{"id":50897700,"url":"https://github.com/OpenPawz/openpawz","last_synced_at":"2026-07-03T16:01:21.691Z","repository":{"id":338339549,"uuid":"1157539712","full_name":"OpenPawz/openpawz","owner":"OpenPawz","description":"OpenPawz is a native, offline-first desktop AI platform (Tauri v2 + Rust) that lets you run local models or connect to any compatible provider. It gives you private-by-default agents with hybrid memory, strong security guardrails, and extensibility through built-ins plus n8n community integrations","archived":false,"fork":false,"pushed_at":"2026-04-17T15:34:11.000Z","size":91636,"stargazers_count":56,"open_issues_count":21,"forks_count":17,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-04-17T17:33:29.455Z","etag":null,"topics":["agents","ai","brain","cognition","mcp","memory","memory-management","n8n","open-source","rust","security","zapier"],"latest_commit_sha":null,"homepage":"https://openpawz.ai","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OpenPawz.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"OpenPawz","open_collective":"openpawz"}},"created_at":"2026-02-13T23:56:15.000Z","updated_at":"2026-04-10T09:17:50.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/OpenPawz/openpawz","commit_stats":null,"previous_names":["elisplash/paw","openpawz/openpawz"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/OpenPawz/openpawz","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenPawz%2Fopenpawz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenPawz%2Fopenpawz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenPawz%2Fopenpawz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenPawz%2Fopenpawz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OpenPawz","download_url":"https://codeload.github.com/OpenPawz/openpawz/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenPawz%2Fopenpawz/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35092185,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-03T02:00:05.635Z","response_time":110,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents","ai","brain","cognition","mcp","memory","memory-management","n8n","open-source","rust","security","zapier"],"created_at":"2026-06-16T01:31:30.075Z","updated_at":"2026-07-03T16:01:21.672Z","avatar_url":"https://github.com/OpenPawz.png","language":"Rust","funding_links":["https://github.com/sponsors/OpenPawz","https://opencollective.com/openpawz"],"categories":["agents"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"images/pawz-logo-transparent.png\" alt=\"OpenPawz logo\" width=\"200\"\u003e\n\n\u003cbr\u003e\n\n**Your AI, your rules.**\n\nA native desktop AI platform that runs fully offline, connects to any provider, and puts you in control.\n\n[![CI](https://github.com/OpenPawz/openpawz/actions/workflows/ci.yml/badge.svg)](https://github.com/OpenPawz/openpawz/actions/workflows/ci.yml)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n[![Discord](https://img.shields.io/badge/Discord-Join-5865F2?logo=discord\u0026logoColor=white)](https://discord.gg/wVvmgrMV)\n[![X (Twitter)](https://img.shields.io/badge/Follow-%40openpawzai-000000?logo=x\u0026logoColor=white)](https://x.com/openpawzai)\n[![Instagram](https://img.shields.io/badge/Follow-%40openpawz-E4405F?logo=instagram\u0026logoColor=white)](https://www.instagram.com/openpawz)\n\n*Private by default. Powerful by design. Extensible by nature.*\n\n[English](README.md) · [简体中文](README.zh-CN.md)\n\n\u003c/div\u003e\n\n---\n\n## Paws Overview\n\n\u003cdiv align=\"center\"\u003e\n\n**Pawz In Action**\n\nhttps://github.com/user-attachments/assets/9bee2c08-ca86-4483-89a1-3eae847054b4\n\n\u003cbr\u003e\n\n**Engram Memory** — Interactive knowledge graph with force-directed layout, flowing edge particles, and memory recall\n\nhttps://github.com/user-attachments/assets/60b0f351-180e-49ed-a70b-e31556743949\n\n\u003cbr\u003e\n\n**Integration Hub** — Community services via MCP Bridge, with category filters, connection health, and quick setup\n\n\u003cimg src=\"images/screenshots/Integrations.png\" alt=\"Integration Hub\" width=\"800\"\u003e\n\n\u003cbr\u003e\n\n**Fleet Command** — Manage agents, deploy templates, and monitor fleet activity\n\n\u003cimg src=\"images/screenshots/Agents.png\" alt=\"Fleet Command\" width=\"800\"\u003e\n\n\u003cbr\u003e\n\n**Chat** — Session metrics, active jobs, quick actions, and automations\n\n\u003cimg src=\"images/screenshots/Chat.png\" alt=\"Chat\" width=\"800\"\u003e\n\n\u003cbr\u003e\n\n**Pawz CLI** — Full engine access from the terminal with zero network overhead\n\n\u003cimg src=\"images/screenshots/PAWZ-CLI.png\" alt=\"Pawz CLI\" width=\"800\"\u003e\n\n\u003c/div\u003e\n\n---\n\n## Why OpenPawz?\n\nOpenPawz is a native Tauri v2 application with a pure Rust backend engine. It runs fully offline with Ollama, connects to any OpenAI-compatible provider, and gives you complete control over your AI agents, data, and tools.\n\n- **Private** — No cloud, no telemetry, no open ports. Credentials encrypted with AES-256-GCM in your OS keychain.\n- **Powerful** — Multi-agent orchestration, 11 channel bridges, hybrid memory, DeFi trading, browser automation, research workflows.\n- **Extensible** — Comm integrations via embedded MCP bridge to n8n's community node ecosystem, unlimited providers, community skills via PawzHub, local Ollama workers, modular architecture.