garudust-agent
Health Warn
- License รขโฌโ License: MIT
- Description รขโฌโ Repository has a description
- Active repo รขโฌโ Last push 0 days ago
- Low visibility รขโฌโ Only 9 GitHub stars
Code Pass
- Code scan รขโฌโ Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions รขโฌโ No dangerous permissions requested
This tool is a self-hostable AI agent runtime written in Rust. It allows users to interact with various large language model providers through terminal commands or multi-platform chat integrations, while persisting memory and automatically learning new skills.
Security Assessment
Overall Risk: Medium. While the automated code scan found no dangerous patterns, hardcoded secrets, or dangerous permission requests, the inherent nature of the software requires caution. As an AI gateway, it handles sensitive data by processing user prompts and routing them to external LLM providers (Anthropic, OpenAI, Ollama, etc.), which guarantees active network requests. The documentation highlights "secure by design" features, explicitly mentioning Docker sandboxing and command blocking. This suggests the agent is capable of executing shell commands via its tools. If deployed outside a sandboxed environment, improper configuration could expose your local system.
Quality Assessment
The project is under active development, with repository activity as recent as today. It is properly licensed under the permissive MIT license and distributes verified pre-built binaries. However, community trust and visibility are currently very low. With only 9 GitHub stars, the tool has not yet been widely tested or peer-reviewed by the broader developer community.
Verdict
Use with caution โ the code appears clean, but its ability to execute commands and route data externally means it should be strictly run in an isolated environment like Docker until the project gains more community traction.
๐ฆ Self-improving Rust AI agent โ multi-agent delegation, auto-skill learning, multi-platform chat bots, persistent memory, MCP tools, cron scheduling and a production-grade gateway
Garudust Agent
A self-hostable, self-improving AI agent runtime written in Rust.
Chat from your terminal, connect it to Telegram / Discord / Slack / Matrix / LINE / WhatsApp, or call it over HTTP โ all from a single binary. It remembers what you teach it, speaks your language, and gets smarter with every session.
Demo
Why Garudust?
- ~10 MB binary, < 20 ms cold start โ single statically-linked binary, no runtime dependencies for local use
- Self-improving โ learns your preferences, saves reusable workflows as skills, and corrects itself without being told twice
- Speaks your language โ detects Thai, Chinese, Japanese, Arabic, Korean, and more automatically; no configuration needed
- Swap providers with one env var โ Anthropic, OpenRouter, AWS Bedrock, Ollama, vLLM, or any OpenAI-compatible endpoint
- Secure by design โ Docker sandbox, hardline command blocks, memory-poisoning protection, and automatic secret redaction from tool output
- Runs everywhere โ laptop TUI, headless server, Docker, Telegram, Discord, Slack, Matrix, LINE, WhatsApp, HTTP
- Composable โ every piece is a separate crate; add a tool, platform, or transport without touching anything else
Install
Pre-built binaries (recommended)
Download from GitHub Releases โ no Rust required:
| Platform | File |
|---|---|
| macOS Apple Silicon | garudust-*-aarch64-apple-darwin.tar.gz |
| macOS Intel | garudust-*-x86_64-apple-darwin.tar.gz |
| Linux x86_64 | garudust-*-x86_64-unknown-linux-musl.tar.gz |
| Linux ARM64 | garudust-*-aarch64-unknown-linux-musl.tar.gz |
| Windows | garudust-*-x86_64-pc-windows-msvc.zip |
tar -xzf garudust-*.tar.gz
sudo mv garudust garudust-server /usr/local/bin/
Build from source
Requires Rust 1.87+:
git clone https://github.com/garudust-org/garudust-agent
cd garudust-agent
cargo build --release
export PATH="$PATH:$(pwd)/target/release"
Quick Start
garudust setup # first-time wizard โ pick provider, save API key
1 โ Interactive TUI
garudust
| Key | Action |
|---|---|
Enter |
Send message |
โ โ |
Scroll history |
/new |
Clear history, start fresh session |
/model <name> |
Switch model on the fly |
/help |
Show all slash commands |
Ctrl+C |
Quit |
2 โ One-shot
garudust "summarise the git log from the last 7 days into a changelog"
Output goes to stdout. Exit code is 0 on success. Pipe-friendly.
