Skip to content
OpenLegion
Open Source · Security-First · MIT Licensed

Deploy autonomous AI
agent fleets

Every agent sandboxed in its own Docker container with its own budget, permissions, and memory. No shared secrets, no surprise bills, no black-box routing. Built from day one assuming agents will be compromised.

Star on GitHubGet Started
Tests Passing
LLM Providers
Lines — Auditable in a Day

Features

Everything you need to ship agent fleets

Security, cost control, and auditability as first-class concerns — not afterthoughts.

Defense-in-Depth Security

Five security layers: runtime isolation, container hardening, credential vault proxy, per-agent ACLs, and input validation. Built assuming agents will be compromised.

Per-Agent Cost Control

Daily and monthly budget enforcement at the vault layer. Real-time token tracking with automatic cutoffs before any LLM call is proxied. No surprise bills.

Container Isolation

Each agent in its own Docker container — 512MB RAM, 0.5 CPU cap, own /data volume, non-root user. Optional Docker Sandbox microVM support.

Deterministic Orchestration

YAML-defined DAG workflows with deterministic routing. No LLM deciding who does what — predictable, auditable execution every time.

5-Layer Memory System

Salience tracking, SQLite + vector search, workspace files, learnings from errors, and auto context management with proactive flush at 60%.

6-Channel Autonomous Operation

Telegram, Discord, Slack, WhatsApp, CLI, and API. Autonomous via cron, heartbeats, webhooks, and file watchers — agents work while you sleep.

Self-Extending Agents

Agents write their own Python skills and hot-reload at runtime. 34 built-in tools: browser automation, file I/O, semantic memory search, and more.

Zero External Dependencies

No Redis, no Kubernetes, no LangChain. Pure Python + SQLite. Clone, install, run — under 60 seconds to a working fleet on a single machine.

Use Cases

One command to a full team

Choose a built-in template or define your own fleet. Each agent gets its own container, budget, and permissions.

Dev Team

PMEngineerReviewer

Automated task planning, code generation, and PR review. Ship features while your fleet handles the boilerplate.

Sales Pipeline

ResearcherQualifierOutreach

Lead research, qualification scoring, and personalized outreach — running 24/7 without human babysitting.

Content Studio

ResearcherWriterEditor

Topic research, long-form draft generation, and editorial review with consistent brand voice.

Custom Fleet

Your agentsYour toolsYour workflows

Define any team with custom YAML workflows, tool permissions, and budget limits per agent.

Run openlegion setup to pick a template or create your own fleet.

Comparison

Why teams switch to OpenLegion

Popular agent frameworks like OpenClaw, NanoClaw, ZeroClaw, and MemuBot run agents with full access to credentials and no resource isolation. OpenClaw alone has 42,000+ exposed instances with no authentication, 341 malicious skills in the wild, and CVE-2026-25253 granting unauthenticated RCE.

Bitsight Security Research, 2026

Feature comparison between traditional agent frameworks and OpenLegion
AspectTraditional FrameworksOpenLegion
API Key StorageIn agent config filesVault proxy — agents never see keys
Agent IsolationProcess-levelDocker containers / microVMs
Cost ControlsNonePer-agent daily & monthly budgets
Task RoutingLLM CEO agent decidesDeterministic YAML DAG
Test CoverageMinimal614 tests across 36 suites
Codebase Size100,000–430,000+ lines~13,000 lines (auditable in a day)

Architecture

Security architecture you can trust

Three nested isolation zones — designed from day one assuming agents will be compromised.

User Zone

Full Trust

  • CLI / Telegram / Discord
  • Slack / WhatsApp / API
  • Direct agent communication

Mesh Host

Trusted Coordinator

  • FastAPI on :8420
  • Blackboard (SQLite)
  • PubSub + Message Router
  • Credential Vault (API Proxy)
  • Orchestrator + Permission Matrix
  • Container Manager + Cost Tracker

Agent Containers

Untrusted / Sandboxed

  • FastAPI :8400+ each
  • Own /data volume
  • Own memory DB (SQLite + vec)
  • 512MB RAM / 0.5 CPU cap
  • Non-root, no-new-privileges

Quick Start

Up and running in under 60 seconds

Four commands to a working agent fleet. No external dependencies.

Requirements: Python 3.10+, Docker (running), an LLM API key (Anthropic / Moonshot / OpenAI)
git clone https://github.com/openlegion-ai/openlegion.git && cd openlegion
./install.sh                     # checks deps, creates venv, makes CLI global
openlegion setup                 # API key, project description, team template
openlegion start                 # launch agents and start chatting

Security

Five layers of defense

Designed from day one assuming agents will be compromised. Every layer operates independently.

01Runtime Isolation

Docker containers or Docker Sandbox microVMs per agent — no shared process space.

02Container Hardening

Non-root user (UID 1000), no-new-privileges flag, memory and CPU resource limits enforced.

03Credential Separation

Vault proxy holds all API keys — agents call through the proxy, never see secrets.

04Permission Enforcement

Per-agent ACL matrix controls which tools, files, and mesh operations are allowed.

05Input Validation

Path traversal prevention, safe condition evaluation, token budget enforcement.

Ready to deploy secure agent fleets?

Open source, MIT licensed, zero external dependencies. Get a working fleet in under 60 seconds.

View on GitHubRead the Docs