\n- **Tiny** — ~5 MB native binary. Not a 200 MB Electron wrapper.\n\n---\n\n## The Integration Inversion\n\nEvery other automation platform locks integrations inside workflows. You must build a workflow before any tool is usable. OpenPawz inverts this — every integration is **simultaneously** a direct agent tool and a visual workflow node.\n\n| | Zapier / Make / n8n (standalone) | OpenPawz |\n|---|---|---|\n| **Tool availability** | Locked inside workflows | Available directly in chat AND in workflows |\n| **To use a tool** | Build trigger → action chain first | Just ask your agent |\n| **AI's role** | One node inside the pipeline | The pipeline lives inside the agent |\n| **Install a new package** | Workflow node only | Instant chat tool + workflow node |\n| **Community nodes** | Manual sequential automation | AI-orchestrable via MCP bridge |\n\n```\nInstall \"@n8n/n8n-nodes-slack\":\n\n  n8n standalone:  available as a workflow node → must build a workflow to use it\n  OpenPawz:        auto-deploys a workflow + indexes it for agent discovery\n                   → \"Hey Pawz, send hello to #general\" — done\n```\n\n**How it works:** OpenPawz embeds n8n as an MCP server. n8n's MCP exposes three workflow-level tools: `search_workflows`, `execute_workflow`, and `get_workflow_details`. When you install a community package, Paw auto-deploys a per-service workflow (e.g. \"OpenPawz MCP — Slack\") that encapsulates the integration logic. The agent discovers workflows via semantic search and executes them via `execute_workflow` — all through the MCP bridge.\n\n**The insight:** n8n's community nodes were designed for manual automation. OpenPawz makes them AI-native — Paw auto-deploys workflows that compose n8n nodes with credential binding, error handling, and retries. The agent decides which workflow to execute based on your intent, and only needs the visual Flow Builder when you want multi-step orchestration with branching, loops, or scheduling.\n\n---\n\n## Original Research\n\nOpenPawz introduces three novel methods for scaling AI agent tool usage and workflow execution. All are open source under the MIT License.\n\n### The Librarian Method — Intent-Stated Tool Discovery\n\n**Problem:** AI agents break when they have too many tools. Loading thousands of workflow definitions into context is impossible, and keyword pre-filters guess wrong because they lack intent.\n\n**Solution:** The agent itself requests tools after understanding the user's intent. An embedding model performs semantic search over the workflow index and returns only the relevant workflows — on demand, per round. We recommend a local Ollama model like `nomic-embed-text` for zero cost, but any embedding model works.\n\n```\nUser: \"Email John about the quarterly report\"\n  → Agent calls request_tools(\"email sending capabilities\")   ← agent has intent\n  → Librarian (embedding model): embeds query → cosine search → email_send, email_read\n  → Only relevant tools loaded instead of every available definition\n```\n\n**Key insight:** The LLM forms the search query (it has parsed intent). A pre-filter on the raw user message would have to guess — the agent knows.\n\n📄 [Full case study: The Librarian Method](reference/librarian-method.mdx)\n\n### The Foreman Protocol — Low-Cost Tool Execution\n\n**Problem:** When a cloud LLM executes tools, the reasoning around formatting and calling them burns expensive tokens. The actual API calls (Slack, Trello, etc.) are free or cheap — but the LLM processing around them is not.\n\n**Solution:** A cheaper worker model executes all MCP tool calls instead of the expensive Architect model. The critical enabler is **MCP's self-describing schemas** — the MCP server tells the worker model exactly how to call each tool. No pre-training. No configuration. Any new n8n community node is instantly executable. We recommend a local Ollama model like `qwen2.5-coder:7b` for zero cost, but any model from any provider works.\n\n```\nArchitect (Cloud LLM): \"Send hello to #general\" → calls mcp_slack_send_message\n  → Engine intercepts mcp_* call\n  → Foreman (worker model): executes via MCP → n8n → Slack API\n  → Tool execution handled by the cheapest capable model in the stack\n```\n\n**Key insight:** MCP servers are self-describing. The worker model doesn't need to know how to use community integrations — MCP tells it at runtime.\n\n📄 [Full case study: The Foreman Protocol](reference/foreman-protocol.mdx)\n\n### The Conductor Protocol — AI-Compiled Flow Execution\n\n**Problem:** Every workflow platform — n8n, Zapier, Make, Airflow — walks the graph node by node: sequential, synchronous, one LLM call per agent step. A 10-node AI pipeline with 6 agent steps takes 24+ seconds and 6 LLM calls. Cycles (feedback loops, agent debates) are structurally impossible — all require DAGs.\n\n**Solution:** The Conductor treats flow graphs as **blueprints of intent** and compiles them into optimized execution strategies before a single node runs. Five primitives — Collapse (merge N agents → 1 LLM call), Extract (deterministic nodes bypass LLM entirely), Parallelize (independent branches run concurrently), Converge (cyclic subgraphs iterate until outputs stabilize), and Tesseract (partition graphs into parallel cells with per-cell memory isolation, synchronized at event horizons) — reduce a 10-node flow from 24s/6 calls to 4–8s/2–3 calls.