3 โ Server / Docker
# Minimal
garudust-server --port 3000
# With Docker
echo "OPENROUTER_API_KEY=sk-or-..." > .env
docker compose up
# Production: sandbox + Telegram bot + daily cron
GARUDUST_TERMINAL_SANDBOX=docker \
GARUDUST_API_KEY=my-secret-token \
TELEGRAM_TOKEN=123:ABC \
GARUDUST_CRON_JOBS="0 9 * * *=Post a morning briefing to Telegram" \
GARUDUST_MEMORY_CRON="0 3 * * *" \
garudust-server --port 3000 --approval-mode smart
CLI Reference
garudust setup # first-time wizard
garudust doctor # check API key, connectivity, DB
garudust config show # print active config
garudust model # show current model, prompt for new
garudust model anthropic/claude-opus-4-7 # switch model directly
garudust config set ANTHROPIC_API_KEY sk-ant-...
garudust config set VLLM_BASE_URL http://localhost:8000/v1
Configuration
All persistent settings live in ~/.garudust/config.yaml. Secrets and tokens live in ~/.garudust/.env โ run garudust setup to configure them interactively. Both files are loaded securely at startup and never forwarded to subprocesses.
~/.garudust/config.yaml
model: anthropic/claude-sonnet-4-6 # model identifier
provider: anthropic # auto-detected from API key if omitted
security:
terminal_sandbox: docker # none (default) | docker
terminal_sandbox_image: ubuntu:24.04
terminal_sandbox_opts:
- "--network=none" # cut outbound network access inside container
- "--memory=512m" # cap memory
nudge_interval: 5 # memory-save reminder every N iterations (0 = off)
mcp_servers:
- name: filesystem
command: npx
args: ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
- name: postgres
command: npx
args: ["-y", "@modelcontextprotocol/server-postgres", "postgresql://localhost/mydb"]
Security
Terminal sandbox
Set terminal_sandbox: docker in config.yaml to run every shell command inside an isolated container (--cap-drop ALL, --pids-limit 256, working directory mounted at /workspace). Requires Docker.
Hardline command blocks
Blocked unconditionally, regardless of approval mode:
| Pattern | Example |
|---|---|
| Recursive root filesystem deletion | rm -rf /, rm -rf /* |
| Filesystem format | mkfs, mkfs.ext4 /dev/sda1 |
| Fork bomb | `:(){ : |
| Writing to raw block devices | dd of=/dev/sda, cat > /dev/nvme0n1 |
| System shutdown / reboot | shutdown, reboot, halt, systemctl poweroff |
| Writes to credential paths | ~/.ssh/authorized_keys, ~/.aws/credentials, ~/.bashrc |
Approval modes
| Mode | Behaviour |
|---|---|
smart (default) |
All tools allowed; constitutional constraints are the primary gate; destructive calls are audit-logged |
auto |
Same as smart โ for trusted automation pipelines |
deny |
Blocks all destructive calls โ for read-only agents |
Set via GARUDUST_APPROVAL_MODE or --approval-mode.
Memory entries from previous sessions are wrapped in <untrusted_memory> tags to prevent memory-poisoning attacks. API keys are scrubbed from tool output automatically; output is truncated to 50 KB to prevent context flooding.
Memory & Self-Improvement
The agent saves durable knowledge to ~/.garudust/memory/ and loads it at the start of every session โ you never need to repeat yourself:
You: always format JSON with 2-space indent
Agent: [saves to memory] Got it โ I'll use 2-space indent for JSON from now on.
| Category | Examples |
|---|---|
| Preferences | output format, language, tone, tool choices |
| Project details | paths, configs, conventions, known quirks |
| Corrections | anything you tell the agent to stop doing โ saved immediately |
Configure the memory-save nudge interval with nudge_interval in config.yaml (0 = off).
Skills
Reusable instruction sets stored in ~/.garudust/skills/, hot-reloaded on every call.
