The entire agent runtime in one tiny binary.
Nano Brain runs autonomous AI agents with encrypted storage, a dual WASM + binary plugin host, an agentic loop, and full observability β shipped as a single stripped binary measured at ~15.4 MiB. No database server. No runtime sprawl. Just Rust.
Give your whole company AI β under control.
Nano Brain lets every team build, share and run AI agents, skills and tools in one place β with realtime collaboration, multi-tenant isolation, and the governance to keep it safe. Your data stays yours.
One place for all your company's AI.
Stop wiring AI into a dozen tools. Give every team agents, skills and connectors they can build and share β safely, in a workspace you control.
Multi-tenant by default
Every team, client or department gets its own isolated, secure space. Roll AI out across the org without data ever bleeding between groups.
Realtime artifacts
Co-create documents, specs and code with AI and teammates live. Share with a link, choose who can view or edit, get notified β no copy-paste.
Every MCP & Skill, one home
All your AI connectors, tools and skills managed in a single place. Discover, enable and version them β no infra, no sprawl.
Controlled sharing
Let people share MCPs and skills with each other β on your terms. Approvals, permissions and audit so nothing leaks.
See every action & cost
Full visibility into what every agent did and what it cost β per team, per model, per day. No surprises, full accountability.
Own your stack
Self-host the whole platform on your own infrastructure. One tiny binary, no vendor lock-in β your data never leaves the building.
Any model, any provider
Bring your own LLM β Claude, OpenAI / Codex, Cursor, OpenCode, or anything on OpenRouter, including free models. Switch providers without rebuilding a thing.
Your machines, your runners
Execution runs on runners you own β your laptop, one server, or many machines at once. Keep data and compute fully in-house.
Schedules that never sleep
Schedule agents to run on time even when your own machine is offline β the platform keeps the clock and runs them for you.
Drive it from chat
Control agents straight from Telegram or WhatsApp. Kick off runs, approve steps and get results in the chats your team already lives in.
Monitor your infra & SRE
Watch your systems and act on them. Trigger investigations and fixes from app errors, schedules, opened tickets, Sentry alerts β the sky's the limit.
Plug into your identity
Authenticate with your Google Workspace and Microsoft 365 users out of the box β with more identity providers on the way.
Create with AI and your team in the same room.
Artifacts β docs, specs, code, dashboards β are generated by agents and edited together in realtime. Share a link, set view or edit access, and everyone stays in sync. No more emailing files around.
- Live co-editing with teammates and agents, presence and all.
- Granular sharing β public link, specific people, view or edit, time-limited.
- Email notifications when something's shared with you or changes.
Turn an artifact into a live application.
Artifacts aren't just docs and code. They can become real applications β built and deployed in a controlled, reviewable way. Your team comments, requests changes and ships, all in one place.
- Build & deploy an application from an artifact, with controlled, reviewable releases.
- Team feedback in-line β comment, request changes and approve before it goes live.
- Versioned & rollback-safe β every change tracked, nothing ships by accident.
Share AI across the company β without losing control.
People can publish and reuse each other's MCPs and skills, but you decide the rules. Approvals, scoped permissions and a full audit trail mean AI spreads fast and stays safe.
- Approval workflows before a shared skill or connector goes live.
- Per-team permissions and isolation β access only what's granted.
- Audit & threat detection on every action, message and tool call.
Everything an agent needs, nothing it doesn't.
Kernel, storage, API, plugin host and agent loop are one process. Three spotlights on what makes that possible at 15 MiB.
Run WASM components and native binaries, side by side.
Sandboxed Wasmtime components (WASI preview 2, component model) for safe extensions β or full external-process binaries when you need the whole OS. Both are permission-scoped and tenant-isolated by the host.
- Capability flags per plugin β read/write repository, register routes, register tools, start threads.
- Tenant isolation enforced on every nb_repo_* call via declared [[repo_objects]].
- JWT-minted scoped tokens injected per plugin β Bash, Node, Python or WASM.