\n\n```\n10-node flow, 6 agent steps:\n  n8n / Zapier / Make: sequential walk → 24s+, 6 LLM calls\n  OpenPawz Conductor:  compiled strategy → 4–8s, 2–3 LLM calls\n\nConvergent Mesh (agent debate until consensus):\n  n8n / Zapier / Make: impossible — DAG required\n  OpenPawz Conductor:  bidirectional edges → iterative rounds → convergence\n```\n\n**Key insight:**  n8n community nodes were designed for manual sequential automation. The Conductor makes them AI-orchestrable — describe a workflow in natural language, the NLP parser builds the graph, the Conductor compiles it, and the agents execute it. The entire n8n ecosystem becomes an AI-native automation engine.\n\n📄 [Full case study: The Conductor Protocol](reference/conductor-protocol.mdx)\n\n### Agent Execution Architecture — 5-Phase Optimization Pipeline\n\nOpenPawz implements a **5-phase execution optimization pipeline** that eliminates waste from the standard agent loop. Each phase is built, tested (162 dedicated tests), and wired into the live agent loop.\n\n| Phase | Name | What It Does | Impact |\n|-------|------|-------------|--------|\n| **0** | Action DAG Planning | Model outputs a complete execution plan in one inference call; engine runs independent steps in parallel | 3–5× fewer inference calls |\n| **1** | Constrained Decoding | Provider-specific schema enforcement (OpenAI `strict`, Anthropic `tool_choice`, Gemini `tool_config`, Ollama `format: json`) | 0% parse failures |\n| **2** | Embedding-Indexed Tool Registry | Persistent SQLite tool embeddings with four-tier search failover (Vector → BM25 → Domain → Keyword) | \u003c100ms tool discovery at 100K+ scale |\n| **3** | Binary IPC | MessagePack encoding for streaming deltas and plan results via `EventBatcher` and `ResultAccumulator` | 15–30% latency reduction |\n| **4** | Speculative Execution | CPU branch prediction for agents — learns tool transition patterns, pre-warms connections, predicts next tool | 200–800ms saved per prediction hit |\n\n```\nUser: \"Set up a weekly standup, invite the team, and summarize last week's action items\"\n\n  Phase 2: Tool discovery (\u003c100ms) → calendar, email tools loaded\n  Phase 0: Single inference → DAG plan: A(gmail_search) ‖ B(calendar_create) → C(gmail_send)\n  Phase 1: Plan JSON guaranteed valid via constrained decoding\n  Phase 3: A \u0026 B results assembled via binary accumulator\n  Phase 4: While A runs, Gmail send API pre-warmed\n\n  Result: 2 inference calls instead of 6+. Task completes in 4–12s instead of 20–50s.\n```\n\n📄 [Full architecture: .AGENT_EXECUTION_ROADMAP.md](.AGENT_EXECUTION_ROADMAP.md)\n\n---\n\n## Quality\n\nEvery commit is validated by a 3-job CI pipeline: Rust (check + test + clippy), TypeScript (tsc + eslint + vitest + prettier), and Security (cargo audit + npm audit). The Rust backend has **1,008 lib tests** including 162 dedicated tests for the 5-phase Agent Execution Architecture. See [ENTERPRISE_PLAN.md](ENTERPRISE_PLAN.md) for the full hardening audit.\n\n---\n\n## Security\n\nOpenPawz takes a defense-in-depth approach with 10 security layers. The agent never touches the OS directly — every tool call flows through the Rust engine where it can be intercepted, classified, and blocked.\n\n### Zero Trust by Default\n\n| Metric | Value |\n|--------|-------|\n| Open network ports | **0** — Tauri IPC only, no HTTP server |\n| Credential encryption | **AES-256-GCM** with OS keychain key storage |\n| Automated tests | **3,174** (1,008 Rust + 2,166 TypeScript) |\n| CI security checks | `cargo audit` + `npm audit` on every push |\n| Known CVEs | **0** enforced in CI |\n| Clippy warnings | **0** enforced via `-D warnings` |\n\n### 10 Security Layers\n\n1. **Prompt injection scanner** — Dual TypeScript + Rust detection, 30+ patterns across 4 severity levels\n2. **Command risk classifier** — 30+ danger patterns across 5 risk levels (critical → safe), color-coded approval modals\n3. **Human-in-the-Loop approval** — Side-effect tools require explicit user approval; critical commands require typing \"ALLOW\"\n4. **Per-agent tool policies** — Allowlist, denylist, or unrestricted mode per agent\n5. **Container sandboxing** — Docker isolation with `CAP_DROP ALL`, memory/CPU limits, network disabled by default\n6. **Browser network policy** — Domain allowlist/blocklist prevents data exfiltration\n7. **Credential vault** — OS keychain + AES-256-GCM encrypted SQLite; keys never appear in prompts or logs\n8. **TLS certificate pinning** — Custom `rustls` config pinned to Mozilla root CAs; OS trust store excluded to prevent MITM from compromised CAs\n9. **Outbound request signing** — Every provider request SHA-256 signed (`provider ‖ model ‖ timestamp ‖ body`) with 500-entry audit ring buffer\n10. **Memory encryption** — Engram memory system encrypts PII-containing memories with AES-256-GCM (separate keychain key). API keys wrapped in `Zeroizing\u003cString\u003e`, zeroed from RAM on drop. Parameterized query sanitization and prompt injection scanning on all recalled content\n\n### Why This Matters\n\n- **No plaintext secrets** — Credentials are encrypted at rest with per-field IVs. If the keychain is unavailable, the app blocks credential storage entirely rather than falling back to plaintext.