~/.garudust/skills/
git-workflow/SKILL.md
daily-standup/SKILL.md
rust-code-review/SKILL.md
The agent scans all skills before every message and loads any that are relevant. It creates and patches skill files automatically when it discovers or corrects a workflow.
Minimal SKILL.md:
---
name: git-workflow
description: Opinionated Git commit and PR workflow
version: 1.0.0
---
Always write conventional commits. Always run tests before pushing.
Open a draft PR first, then mark ready when CI is green.
Headless Server
garudust-server runs the HTTP gateway, all platform adapters, and cron jobs in one process.
garudust-server --anthropic-key sk-ant-... --port 3000
HTTP API
# Blocking
curl -X POST http://localhost:3000/chat \
-H "Content-Type: application/json" \
-d '{"message": "write a haiku about Rust"}'
# Streaming (Server-Sent Events)
curl -X POST http://localhost:3000/chat/stream \
-H "Content-Type: application/json" \
-d '{"message": "explain async/await in 3 sentences"}'
# WebSocket: ws://localhost:3000/chat/ws
# Send: {"message": "your task"} Receive: text chunks โฆ then {"done":true}
# Health & metrics
curl http://localhost:3000/health
curl http://localhost:3000/metrics # Prometheus-compatible
Platform Adapters
Set the relevant tokens in ~/.garudust/.env and start garudust-server. Every adapter runs together in the same process.
| Platform | Required tokens |
|---|---|
| Telegram | TELEGRAM_TOKEN |
| Discord | DISCORD_TOKEN |
| Slack | SLACK_BOT_TOKEN, SLACK_APP_TOKEN |
| Matrix | MATRIX_HOMESERVER, MATRIX_USER, MATRIX_PASSWORD |
| LINE | LINE_CHANNEL_TOKEN, LINE_CHANNEL_SECRET |
WHATSAPP_ACCESS_TOKEN, WHATSAPP_PHONE_NUMBER_ID, WHATSAPP_VERIFY_TOKEN |
|
| Webhook | always-on at POST /webhook โ no token needed |
Telegram โ create a bot via @BotFather, copy the token.
Discord โ create an app at discord.com/developers, enable Message Content Intent under Bot, copy the token.
Slack โ create an app at api.slack.com/apps, enable Socket Mode, add scopes chat:write channels:history im:history, install to workspace.
Matrix โ works with any homeserver (matrix.org, Synapse, Dendrite, etc.).
LINE โ create a Messaging API channel at developers.line.biz, copy the Channel access token and Channel secret, then set GARUDUST_LINE_PORT (default 3002) and point the webhook URL in LINE console to https://your-host:3002/line.
WhatsApp โ create a Meta app at developers.facebook.com, add the WhatsApp product, copy the Access token and Phone number ID. Set GARUDUST_WHATSAPP_PORT (default 3003) and point the webhook URL in Meta console to https://your-host:3003/whatsapp. Optionally set WHATSAPP_APP_SECRET to enable HMAC signature verification.
LLM Providers
| Provider | How to select | Notes |
|---|---|---|
| Anthropic | Set ANTHROPIC_API_KEY |
Direct Messages API |
| OpenRouter | Set OPENROUTER_API_KEY (default) |
200+ models |
| AWS Bedrock | Set AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY |
Converse API, SigV4 |
| OpenAI Responses | garudust config set provider codex |
/v1/responses endpoint |
| Ollama | Set OLLAMA_BASE_URL |
Local, no key required |
| vLLM | Set VLLM_BASE_URL |
Local OpenAI-compatible server |
| Any OpenAI-compat | Set GARUDUST_BASE_URL |
Generic transport |
Set the relevant key in ~/.garudust/.env, then switch models with garudust model or by setting GARUDUST_MODEL.
