▸ sandboxed multi-agent runtime ·learning

an ai agent you run by messaging it

you can give it real credentials without handing them to the model. every agent runs in its own sandbox, every credential lives outside it. the box is closed; you just use it.

install star on github24 read the docs
today every agent runs on Claude Code, so you need a Claude subscription. multi-provider support is in the works.
right agent in Telegram
isolation
per-agent sandbox by default
credentials
held on host, injected at proxy
on failure
fails closed · self-heals
what you get

the box is closed; you just use it

◤ 01 · isolation

credentials stay outside the box

the secret bytes never enter the sandbox; the proxy substitutes them on outbound requests.

◤ 02 · sandbox

every agent in its own sandbox

scoped filesystem, network, and a tls-terminating proxy per agent.

◤ 03 · memory

memory is untrusted data

incoming memory is sanitized; recalled memory is framed as information, not commands.

◤ 04 · skills

skills it learns on its own

reusable skills captured from real use, pruned by a curator, pinned from the dashboard.

◤ 05 · chat

one bot per agent

message it like a person; each chat is its own session over one shared memory.

◤ 06 · cost

many agents, one subscription

cost scales with subscriptions, not agent count.

how it works

a message routes through three tiers

a message reaches the host through Cloudflare, the bot routes it to that chat's Claude Code session inside the agent's sandbox, and replies. credentials are injected at the proxy on the way out, never inside the box.

cloud
  • Telegram
  • Cloudflare
  • Anthropic · Hindsight
  • Linear / Notion / Gmail
host
  • bot per agent
  • mcp aggregator · holds creds
  • OpenShell gateway
  • cloudflared
sandbox · per agent
  • Claude Code
  • identity + memory
  • scoped fs · net · tls proxy
self-evolution

it gets better at your work, on its own

most agents learn from every "hard-looking" turn, or never. right agent does neither. a small, cheap model watches each turn as it lands, and a smarter model only steps in to learn when a turn is actually worth it.

01
every turn, a quick look

after each reply, a small, cheap model reads how that turn went. the routine ones it lets pass.

cheap model
02
learn only when it counts

when a turn was genuinely hard, or you corrected it, a smarter model forks just that conversation, with the whole thread already in view, and writes a reusable skill. your chat keeps moving.

smart model · forked
03
kept tidy on its own

skills you stop using fade away, your corrections sharpen the ones you keep, and you pin the best from the dashboard.

curator

no learning on every message, and no rigid rule like "five steps means save it". the cheap model watches every turn; the costly one runs only when it pays off, inside a daily budget you set.

control plane

you run all of it from Telegram

no separate dashboard to host, no second login. switch models, wire up MCP servers, and manage providers and the credentials behind them straight from chat. some commands open a built-in Mini App right inside Telegram, where you are already the allowed user.

how it compares

opinionated where it counts

typical agent setupright agent
setupwire the stack yourself over a weekendcurl installer, right init, right up
daily usea service you operate from the clia bot you message in Telegram
control planea separate dashboard with its own loginslash commands and a Telegram Mini App, no second login
credentialsgiven to the agent, gateways wired by handheld on the host, injected at the proxy, providers managed from the bot
isolationopt-in, often skippedper-agent sandbox by default
on failuremay fall back to a looser pathfails closed, diagnoses, retries
memoryreplay the full history each turnpersistent, dated, model-judged recall
learningyou author skills and prompt-tune by handforks only the turns worth it and writes skills itself
costoften per-agentmany agents, one Claude subscription
recoverymanual fixes, often from scratchself-heals, data is preserved
security

security by default

sandboxed by default, credentials on the host, fails closed on a backend outage. read the full security model.

roadmap

shipped, and what's next

◤ shipped

shipped

  • multi-agent orchestration, sandboxed by default
  • live Telegram Mini App dashboard with usage and cost
  • mcp aggregator with auto-detected oauth, bearer, header, query-string auth
  • credential providers injected at the outbound proxy
  • automatic skill learning with curator pruning
  • fail-closed sandbox with a self-healing supervisor
◤ next

next

  • zero-token clis: aws, gcloud, kubectl
  • native browser automation
  • shareable agent templates
  • agent-to-agent communication
install

one command to start

$ curl -LsSf https://raw.githubusercontent.com/onsails/right-agent/master/install.sh | sh

then open a new shell and run right up, then message your bot.