\n- **Agents can't go rogue** — Dangerous commands (`sudo`, `rm -rf`, `curl | bash`, `chmod 777`) are auto-denied or require explicit approval. Even in \"allow all\" session override mode, privilege escalation remains blocked.\n- **90+ safe command patterns** — Common dev commands (`git status`, `ls`, `cat`, `npm test`) are auto-approved so you're not clicking \"Allow\" on every harmless action.\n- **Financial guardrails** — Trading tools (swaps, transfers) have configurable per-transaction caps, daily loss limits, and pair whitelists. Read-only trading (balances, prices) is always auto-approved.\n- **Filesystem sandboxing** — 20+ sensitive paths blocked (`~/.ssh`, `~/.aws`, `~/.gnupg`, `/etc`, `/root`). Path traversal blocked. Optional read-only mode disables all agent writes.\n- **Channel access control** — Every channel bridge supports DM pairing, user allowlists, and per-agent routing. No open relay.\n- **Full audit trail** — Every security event logged with risk level, tool name, decision, and matched pattern. Filterable dashboard with JSON/CSV export.\n- **Skill vetting** — Community skills are checked against npm registry risk intelligence (download count, maintainer count, deprecation status) with a risk score before install.\n\nSee [SECURITY.md](SECURITY.md) for the complete security architecture.\n\n---\n\n## Features\n\n### Multi-Agent System\n- Unlimited agents with custom personalities, models, and tool policies\n- Boss/worker orchestration — agents delegate tasks and spawn sub-agents at runtime\n- Inter-agent communication — direct messages, broadcast channels, and agent squads\n- Agent squads — team formation with coordinator roles for collaborative tasks\n- Per-agent chat sessions with persistent history and mini-chat popups\n- Agent dock with avatars (50 custom Pawz Boi sprites)\n\n### Community Integrations — Zero-Gap Automation\n\nOpenPawz ships with **400+ built-in integrations** compiled into the Rust binary. But the real breakthrough is the **MCP Bridge** — an embedded n8n engine that connects your agents to **Community integrations** via the Model Context Protocol. No plugins to install, no marketplace to browse. Your agent discovers and installs integrations at runtime, auto-deploys per-service workflows, and executes them on demand.\n\n#### How It Works\n\n```\nUser: \"Generate a QR code for my website\"\n  → Agent calls request_tools(\"QR code generation\")\n  → Librarian (embedding model) finds n8n-nodes-base.qrCode\n  → Auto-installs n8n community package (if needed)\n  → Executes via MCP bridge\n  → Returns QR code to user\n```\n\n#### Built-in (400+ native, compiled into binary)\n\n| Category | Count | Examples |\n|----------|-------|----------|\n| Productivity | 40+ | Notion, Trello, Obsidian, Linear, Jira, Asana, Todoist, Google Workspace |\n| Communication | 30+ | Slack, Discord, Telegram, WhatsApp, Teams, Email (IMAP/SMTP) |\n| Development | 50+ | GitHub, GitLab, Bitbucket, Docker, Kubernetes, Vercel, Netlify, AWS |\n| Data \u0026 Analytics | 35+ | PostgreSQL, MongoDB, Redis, Elasticsearch, BigQuery, Snowflake |\n| Media \u0026 Content | 25+ | Spotify, YouTube, Whisper, ElevenLabs, Image Gen, DALL-E |\n| Smart Home \u0026 IoT | 20+ | Philips Hue, Sonos, Home Assistant, MQTT, Zigbee |\n| Finance \u0026 Trading | 30+ | Coinbase, Solana DEX, Ethereum DEX, Stripe, PayPal, QuickBooks |\n| Cloud \u0026 Infrastructure | 40+ | AWS, GCP, Azure, Cloudflare, DigitalOcean, Terraform |\n| Security \u0026 Monitoring | 25+ | 1Password, Vault, Datadog, PagerDuty, Sentry, Grafana |\n| AI \u0026 ML | 20+ | Hugging Face, Replicate, Stability AI, Pinecone, Weaviate |\n| CRM \u0026 Marketing | 30+ | Salesforce, HubSpot, Mailchimp, SendGrid, Intercom |\n| Miscellaneous | 55+ | Weather, RSS, Web Scraping, PDF, OCR, QR codes, Maps |\n\n#### MCP Bridge (Nodes via embedded n8n)\n\n| Layer | What It Does |\n|-------|-------------|\n| **Embedded n8n** | Auto-provisioned via Docker or npx — starts at launch, zero config |\n| **MCP Transport** | Streamable HTTP at `/mcp-server/http` with JWT auth |\n| **Workflow-Level MCP** | Three tools: `search_workflows`, `execute_workflow`, `get_workflow_details` |\n| **Auto-Deploy** | Per-service workflows created automatically when community packages are installed |\n| **Workflow RAG** | Embedding model discovers the right workflow via semantic search (local Ollama recommended) |\n| **Local Worker** | Ollama `qwen2.5-coder:7b` executes MCP tool calls — no cloud costs |\n\n### 10 AI Providers\n| Provider | Models |\n|----------|--------|\n| Ollama | Any local model (auto-detected, fully offline) |\n| OpenAI | GPT-4.1, GPT-4.1 mini, GPT-4.1 nano, o3, o4-mini |\n| Anthropic | Claude Opus 4, Sonnet 4, Sonnet 4 Thinking, Haiku 3.5 |\n| Google Gemini | Gemini 3.1 Pro, 3 Pro, 3 Flash (Preview), 2.5 Pro/Flash/Flash-Lite |\n| OpenRouter | Meta-provider routing (100+ models) |\n| DeepSeek | deepseek-chat, deepseek-reasoner |\n| xAI (Grok) | grok-3, grok-3-mini |\n| Mistral | mistral-large, codestral, pixtral-large |\n| Moonshot/Kimi | moonshot-v1 models |\n| Custom | Any OpenAI-compatible endpoint |\n\n### 11 Channel Bridges\nTelegram · Discord · IRC · Slack · Matrix · Mattermost · Nextcloud Talk · Nostr · Twitch · WebChat · WhatsApp\n\nEach bridge includes user approval flows, per-agent routing, and uniform start/stop/config commands. The same agent brain, memory, and tools work across every platform.