Built-in Tools
| Tool | Description |
|---|---|
web_fetch |
Fetch a URL (static pages) |
web_search |
Search via Brave Search API (BRAVE_SEARCH_API_KEY) |
http_request |
Make arbitrary HTTP requests (GET/POST/PUT/PATCH/DELETE/HEAD) with custom headers and body; returns status, headers, and body |
browser |
Control Chrome/Chromium via CDP โ navigate, click, type, screenshot, run JS |
read_file |
Read a file from the filesystem |
write_file |
Write a file to the filesystem; sensitive credential paths are always blocked |
list_directory |
List files and directories; supports glob patterns (**/*.rs) and depth limits |
terminal |
Run a shell command; sandboxed in Docker when terminal_sandbox: docker is set |
memory |
Persistent key-value memory (add / read / replace / remove) |
user_profile |
Read and update the persistent user profile |
session_search |
Full-text search across past conversations (SQLite FTS5) |
delegate_task |
Spawn a parallel sub-agent for decomposed work |
skills_list |
List available skills |
skill_view |
Load a skill's full instructions by name |
write_skill |
Create or update a skill in ~/.garudust/skills/ |
MCP tools โ connect any MCP server by adding it to the mcp_servers list in config.yaml (see Configuration).
Architecture
garudust (CLI) garudust-server
โโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ TUI / one-shot โ โ HTTP /chat ยท /stream ยท /ws โ
โ setup ยท config โโโโ โ Telegram ยท Discord ยท Slack ยท Matrix ยท LINE ยท WhatsApp โ
โ doctor ยท model โ โ โ Webhook ยท Cron โ
โโโโโโโโโโโโโโโโโโโโโโ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโ
โ โ
โโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโ
โผ
โโโโโโโโโโโโโโโโโโโ
โ Agent โ
โ run_loop() โ
โโโโโโโโโโฌโโโโโโโโโโ
โโโโโโโโโโโโโดโโโโโโโโโโโโ
โผ โผ
โโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Transport โ โ ToolRegistry โ
โ Anthropic โ โ web_fetch ยท web_search โ
โ OpenRouter โ โ http_request ยท browser โ
โ AWS Bedrock โ โ read_file ยท write_file โ
โ Codex โ โ list_directory ยท terminal โ
โ Ollama ยท vLLM โ โ memory ยท user_profile โ
โโโโโโโโโโโโโโโโโโโโโโโโ โ session_search ยท delegate_task โ
โ skills ยท + MCP (external) โ
โโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโดโโโโโโโโโโโโ
โผ โผ
โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ
โ FileMemoryStore โ โ SessionDb โ
โ memory/ ยท skills/ โ โ SQLite + FTS5 โ
โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ
Crate layout
| Crate / Binary | Role |
|---|---|
garudust-core |
Shared traits & types โ zero I/O |
garudust-transport |
LLM adapters: Anthropic, OpenAI-compat, Bedrock, Codex, Ollama, vLLM |
garudust-tools |
Tool registry + built-in toolsets (web, files, terminal, browser, โฆ) |
garudust-memory |
FileMemoryStore (markdown) + SessionDb (SQLite + FTS5) |
garudust-agent |
Agent run loop, context compressor, prompt builder |
garudust-platforms |
Telegram, Discord, Slack, Matrix, LINE, WhatsApp, Webhook |
garudust-cron |
Cron scheduler |
garudust-gateway |
axum HTTP gateway โ /chat, /chat/stream, /chat/ws, /metrics |
bin/garudust |
CLI: interactive TUI, one-shot, setup, config, doctor, model |
bin/garudust-server |
Headless: all platforms + HTTP gateway + cron in one process |
Contributing
Garudust is designed to be easy to extend โ adding a tool, transport, or platform adapter typically touches exactly one crate and takes under 100 lines.
Good first issues
- New tool โ wrap any CLI or API as a
Toolimpl ingarudust-tools - New platform โ implement
PlatformAdapter(e.g. Signal, WeChat) - Improve TUI โ multi-line input, syntax highlighting, mouse support
- Tests โ integration tests, property tests, snapshot tests
git clone https://github.com/garudust-org/garudust-agent
cd garudust-agent
cargo build
cargo test --workspace
cargo clippy --workspace --all-targets -- -W clippy::all -W clippy::pedantic
Read CONTRIBUTING.md for code guidelines, commit conventions, and the full CI checklist.
License
MIT โ see LICENSE.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found