Show HN: AgentArk – open-source self-hosted AI agent OS
AgentArk is a self-hosted runtime for the full AI agent lifecycle, allowing users to build, deploy, and monitor agents with security and privacy. Features include context distillation, approval gates, self-evolution, and more. Currently in beta, not for production use.
Notifications You must be signed in to change notification settings
Fork 0
Star 1
BranchesTags
Open more actions menu
Folders and files
NameName
Last commit message
Last commit date
Latest commit
History
88 Commits
88 Commits
.cargo
.cargo
.github
.github
assets
assets
bridges
bridges
clients/companion
clients/companion
frontend
frontend
scripts
scripts
src
src
tests
tests
.dockerignore
.dockerignore
.gitignore
.gitignore
ACKNOWLEDGMENTS.md
ACKNOWLEDGMENTS.md
API.md
API.md
ARCHITECTURE.md
ARCHITECTURE.md
CONTRIBUTING.md
CONTRIBUTING.md
Cargo.lock
Cargo.lock
Cargo.toml
Cargo.toml
Dockerfile
Dockerfile
Dockerfile.lowmem
Dockerfile.lowmem
LICENSE-APACHE
LICENSE-APACHE
LICENSE-MIT
LICENSE-MIT
README.md
README.md
ROADMAP.md
ROADMAP.md
SECURITY.md
SECURITY.md
VERIFY.md
VERIFY.md
agentark
agentark
agentark.bat
agentark.bat
build.ps1
build.ps1
build.rs
build.rs
build.sh
build.sh
deny.toml
deny.toml
docker-compose.dev.yml
docker-compose.dev.yml
docker-compose.lowmem-build.yml
docker-compose.lowmem-build.yml
docker-compose.lowmem.yml
docker-compose.lowmem.yml
docker-compose.yml
docker-compose.yml
docker-entrypoint.sh
docker-entrypoint.sh
Repository files navigation
Not an agent. An Ark for agents: build from prompts and tools, deploy as apps, automations, or watchers, distill noisy context, monitor every action, secure every boundary, self-evolve from your usage.
Your AI. Your data. Your ark.
A self-hosted runtime for the full agent lifecycle.
Build agents from structured prompts, tools, and integrations. Deploy them as live apps, scheduled automations, conditional watchers, or chat sessions.
Monitor every step through Sentinel with action traces, failure classification, and drift detection. Secure every capability boundary with intent classification, output guards, approval gates, and per-action authorization.
Save context with ArkDistill: deterministic tool-output compaction before noisy browser pages, logs, traces, HTML, and integration dumps reach the model, often cutting noisy outputs by 60-90%.
Self-evolve prompts, classifiers, routing policies, specialist behavior, and context-saving profiles from your own usage.
Review your day, week, or month through Reflect: a local visual panorama of where chat, ArkOrbit, apps, goals, watchers, memory, background agents, usage, and learned workflows clustered.
Chat, memory, devices, integrations, and reviewable actions, all in one place, all on your machine, private by default.
~3.1GB Docker image · ~500MB idle, ~1GB RAM steady-state under load (5 containers, embeddings loaded) · AES-256-GCM encrypted · model-agnostic
Install · Features · Ark Core · Configuration · Architecture · Security · API · Contributing · DeepWiki · Discord
Important
AgentArk is in beta — not for production. It can make mistakes and overwrite files inside its workspace. The Docker boundary keeps it off your host filesystem, but anything you mount into the containers is in scope. Keep approvals on, back up data, verify results.
Bugs and rough edges are expected. AgentArk is built and maintained by one person (@debankadas) in the open, so the surface area is large and fixes ship as they're found. Please open an issue when something breaks — repros, logs, and screenshots help a lot.
Talk to it like this
> Every weekday at 9am, send me a daily brief with weather, calendar, urgent email, and overdue tasks.
> Remember that I prefer concise answers and daily updates in Telegram.
> Watch my inbox for urgent client messages and alert me if I do not reply.
> Draft a reply to this message and ask before sending it.
> Build me a landing page for my new project. Deploy it with a public URL.
> Search the web for recent papers on multi-agent architectures, summarize the top 3, and save them to my documents.
> Install the Linear integration and list my assigned issues.
> Connect my Google Calendar and remind me 10 minutes before every meeting.
> Set up a webhook that posts Stripe payment alerts to my Telegram.
It does not stop at a reply. It can save the preference, schedule the follow-up, deliver the brief, draft the reply, watch for updates, connect an integration, or promote the work into a durable task and come back later.
What Is AgentArk?
AgentArk is not an agent. It is an Ark for agents. The Ark is the security layer: the wrapper that contains, observes, and enforces what every agent inside it is allowed to do, and the audit surface where every action becomes reviewable. Agents are the things that run inside the Ark - chat handlers, deployed apps, scheduled automations, conditional watchers, specialist sub-agents dispatched by the router. The Ark is what makes any of them safe to point at your real data.
Inside that boundary AgentArk also builds the agents you ask for, deploys them as apps with public URLs, automations, or watchers, monitors every step, distills noisy tool output before it expands the model context, and self-evolves prompts, policies, and context-saving profiles from your usage. Chat, memory, tasks, integrations, documents, companion devices, and audit trails live together in one private workspace on your machine. It can keep track of your preferences, deliver a daily brief, follow up across channels, schedule routines, monitor things in the background, build apps, and take action safely when you ask.