\n\n### Memory System — Project Engram\n- **Three-tier architecture** — Sensory buffer (ring buffer for current turn) → Working memory (priority-evicted slots) → Long-term graph (episodic, knowledge, procedural stores)\n- **Hybrid search** — BM25 full-text + vector similarity with reciprocal rank fusion and spreading activation across memory graph edges\n- **Automatic consolidation** — Background engine runs pattern clustering, contradiction detection, Ebbinghaus strength decay, and garbage collection on a 5-minute cycle\n- **18 memory categories** — Unified across Rust backend, agent tools, and frontend UI (general, preference, fact, project, person, technical, insight, procedure, etc.)\n- **PII-aware encryption** — Two-layer defense: 17 regex patterns (emails, SSNs, credit cards, JWTs, AWS keys, private keys, etc.) plus LLM-assisted secondary scan for context-dependent PII. Field-level AES-256-GCM encryption before storage with separate keychain key from credential vault\n- **Inter-agent memory trust** — Capability-scoped publishing on the memory bus, publish-side injection scanning, and trust-weighted contradiction resolution prevent cross-agent memory poisoning\n- **Memory lifecycle** — Auto-recall injects relevant memories before agent turns; auto-capture stores results after task/orchestrator/compaction completion\n- **Channel-scoped memories** — Memories from Discord, Slack, Telegram etc. are tagged with channel + user scope for isolated recall\n- **GDPR Article 17** — Right-to-erasure API securely purges all memories for given user identifiers\n- **Context budget** — Token-aware ContextBuilder packs memories into available context window with priority ordering and model-specific tokenizer\n- **Memory Palace** — Visualization UI for browsing and managing stored memories\n\n### Built-in Tools \u0026 Skills\n- Community integrations (400+ native + community integrations via MCP bridge workflows) with encrypted credential injection\n- Community skills from the [skills.sh](https://skills.sh) ecosystem and PawzHub marketplace\n- Three-tier extensibility: Skills (SKILL.md) → Integrations (pawz-skill.toml) → Extensions (custom views + storage)\n- Kanban task board with agent assignment, cron scheduling, and event-driven triggers\n- Inter-agent communication — direct messaging and broadcast channels\n- Agent squads — team formation with coordinator roles and squad broadcasts\n- Persistent background tasks with automatic re-queuing\n- Research workflow with findings and synthesis\n- Full email client (IMAP/SMTP via Himalaya)\n- Browser automation with managed profiles\n- DeFi trading on ETH (7 EVM chains) + Solana (Jupiter, PumpPortal)\n- Dashboard widgets with skill output persistence\n- 15 slash commands with autocomplete\n\n### Webhooks \u0026 MCP Bridge\n- **Embedded n8n engine** — auto-provisioned at launch via Docker or npx, zero configuration\n- **MCP Bridge** — Streamable HTTP transport connects to n8n's MCP server, exposing workflow-level tools (`search_workflows`, `execute_workflow`, `get_workflow_details`)\n- **Workflow auto-deploy** — agents install community packages, Paw auto-deploys per-service workflows, discoverable via semantic search\n- **Local MCP workers** — Ollama `qwen2.5-coder:7b` executes MCP tool calls locally, $0 cost\n- Generic webhook server — receive external events and route to agents\n- MCP (Model Context Protocol) client — connect to any MCP server for additional tools\n- Per-agent MCP server assignment\n- Event-driven task triggers — tasks fire on webhooks or inter-agent messages\n- Auto-approve mode for fully autonomous agent operation\n\n### Voice\n- Google TTS (Chirp 3 HD, Neural2, Journey)\n- OpenAI TTS (9 voices)\n- ElevenLabs TTS (16 premium voices)\n- Talk Mode — continuous voice loop (mic → STT → agent → TTS → speaker)\n\n### Token Savings \u0026 Cost Control\n\nMost AI tools let token usage run unchecked — long conversations silently burn through context windows and your wallet. OpenPawz actively manages this for you:\n\n- **Automatic session compaction** — When conversations approach the context window limit, older messages are summarized into a compact digest. Key facts are preserved in memory, the full session is archived, and the conversation continues seamlessly. **40–60% token savings** on long sessions.\n- **Configurable context window** — Set per-agent context limits (4K–1M tokens) in Settings. Conservative defaults (32K) prevent accidental cost spikes on large-context models.\n- **Live token meter** — Real-time context usage bar in every chat session. Click for a full breakdown of where tokens are going (system prompt, memory, conversation, tools). Color-coded warnings at 60% and 80%.\n- **Session cost tracking** — Per-session cost displayed in the chat header and Mission Control dashboard. Input/output tokens tracked separately with per-model pricing.\n- **Daily budget limits** — Set a daily spending cap. Budget alerts fire at 80% and hard-stop at 100%. Prevents runaway costs from automated tasks, cron jobs, or long agent loops.\n- **Auto model tiering** — Enable `auto_tier` to automatically route simple queries to cheaper models. Complex tasks use your primary model. **Can cut costs 50%+** with no quality loss on basic questions.