidence. Auxiliary layers in background: learning examples, consolidation log, recovery memory, skill patterns, entity states, predictions, reflection. All persists across sessions, reboots, and model switches.
Does WASP work fully offline?
Yes. WASP runs on your own infrastructure via Docker Compose. PostgreSQL and Redis run locally as containers. For fully offline LLM inference, connect a local Ollama instance with any open-weight model. Your data never leaves your machine. For internet-connected tasks (web search, Gmail, etc.) you'll need network access per skill, but the agent runtime itself has no cloud dependency.
What's the license? Can I use WASP commercially?
WASP is released under the Apache License 2.0. You may use, modify, and distribute it freely, including for commercial and production deployments, subject to the standard Apache 2.0 terms (preserve the license notice, mark modified files, and include a copy of the license with redistributions). Apache 2.0 also grants an explicit patent license from contributors and includes a patent retaliation clause. The "WASP" name and logo are project trademarks and are not granted by the license.
Open Source · Self-Hosted · Zero Cloud Lock-in

Install in one line.
Built to operate.

One Docker-capable host. Your VPS, your keys, your data. No vendor in the loop.

# Install WASP v2.7 on Debian, Ubuntu, RHEL, AlmaLinux, Rocky, Fedora, Arch, openSUSE, Alpine
$sudo bash -c "$(curl -fsSL https://agentwasp.com/install.sh)"
# Install WASP v2.7 on macOS 13+ (requires Docker Desktop)
$sudo bash -c "$(curl -fsSL https://agentwasp.com/install.sh)"
# Install WASP v2.7 on Windows via WSL2 + Docker Desktop (run in PowerShell as Administrator)
PS>iwr -useb https://agentwasp.com/install.ps1 | iex

Or install from GitHub source

For contributors, forks, or pinning to a specific commit. Clones the public repo at agentwasp/agentwasp.

GitHub source
# Install WASP v2.7 by cloning the GitHub source (--install-method git)
$curl -fsSL https://agentwasp.com/install.sh -o install.sh && sudo bash install.sh --install-method git
Install Guide Read the Docs
wasp CLI
# After install, manage with the wasp CLI:
$wasp status # container health
$wasp logs # stream agent-core logs
$wasp health # run probe suite
$wasp backup # Postgres + volume snapshot
$wasp update # pull latest, rebuild, restart
# Dashboard → http://your-host:8080 ✓