# plugin.toml kind = "wasm" # or "binary" permissions = ["read_repository", "register_tools", "register_routes"] [[repo_objects]] name = "INVOICE" # tenant-scoped # host mints a scoped JWT β nb_repo_list("INVOICE", page=0) β
An encrypted filesystem database β no server required.
Every object is encrypted at rest with AES-256-GCM behind an Argon2id-derived key. Crash-safe atomic writes (tmp β fsync β rename), MessagePack on disk, and hybrid storage that spills blobs over 64 KB to their own files.
- Typed schema with implicit core fields β id, created_at, updated_at, enabled.
- Filter + page + sort on every listing, with a full boolean filter tree and SQL-style LIKE.
- Additive evolution β nullable fields only, no migrations to fear.
- Bring your own database β backend plugins swap the built-in file store for MySQL, PostgreSQL and more.
Every run, step and tool call β traced by default.
A fire-and-forget TraceSink records LLM steps, tool timings and token usage without ever blocking a run. Persisted to the repository and exported straight to any collector over OTLP/HTTP+JSON β no heavyweight SDK.
- Per-run traces + daily usage rollups for cost analytics by team, model and day.
- OTLP export to Tempo, Jaeger, Honeycomb, Datadog β set one env var.
- Threat detection passively scans messages and tool args; logs, never blocks.
One binary. The whole platform.
From the agentic loop to the plugin marketplace β every subsystem ships in the box.
Agentic loop
LLM-driven multi-turn loop on the rig framework β tool invocation, sub-agent spawning, iteration limits and approval workflows.
Multi-agent
Spawn isolated sub-agents for parallel work, each with its own conversation, resource limits and custom tool access.
Embedded REST API
Full CRUD over agents, plugins, secrets and config maps. Filter + page + sort on every listing, permission-checked per call.
MCP server (inbound)
Expose the whole tool catalog β builtins, plugins and proxied MCP β as a native MCP server over HTTP. Claude.ai connector ready.
Code mode
Tools exposed as REST endpoints; the model writes JavaScript to chain calls, keeping huge intermediate data out of the context window.
Hybrid RAG search
Lexical + vector retrieval over your knowledge base with semantic ranking and trust-tier filtering across multiple sources.
Secrets & config maps
Encrypted storage for API keys and configuration, bound to plugins by manifest with required/optional flags.
Message ingest
A single inbound endpoint with synchronous SSE streaming or async job polling, plus full thread, message and job tracking.
Plugin store
Publish and install plugins from a hosted marketplace with versioning and one-click install β running in-process.
SvelteKit admin UI
Manage tenants, plugins, agents, LLM profiles, secrets, scheduled prompts, observability and threat findings.
Per-tenant isolation
Per-tenant encryption keys, quotas and access control, with explicit, audited cross-tenant sharing when you need it.
Pluggable backend
Binary plugins can replace the built-in filesystem repository with a custom backend via an in-process HTTP bridge.
Distributed runners
Execute on runners you control β your own machine or many machines in parallel. Schedules keep firing even when your laptop is offline.
Chat ops
Drive agents from Telegram or WhatsApp β trigger runs, approve steps and stream results straight into chat.
Any model provider
Wire up Claude, OpenAI / Codex, Cursor, OpenCode or anything on OpenRouter β including free models. Per-agent LLM profiles, swap any time.
Write a plugin in any language.
The host is generic β all vendor logic lives in plugins. Pick the boundary that fits the job.
WASM components
Sandboxed Wasmtime + WASI preview 2. Tightly scoped, portable, safe by construction.
Native binaries
Bash, Node, Python or compiled β full OS access, scoped JWT injected via env.
Periodic tools
Host worker calls plugin tools on a fixed interval for syncs, webhooks and refreshes.
$ nano-brain serve β kernel ready encrypted FS repo β api :8081 REST + MCP + ingest β plugins 3 wasm:2 binary:1 β agent rig tools: 28 registered β traces otlp β tempo:4318 POST /api/:user/main/private/ingest # SSE stream or async job polling 200 event: token "Nano Brain online."
Run autonomous agents on your own metal.
Self-host the binary, or talk to us about deploying Nano Brain for your team. Drop a line β we read everything.