4.5MB
Embedded Binary
SELF-GROWING AI AGENT INFRASTRUCTURE IN RUST
One binary.
Secure by default.
Infinite agents.
Production-grade AI agents that create their own tools, assemble into swarms, and get smarter with every run. 4.5 MB. 12-layer security. Pure Rust.
Say "summarize this video" — it decomposes the goal, creates missing tools, executes in parallel, and remembers what works. Next time, it's faster. Encrypted at rest, signed in transit, sandboxed at every layer. 🦀
8
Platform Targets
4
Client SDKs
58+
Built-in Tools
Built for production
Self-Growing
Create a tool on Monday, it's there on Friday. Define an agent once, it runs forever. Every capability you add is encrypted and persisted across sessions.
Natural Language Tools
Describe a tool in plain English. The system creates it (shell, HTTP, LLM, or composite), registers it immediately, and persists it forever.
NL Agent Definitions
Say 'an agent that reviews my PRs daily' — name, system prompt, keywords, tools, and schedule are derived automatically.
Autonomous Swarms
Give a goal, get a parallel agent DAG. Each node gets only the tools it needs. Sandboxed execution with conflict detection.
Small & Fast
4.5 MB embedded binary. Millisecond cold starts. Async Tokio runtime with streaming output.
Secure by Default
Defense-in-depth: encrypted storage, path canonicalization, DNS rebinding protection, PII redaction, prompt injection detection, credential leak guards, and audit logging. Fail-closed from day one.
Plugin Sandbox
WASM plugins run in a bounded sandbox with fuel metering, memory caps, and Ed25519 signature verification required in production.
Multi-Platform Channels
Telegram, Discord, Slack, and 20+ more. One agent, every platform. Add a channel with a single config line.
37+ LLM Providers
OpenAI, Anthropic, Google, Ollama, Candle local inference, and more. Swap providers with a config change — no code required.
Why AgentZero
Everything you need to run AI agents in production — nothing you don't.
Self-Growing Runtime
Every tool you create and every agent you define persists encrypted. The system you use in month 2 has everything you built in month 1 — nothing is lost.
NL Tool Creation
Describe a missing tool in conversation. The system creates it (shell, HTTP, LLM, composite), makes it available immediately, and persists it across sessions.
Catalog Learning
When a tool combo solves a task, it's saved as a recipe. Next time you ask something similar, those exact tools are selected automatically.
Single Binary
One static binary, zero runtime dependencies. 4.5 MB embedded, 18 MB full. Download and run.
Rust Memory Safety
No GC pauses, no null pointers, no data races. Compile-time guarantees eliminate entire classes of bugs.
Security First
12-layer defense-in-depth: XChaCha20-Poly1305 encryption, mTLS, HMAC request signing, PII/injection guardrails, credential leak detection, MCP binary attestation, and declarative YAML security policies.
37+ Providers
OpenAI, Anthropic, Google, Ollama, Candle local inference, and 30+ more. Swap providers with a config change.
8 Platform Targets
Linux (x86/ARM/musl), macOS (Intel/Apple Silicon), Windows. CI-tested on all three OS families.
MCP + A2A
Model Context Protocol for tool interop. Google A2A for agent-to-agent communication. Standards-first.
Autonomous Swarms
Give a goal in plain English. The system decomposes it into a parallel agent DAG, each node sandboxed with only the tools it needs.
Client SDKs
Thin HTTP/WebSocket SDKs for Python, TypeScript, Swift, and Kotlin. Any platform that can make HTTP calls can control AgentZero.
Interactive API Docs
Every gateway ships Scalar API docs at /docs. Explore and test all 40+ endpoints from the browser.
12-layer defense-in-depth
The most comprehensive security model in any AI agent framework.
File I/O
Path canonicalization, symlink resolution, hard-link detection, sensitive file blocking (40+ patterns including .env.*, .kube/config, *.pem)
Shell Execution
Context-aware quote parser, explicit command allowlist, backtick/dollar always blocked, output truncation
Encryption at Rest
XChaCha20-Poly1305 AEAD with random nonces, 256-bit keys, file permissions 0o600, atomic writes
Network Security
DNS rebinding protection, private IP blocking (RFC1918/link-local/carrier-grade NAT), constant-time token comparison
Credential Leak Guard
Pattern + Shannon entropy detection for 11+ secret formats, boundary isolation between local and remote channels, configurable patterns
LLM Guardrails
PII redaction (email, phone, SSN, API keys) and prompt injection detection enabled by default in audit mode
WASM Plugin Sandbox
Fuel metering, 256 MB memory cap, default-deny network/filesystem, Ed25519 signature required in release builds
Gateway Security
mTLS client certificate verification, HMAC-SHA256 request signing with replay protection, TLS enforced in production mode
MCP Attestation
SHA-256 binary hash verification before spawning MCP server subprocesses
Autonomy & Delegation
3-tier autonomy (ReadOnly/Supervised/Full), policy intersection for sub-agents, per-tool rate limits
Declarative Policies
YAML per-tool security policies with granular egress, filesystem, and command rules
Audit & Redaction
Structured audit events, automatic secret redaction in errors/logs/panics, path sanitization in LLM-facing messages
Install in seconds
One command. One binary. No dependencies.
$ curl -fsSL https://raw.githubusercontent.com/auser/agentzero/main/scripts/install.sh | bash
Or install with Cargo: cargo install agentzero
How it works
Install
cargo install agentzero Single binary, no runtime dependencies.
Onboard
agentzero onboard --interactive Interactive wizard writes agentzero.toml.
Run Agent
agentzero agent -m "hello" Send a message through the agent loop.
Start Gateway
agentzero gateway HTTP/WebSocket gateway with chat, SSE streaming, and pairing.
Modular architecture
Self-Growing
- NL tool creation (persists forever)
- NL agent definitions (auto-routed)
- Recipe learning (compounds over time)
- Export/import tools between instances
Swap Anything
- Provider trait (37+ LLMs)
- MemoryStore trait (SQLite, Turso)
- Tool trait (58+ built-in + dynamic)
- Channel trait (25+ platforms)
Fully Autonomous
- Goal decomposition to agent swarms
- Per-node tool filtering
- Sandboxed parallel execution
- Dead agent recovery
- WASM plugin sandbox
One binary. Every platform. Unbreakable security. 🦀
4.5 MB, 12 security layers, 37+ LLM providers, 58+ tools. Agents that build themselves and never forget. Deploy it and walk away.