Home
A self-hosted, sovereign AI agent that lives on your server. It thinks with Claude, acts through its own modules, communicates via Telegram, and never delegates control to a SaaS platform.
Sovereign by design. Your data, your model choice, your secrets, your audit trail — all on your hardware. No telemetry leaves the box unless you explicitly wire it.
Agent Life Space is a long-running Python process you install on your own server. You talk to it through Telegram, the operator dashboard, or its HTTP API. It owns its own memory, tasks, finance ledger, vault, build pipeline, review pipeline, and approval queue. When it needs to think, it calls Claude (CLI or API). Everything else runs locally — embeddings, semantic cache, RAG, learning, audit, retention sweeps, cron loops.
It is not:
- a SaaS chatbot
- a wrapper that ships your prompts to a third party
- an autonomous trader
- an unattended agent that spends money on its own
It is:
- a personal sovereign operator that you, the human, fully control
- a deny-by-default execution environment with explicit governance
- a learning system that gets better at routing and responding over time
- a deterministic core wrapped around a stochastic LLM
| Architecture | System overview, 9-layer pipeline, technology stack |
| Modules | Every module in the codebase, with line-of-code budget and responsibility |
| Security | Threat model, layers, deny-by-default policy, channel enforcement |
| Vault | Single-file v2 format, atomic writes, wrong-key fail-fast, legacy migration |
| Tiered logging | Long/short tier routing, retention env contract, cron prune sweep |
| Runtime LLM control | Operator-controlled backend/provider override without restart |
| Build pipeline | Codegen, workspace mutation, Docker isolation, acceptance criteria |
| Review pipeline | Repo audit, PR review, release review, evidence export, golden cases |
| API Reference | HTTP API + Telegram commands + dashboard endpoints |
| Deployment | Production install, env vars, systemd, Cloudflare tunnel, hardening |
| Operator Handbook | Daily operation: status, lockdown, restart, log inspection |
| Troubleshooting | Common errors and how to recover |
| Testing | Test pyramid, how to run, CI gates |
| Roadmap | Phase status, open work, known limits |
| Latest version | v1.35.0 |
| Release date | 2026-04-08 |
| Lines of code | ~70,000 across agent/
|
| Tests | 1762 passed, 4 skipped, 0 failures |
| Security tests | 129 (audit + invariants + injection) |
| Type safety | mypy clean across 112 source files |
| Lint | ruff clean |
| Python | 3.11+ |
| License | MIT |
Operator sends Telegram message
│
Input sanitization (prompt-injection guard, EN + SK)
│
1. Multi-task detection ──────► explicit work-queue intent only
│
2. Internal dispatcher ───────► status / health / tasks / budget / identity (no LLM)
│
3. Semantic cache ────────────► early return on similarity hit
│
4. RAG retrieval ─────────────► direct answer or context augment
│
5. Task classification ───────► model selection + learning escalation
│ + Telegram + CLI + sandbox deny guard (fail-closed)
│
6. LLM call ──────────────────► API: ToolUseLoop / CLI: direct generate
│
7. Quality escalation ────────► re-run with stronger model if response is generic
│
8. Learning feedback ─────────► outcome tracking + skill auto-update
│
9. Channel policy filter ─────► explanation log
│
Response → Telegram
Every layer has a single responsibility, deterministic rules, and is unit-tested. The LLM is only called when no cheaper layer answered.
| Version | Theme |
|---|---|
| v1.35.0 | Tiered logging, vault crash-safe v2 single-file format, runtime LLM operator control, defense-in-depth hardening (Apr 2026) |
| v1.34.0 | Self-host onboarding closure — setup doctor, runtime data dir, identity config |
| v1.33.0 | Docker-isolated build execution |
| v1.32.0 | LLM build pipeline |
| v1.31.0 | Runtime contract closure — auth, public API, extraction readiness |
| v1.30.0 | Deployment contract hardening |
Full history: CHANGELOG.md · GitHub Releases
| Command | Owner only | What it does |
|---|---|---|
/status |
no | Module + watchdog status |
/health |
no | CPU, RAM, disk, modules |
/help |
no | List of commands |
/start |
no | Welcome screen |
/tasks |
yes | Task list |
/memory [keyword] |
yes | Search memory |
/budget |
yes | Finance status + pending proposals |
/newtask [name] |
yes | Create task |
/queue |
yes | Work queue status |
/consolidate |
yes | Run memory consolidation |
/web [url] |
yes | Fetch and read URL |
/sandbox [code] |
yes | Run Python in Docker sandbox |
/usage |
yes | Token usage and costs |
/review [path] |
yes | Code review |
/wallet |
yes | ETH/BTC balance |
/projects |
yes | Project list |
/runtime |
yes | Runtime LLM control (attach/detach, switch backend) |
/intake |
yes | Unified operator intake (review/build) |
/report |
yes | Operator report (overview/inbox/budget/cost) |
/build |
yes | Build pipeline shortcut |
/jobs |
yes | Product job listing |
/deliver |
yes | Delivery status and gateway send |
/telemetry |
yes | Runtime telemetry |
/workflow |
yes | Recurring workflows |
/pipeline |
yes | Multi-job pipelines |
/settlement |
yes | Settlement workflow |
Full reference: API Reference.
- Anti-stochastika. The LLM is only used where it adds value. Routing, scoring, scheduling, policy, retry — all deterministic.
- Deny-by-default. Unknown tools are blocked. Restricted channels cannot reach high-risk operations. Approval is required for sensitive paths.
- Fail-fast at boundaries. Wrong vault key, missing config, corrupted state — surfaces an error immediately. Never silently degrades.
- Human in the loop. Money, host filesystem, external writes — none happen without an explicit approval.
- Persistent state. Memory, conversations, jobs, workspaces, approvals, deliveries, cost ledger — all in SQLite. Survives crashes.
-
Crash-safe writes. Vault uses single-file v2 format with atomic
os.replace+fsync. Logs use timed rotation + cron prune. Storage uses WAL mode. - Explainability. Every routing decision, policy verdict, learning signal, and memory lookup is recorded in the explanation log.
- Sovereign by default. No telemetry leaves your server unless you wire a gateway. No shared state with anyone.