\n- **Smart skill prompt budgeting** — When agents load skill instructions, the engine compresses and prioritizes them to fit within a token budget. Priority skills get full context; lower-priority skills are compressed or dropped. No wasted tokens on irrelevant tool docs.\n- **Lean channel context** — Channel bridges (Discord, Telegram, etc.) use a minimal context strategy: core identity only, no memory recall overhead, only the tools needed for that channel. Fast responses, minimal token burn.\n- **Free local inference** — Ollama models cost $0. Use local models for testing, development, and casual tasks. Switch to paid providers only when you need frontier capability.\n\n---\n\n## Architecture\n\n```mermaid\nflowchart LR\n  subgraph Frontend[\"Frontend · TypeScript\"]\n    UI[\"Vanilla DOM · 20+ views\"]\n    KI[\"Kinetic Intelligence\"]\n    Icons[\"Material Icons\"]\n  end\n\n  subgraph Engine[\"Rust Engine\"]\n    Tauri[\"Tauri Commands\"]\n    Integrations[\"Community Integration Engine\"]\n    MCP[\"MCP Bridge · Embedded n8n\"]\n    Providers[\"AI Providers · Channel Bridges\"]\n    Tools[\"Tool Executor + HIL Approval\"]\n    DB[\"AES-256-GCM Encrypted SQLite\"]\n    Security[\"OS Keychain · Docker Sandbox\"]\n  end\n\n  Frontend \u003c--\u003e|\"Tauri IPC\\n(typed)\"| Engine\n```\n\nNo Node.js backend. No gateway process. No open ports. Everything flows through Tauri IPC.\n\nSee [ARCHITECTURE.md](ARCHITECTURE.md) for the full technical breakdown.\n\n---\n\n## Installation\n\n### Prerequisites\n\n\u003e **Note:** Node.js is only needed to build the frontend — the final app is a standalone ~5 MB native binary with no Node.js runtime.\n\n| Requirement | Version | Why | Install |\n|-------------|---------|-----|---------|\n| **Node.js** | 18+ | Vite bundler + TypeScript compiler (build-time only) | [nodejs.org](https://nodejs.org/) |\n| **Rust** | Latest stable | Compiles the native backend engine | [rustup.rs](https://rustup.rs/) |\n| **Platform deps** | — | WebKit, SSL, system libraries (see below) | Per-platform |\n\n#### Optional (runtime)\n\n| Tool | Purpose | Install |\n|------|---------|---------|\n| **Ollama** | Fully local AI — no API keys needed | [ollama.com](https://ollama.com/) |\n| **Docker** | Container sandboxing for agent commands | [docker.com](https://www.docker.com/) |\n| **gnome-keyring** or **kwallet** | OS keychain for credential encryption (Linux) | System package manager |\n\n### Platform-Specific Dependencies\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eLinux (Debian / Ubuntu)\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\n# System libraries required by Tauri + WebKit\nsudo apt update\nsudo apt install -y \\\n  libwebkit2gtk-4.1-dev \\\n  build-essential \\\n  curl \\\n  wget \\\n  file \\\n  libxdo-dev \\\n  libssl-dev \\\n  libayatana-appindicator3-dev \\\n  librsvg2-dev\n\n# Keychain (required for credential encryption)\n# GNOME-based desktops usually have this already\nsudo apt install -y gnome-keyring libsecret-1-dev\n\n# Install Rust\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\nsource \"$HOME/.cargo/env\"\n\n# Install Node.js 18+ (via nvm)\ncurl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash\nnvm install 22\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eLinux (Fedora)\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\nsudo dnf install -y \\\n  webkit2gtk4.1-devel \\\n  openssl-devel \\\n  curl \\\n  wget \\\n  file \\\n  libxdo-devel \\\n  libappindicator-gtk3-devel \\\n  librsvg2-devel \\\n  gnome-keyring \\\n  libsecret-devel\n\n# Install Rust\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\nsource \"$HOME/.cargo/env\"\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eLinux (Arch)\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\nsudo pacman -S --needed \\\n  webkit2gtk-4.1 \\\n  base-devel \\\n  curl \\\n  wget \\\n  file \\\n  openssl \\\n  libxdo \\\n  libappindicator-gtk3 \\\n  librsvg \\\n  gnome-keyring \\\n  libsecret\n\n# Install Rust\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\nsource \"$HOME/.cargo/env\"\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003emacOS\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\n# Install Xcode command line tools (provides clang, make, etc.)\nxcode-select --install\n\n# Install Rust\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\nsource \"$HOME/.cargo/env\"\n\n# Install Node.js (via Homebrew)\nbrew install node\n```\n\nmacOS Keychain is used automatically — no additional setup needed.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eWindows\u003c/strong\u003e\u003c/summary\u003e\n\n1. Install [Visual Studio Build Tools](https://visualstudio.microsoft.com/visual-cpp-build-tools/) with:\n   - \"Desktop development with C++\" workload\n   - Windows 10/11 SDK\n2. Install [Rust](https://rustup.rs/) — download and run `rustup-init.exe`\n3. Install [Node.js 18+](https://nodejs.org/) — use the LTS installer\n\nWindows Credential Manager is used automatically for the keychain.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eContainers / CI / Headless Linux\u003c/strong\u003e\u003c/summary\u003e\n\nIf you're running in a Docker container, devcontainer, or headless server, there's no graphical keychain by default. You need to start one manually:\n\n```bash\n# Install gnome-keyring\nsudo apt install -y gnome-keyring dbus-x11\n\n# Start the keyring daemon\neval $(dbus-launch --sh-syntax)\neval $(gnome-keyring-daemon --start --components=secrets 2\u003e/dev/null)\nexport GNOME_KEYRING_CONTROL\n```\n\nWithout a running keychain, credential encryption will fail and integrations won't work. The app's **Settings → Security** panel shows keychain health status.