It is built to evolve with you. Accepted work, user corrections, repeated routines, and live tool outcomes are reflected into local memory, prompts, routing, and strategy so the OS gets more aligned with your workflow instead of acting like every session is day one.
If you keep rewriting replies to be shorter, it learns to stay concise by default
If a certain tool path keeps succeeding for a task, it becomes more likely to choose that path again
If browser pages, logs, or traces keep wasting context, Evolve can improve ArkDistill profiles that shrink them while preserving required fields
If you correct how it briefs, routes, or follows up, future runs reflect that correction
Your data stays with you. Your secrets are encrypted. You keep the final say on risky actions.
Note: AgentArk currently runs as one global workspace. Project-specific workspaces and project-scoped UI/API behavior are intentionally deferred to phase 2.
Command layer Chat, plans, approvals, and direct work requests
Memory layer Facts, preferences, user data, provenance, rollback, and checks
Automation layer Tasks, watchers, routines, schedules, and follow-ups
Agent layer Specialist agents, delegation, swarm work, and routing
App layer Generated tools, reusable skills, and managed apps
Integration layer Gmail, Calendar, Telegram, WhatsApp, Slack, webhooks, APIs, MCP servers, and custom packs
Device layer Companion device pairing, scoped grants, and high-risk command approvals
Safety layer Sandboxing, secrets, policy checks, action review, and trace history
Evolution layer Memory, Reflect, Sentinel, Evolve, and Pulse working together
Why AgentArk
Lives where you do. Docker on your machine, period. Memory, secrets, integration tokens, conversation history, audit trails — all in local volumes, never in someone else's cloud. No managed backend you depend on, no account you have to keep, no telemetry you have to opt out of.
You pay your model, not us. Point AgentArk at Ollama or any local model and every prompt after install is genuinely free — no rate limits, no surprise invoice. Bring your own Anthropic, OpenAI, Gemini, or Groq key and you pay the provider's published rate directly; AgentArk never proxies, intermediates, or marks up a single token. No subscription, no per-seat, no minimum.
Bounded by design. Every action that touches the world goes through a permission gate. The agent runs inside a Docker boundary with an approval queue for anything not pre-authorized. Your host filesystem stays off-limits unless you explicitly mount what you want it to see.
Adapts to you. Accepted work, your corrections, and live tool outcomes feed back into local memory, prompts, and routing. Over weeks of use the OS gets shaped by how you actually work — your follow-up style, your routing preferences, the tool paths that keep succeeding for your tasks — not by a generic mix of every other user.
Open and inspectable. MIT and Apache 2.0. Read every line, fork it, run it. Audit trails on every action mean you can always see what the agent did, why, and when — across chat, automations, watchers, deployed apps, and integrations.
Install
Quick start (Docker image, no source clone)
macOS / Linux:
curl -sSL https://raw.githubusercontent.com/agentark-ai/AgentArk/main/scripts/install.sh | bash
Windows:
irm https://raw.githubusercontent.com/agentark-ai/AgentArk/main/scripts/install.ps1 | iex
The installer asks before installing Docker if Docker is missing, starts Docker Desktop when needed, downloads only the Compose/runtime helper files, pulls the published AgentArk image, and starts the stack. No Git clone is needed for normal use.
Open http://localhost:8990, pick your LLM provider in Settings, start chatting.
Source checkout
Use Git only if you are building or coding AgentArk:
git clone https://github.com/agentark-ai/AgentArk.git && cd AgentArk AGENTARK_IMAGE=agentark:dev ./scripts/start.sh build
On Windows source checkouts:
git clone https://github.com/agentark-ai/AgentArk.git && cd AgentArk scripts\start.bat build
Source builds do not pull the published AgentArk runtime image from GHCR. They still download Docker build base images and package dependencies needed to compile the local image.
Use the Web UI. AgentArk is designed to run through the Docker Compose stack and Mission Control at http://localhost:8990.
The supported install path uses Docker Compose defaults plus named Docker volumes for runtime state and preserves those volumes across updates. AgentArk does not create or require a root project .env. Generated apps may have framework-owned env files inside their own app directories when required, but secret keys stay in AgentArk's managed secret storage or runtime injection path.
Managed backups
Pulse creates framework-managed backups automatically. By default, AgentArk checks for a fresh managed backup every 14 days and only creates one when Sentinel sees the system as idle; if chats, app work, browser sessions, sandbox containers, or heavy background work are active, the backup is deferred and retried later. Backup work runs in background tasks and child processes, not on the main API request path.
Backups are written under /app/data/backups as timestamped artifacts:
agentark-managed-*.dump - Postgres logical dump for conversations, messages, tasks, watchers, settings, memory/document indexes, traces, logs, and other DB-backed state.
agentark-managed-*.data.tar.gz - archive of /app/data, excluding the backup directory itself.
agentark-managed-*.config.tar.gz - archive of /app/config when that config volume is present.
AgentArk creates the backup directory itself. If backup creation fails, Pulse raises a critical data-safety finding and notifies the user; users should not be asked to create the backup folder manually.
For full install recovery, also keep an operator volume backup from ./scripts/start.sh backup or scripts\start.bat backup. The automatic managed backup intentionally does not copy the raw agentark-secrets volume into /app/data/backups; that volume contains install-managed encryption material and should be exported only as part of an intentional, access-controlled backup.
Low-memory systems (2-4 GB RAM): add the low-memory override to reduce Postgres and service footprint:
docker compose
[truncated for AI cost control]