\n\n\u003c/details\u003e\n\n---\n\n### Quick Start\n\n```bash\n# 1. Clone the repository\ngit clone https://github.com/OpenPawz/openpawz.git\ncd paw\n\n# 2. Install frontend dependencies (includes anime.js for UI animations)\npnpm install\n\n# 3. Run in development mode (hot-reload frontend + live Rust rebuilds)\npnpm tauri dev\n```\n\n\u003e **First build takes 3–5 minutes** while Rust compiles all dependencies. Subsequent builds are incremental (~5–15 seconds).\n\u003e\n\u003e **After pulling updates**, always re-run `pnpm install` to pick up any new dependencies.\n\n### Frontend Only (No Rust / Tauri Required)\n\nIf you just want to run the frontend UI without the Rust backend (useful for UI development or quick previews):\n\n```bash\npnpm install          # required after every git pull to pick up new deps\npnpm dev\n```\n\nThis starts the Vite dev server at `http://localhost:1420/` with hot-reload. The full Tauri backend (provider calls, credential vault, container sandbox, etc.) won't be available in this mode, but all views and UI components will render.\n\n### Verify It's Working\n\nAfter launching, OpenPawz opens to the Today dashboard. To verify everything is functional:\n\n1. **Settings → Security** — check that keychain health shows \"Healthy\"\n2. **Settings → Providers** — configure at least one AI provider (or install Ollama for local AI)\n3. **Agents** — create an agent and start chatting\n\n---\n\n### Optional: Ollama (Fully Local AI)\n\nFor completely offline AI with no API keys or cloud dependency:\n\n```bash\n# Install Ollama\ncurl -fsSL https://ollama.com/install.sh | sh\n\n# Pull a chat model\nollama pull llama3.1\n\n# Pull the embedding model (used for memory search)\nollama pull nomic-embed-text\n```\n\nOpenPawz auto-detects Ollama on `localhost:11434` and lists available models automatically in **Settings → Providers**.\n\n---\n\n### Optional: Docker (Container Sandboxing)\n\nTo enable sandboxed command execution for agents:\n\n```bash\n# Install Docker (if not already installed)\ncurl -fsSL https://get.docker.com | sh\nsudo usermod -aG docker $USER\n# Log out and back in for group changes to take effect\n\n# Verify Docker works\ndocker run --rm hello-world\n```\n\nContainer sandboxing runs agent shell commands inside isolated Docker containers with `CAP_DROP ALL`, memory/CPU limits, and network disabled by default. Configure in **Settings → Security**.\n\n---\n\n### Configuring Integrations\n\nOpenPawz stores all credentials in an AES-256-GCM encrypted vault backed by your OS keychain. There are two ways to add credentials:\n\n**Option A: Settings → Skills** (recommended)\n1. Open **Settings → Skills**\n2. Find the integration (e.g. Slack, GitHub, n8n)\n3. Enter your credentials and click **Save**\n4. Toggle the skill to **Enabled**\n\n**Option B: Integrations panel** (if using n8n)\n1. Open the **Integrations** view\n2. Click the service and follow the setup guide\n3. Enter credentials, click **Test \u0026 Save**\n4. The app tests the connection, then auto-provisions to the skill vault\n\n\u003e **Important:** Credentials must be saved through the app UI — setting environment variables (`.env` files, shell exports) does not work. The agent tools read exclusively from the encrypted skill vault in SQLite, not from environment variables.\n\n---\n\n### Run Tests\n\n```bash\n# TypeScript tests (2,166 tests)\nnpx vitest run\n\n# Rust tests (650 tests)\ncd src-tauri \u0026\u0026 cargo test\n\n# TypeScript type-check\nnpx tsc --noEmit\n\n# Rust lint (zero warnings enforced)\ncd src-tauri \u0026\u0026 cargo clippy -- -D warnings\n\n# Code formatting check\nnpx prettier --check \"src/**/*.ts\"\ncd src-tauri \u0026\u0026 cargo fmt --check\n\n# Run everything at once\npnpm check\n```\n\n### Production Build\n\n```bash\npnpm tauri build\n```\n\nThe built app will be in `src-tauri/target/release/bundle/` — platform-specific installer:\n\n| Platform | Output |\n|----------|--------|\n| macOS | `.dmg` + `.app` |\n| Linux | `.deb` + `.AppImage` |\n| Windows | `.msi` + `.exe` |\n\n---\n\n### Troubleshooting\n\n| Problem | Fix |\n|---------|-----|\n| **First build fails on Linux** | Make sure all system libraries are installed (see platform deps above) |\n| **\"Keyring init failed\"** | No keychain daemon running — install `gnome-keyring` and start it (see headless section) |\n| **\"Missing required credentials\" for a skill** | Credentials must be saved via the app UI (**Settings → Skills**), not via `.env` files |\n| **Provision silently fails** | Check **Settings → Security** — if keychain is \"unavailable\", the vault can't encrypt credentials |\n| **Ollama not detected** | Make sure Ollama is running (`ollama serve`) and accessible at `http://localhost:11434` |\n| **n8n \"no API access\"** | Set `N8N_PUBLIC_API_ENABLED=true` in your n8n instance environment, restart n8n, and create an API key in n8n **Settings → API** |\n| **Rust compilation OOM** | On low-memory machines (\u003c 4 GB), close other apps or add swap: `sudo fallocate -l 4G /swapfile \u0026\u0026 sudo mkswap /swapfile \u0026\u0026 sudo swapon /swapfile` |\n| **Docker sandbox won't start** | Ensure Docker is running and your user is in the `docker` group (`groups` to check) |\n\n---\n\n## Community\n\nJoin the conversation, share ideas, and follow development:\n\n| Channel | Link |\n|---------|------|\n| Discord | [Join Server](https://discord.gg/wVvmgrMV) |\n| X / Twitter | [@openpawzai](https://x.com/openpawzai) |\n| Instagram | [@openpawz](https://www.instagram.com/openpawz) |\n| Matrix | [#openpawz:matrix.org](https://matrix.to/#/#openpawz:matrix.org) |\n| GitHub Discussions | [OpenPawz/openpawz Discussions](https://github.com/OpenPawz/openpawz/discussions) |\n| Bluesky | [@openpawz.bsky.social](https://bsky.app/profile/openpawz.bsky.social) |\n| Mastodon | [@openpawz@fosstodon.org](https://fosstodon.org/@openpawz) |\n\n## Roadmap\n\nProgress is tracked via [milestones](https://github.com/OpenPawz/openpawz/milestones) and [GitHub Projects](https://github.com/orgs/OpenPawz/projects):\n\n- [**v0.2 — Packaging \u0026 Distribution**](https://github.com/OpenPawz/openpawz/milestone/1) — Stable binaries, Homebrew/AUR/Snap/Flatpak, Windows \u0026 macOS CI\n- [**v0.3 — Plugin API \u0026 PawzHub**](https://github.com/OpenPawz/openpawz/milestone/2) — Community extension API, PawzHub marketplace, i18n\n- [**v0.4 — Mobile \u0026 Sync**](https://github.com/OpenPawz/openpawz/milestone/3) — Mobile companion (iOS/Android), encrypted cloud sync\n- [**v1.0 — Production Ready**](https://github.com/OpenPawz/openpawz/milestone/4) — Enterprise hardening, stable API, third-party security audit\n\nSee [ENTERPRISE_PLAN.md](ENTERPRISE_PLAN.md) for the hardening audit.\n\n---\n\n## Contributing\n\nOpenPawz is built by one developer and needs your help. Every contribution matters — code, docs, tests, translations, packaging.\n\n**Start here:**\n- [`good first issue`](https://github.com/OpenPawz/openpawz/labels/good%20first%20issue) — scoped tasks for newcomers\n- [`help wanted`](https://github.com/OpenPawz/openpawz/labels/help%20wanted) — bigger tasks we need help with\n- [CONTRIBUTING.md](CONTRIBUTING.md) — full setup guide, code style, and \"where to start\" picker\n\n**Claim an issue** by commenting \"I'd like to work on this\" — you'll be assigned within 24 hours. Questions? Ask in [Discord](https://discord.gg/wVvmgrMV) or [Discussions](https://github.com/OpenPawz/openpawz/discussions).\n\n### Contributors\n\n\u003ca href=\"https://github.com/OpenPawz/openpawz/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=OpenPawz/openpawz\" /\u003e\n\u003c/a\u003e\n\n---\n\n## Documentation\n\n| Document | Description |\n|----------|-------------|\n| [ARCHITECTURE.md](ARCHITECTURE.md) | Full technical breakdown — directory structure, module design, data flow |\n| [SECURITY.md](SECURITY.md) | Complete security architecture — 7 layers, threat model, credential handling |\n| [CONTRIBUTING.md](CONTRIBUTING.md) | Development setup, code style, testing, PR guidelines |\n| [ENTERPRISE_PLAN.md](ENTERPRISE_PLAN.md) | Enterprise hardening audit — all phases with test counts |\n| [ENGRAM.md](ENGRAM.md) | Engram memory system whitepaper — three-tier architecture, security model, formal proofs |\n| [.AGENT_EXECUTION_ROADMAP.md](.AGENT_EXECUTION_ROADMAP.md) | 5-phase agent execution optimization pipeline — Action DAG, Constrained Decoding, Tool Registry, Binary IPC, Speculative Execution |\n| [CHANGELOG.md](CHANGELOG.md) | Version history and release notes |\n| [Docs Site](https://www.openpawz.ai) | Full documentation with guides, channel setup, and API reference |\n\n---\n\n## Tech Stack\n\n| Layer | Technology |\n|-------|-----------|\n| Framework | [Tauri v2](https://v2.tauri.app/) |\n| Backend | Rust (async, Tokio) |\n| Frontend | TypeScript (vanilla DOM) |\n| Database | SQLite (21 tables, AES-256-GCM encrypted fields) |\n| Bundler | Vite |\n| Testing | vitest (TS) + cargo test (Rust) |\n| CI | GitHub Actions (3 parallel jobs) |\n\n---\n\n## Disclaimer\n\nOpenPawz is open-source software provided **\"as is\"** under the MIT License, without warranty of any kind.\n\n**By using this software, you acknowledge and agree that:**\n\n- The authors and contributors are **not responsible** for any damages, data loss, financial loss, security incidents, or other consequences arising from the use of this software.\n- You are solely responsible for how you use this software, including any actions performed by AI agents, automated tasks, trading operations, or integrations you configure.\n- AI-generated outputs may be inaccurate, incomplete, or inappropriate. Always review agent actions and outputs before relying on them.\n- Trading and financial features are experimental. **Never risk funds you cannot afford to lose.** The developers are not financial advisors.\n- You are responsible for compliance with applicable laws, regulations, and third-party terms of service in your jurisdiction.\n- This software interacts with third-party APIs and services. The developers are not responsible for those services' availability, accuracy, or terms.\n\nThis is a community-driven open-source project. Use at your own risk.\n\n---\n\n## License\n\nMIT — See [LICENSE](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOpenPawz%2Fopenpawz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FOpenPawz%2Fopenpawz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOpenPawz%2Fopenpawz/lists"}