Skip to main content
OpenFang Logo

The Agent Operating System

OpenFang is an open-source Agent Operating System — not a chatbot framework, not a Python wrapper around an LLM, not a “multi-agent orchestrator.” It is a full operating system for autonomous agents, built from scratch in Rust. Traditional agent frameworks wait for you to type something. OpenFang runs autonomous agents that work for you — on schedules, 24/7, building knowledge graphs, monitoring targets, generating leads, managing your social media, and reporting results to your dashboard. The entire system compiles to a single ~32MB binary. One install, one command, your agents are live.

Quick Start

Get up and running in 5 minutes

Architecture

Understand how OpenFang works

API Reference

Explore the full REST API

Autonomous Hands

Pre-built capability packages

Installation

curl -fsSL https://openfang.sh/install | sh
openfang init
openfang start
Dashboard live at http://localhost:4200

Key Features

Autonomous Hands

7 pre-built capability packages that run independently on schedules — Clip, Lead, Collector, Predictor, Researcher, Twitter, Browser

16-Layer Security

WASM sandbox, Merkle audit trail, SSRF protection, capability-based access control, and 12 more security systems

40 Channel Adapters

Connect agents to Telegram, Discord, Slack, WhatsApp, Signal, Matrix, Email, and 33 more platforms

27 LLM Providers

123+ models with intelligent routing — Anthropic, OpenAI, Gemini, DeepSeek, Groq, Ollama, and more

MCP & A2A Support

Model Context Protocol client/server and Agent-to-Agent protocol for inter-system communication

Single Binary

~32MB binary with zero dependencies — builds in Rust, runs anywhere

Performance Benchmarks

All data from official documentation and public repositories — February 2026.

Cold Start Time

  • OpenFang: 180 ms ⭐
  • ZeroClaw: 10 ms
  • LangGraph: 2.5 sec
  • CrewAI: 3.0 sec
  • AutoGen: 4.0 sec
  • OpenClaw: 5.98 sec

Idle Memory Usage

  • OpenFang: 40 MB ⭐
  • ZeroClaw: 5 MB
  • LangGraph: 180 MB
  • CrewAI: 200 MB
  • AutoGen: 250 MB
  • OpenClaw: 394 MB

Install Size

  • OpenFang: 32 MB ⭐
  • ZeroClaw: 8.8 MB
  • CrewAI: 100 MB
  • LangGraph: 150 MB
  • AutoGen: 200 MB
  • OpenClaw: 500 MB

Architecture Overview

OpenFang is organized as a Cargo workspace with 14 crates: 
openfang-cli            CLI interface, daemon auto-detect, MCP server
openfang-desktop        Tauri 2.0 desktop app (WebView + system tray)
openfang-api            REST/WS/SSE API server (Axum), 140+ endpoints
openfang-kernel         Kernel: assembles all subsystems, workflow engine, RBAC
openfang-runtime        Agent loop, 3 LLM drivers, 53 tools, WASM sandbox
openfang-channels       40 channel adapters, bridge, formatter
openfang-wire           OFP peer-to-peer networking with HMAC-SHA256 auth
openfang-memory         SQLite memory substrate, sessions, semantic search
openfang-skills         60 bundled skills, FangHub marketplace
openfang-hands          7 autonomous Hands, HAND.toml parser
openfang-extensions     25 MCP templates, AES-256-GCM credential vault
openfang-migrate        Migration engine (OpenClaw, LangChain, AutoGPT)
openfang-types          Core types, taint tracking, manifest signing
xtask                   Build automation

What Makes OpenFang Different?

Autonomous Hands

Hands are OpenFang’s core innovation — pre-built autonomous capability packages that run independently, on schedules, without you having to prompt them. Each Hand bundles:
  • HAND.toml — Manifest declaring tools, settings, requirements, and dashboard metrics
  • System Prompt — Multi-phase operational playbook (500+ word expert procedures)
  • SKILL.md — Domain expertise reference injected into context at runtime
  • Guardrails — Approval gates for sensitive actions
All compiled into the binary. No downloading, no pip install, no Docker pull.

16 Security Systems

OpenFang doesn’t bolt security on after the fact. Every layer is independently testable and operates without a single point of failure:
  1. WASM Dual-Metered Sandbox — Tool code runs in WebAssembly with fuel metering + epoch interruption
  2. Merkle Hash-Chain Audit Trail — Every action is cryptographically linked to the previous one
  3. Information Flow Taint Tracking — Labels propagate through execution
  4. Ed25519 Signed Agent Manifests — Every agent identity is cryptographically signed
  5. SSRF Protection — Blocks private IPs, cloud metadata endpoints, DNS rebinding
  6. Secret Zeroization — API keys auto-wipe from memory
  7. OFP Mutual Authentication — HMAC-SHA256 nonce-based auth
  8. Capability Gates — Role-based access control
  9. Security Headers — CSP, X-Frame-Options, HSTS on every response
  10. Health Endpoint Redaction — Full diagnostics require authentication
  11. Subprocess Sandboxenv_clear() + selective variable passthrough
  12. Prompt Injection Scanner — Detects override attempts in skills
  13. Loop Guard — SHA256-based tool call loop detection
  14. Session Repair — 7-phase message history validation
  15. Path Traversal Prevention — Canonicalization with symlink escape prevention
  16. GCRA Rate Limiter — Cost-aware token bucket rate limiting

Community & Support

GitHub

Star the repository

Discord

Join the community

Twitter/X

Follow updates

Next Steps

Quick Start

Install OpenFang and spawn your first agent

Core Concepts

Learn how the system works

Autonomous Hands

Explore the 7 built-in Hands

Configuration

Configure models, channels, and security

License

OpenFang is open source under the Apache 2.0 and MIT licenses. Use it however you want.
v0.1.0 — First Release (February 2026)OpenFang is feature-complete but this is the first public release. You may encounter instability, rough edges, or breaking changes between minor versions. Pin to a specific commit for production use until v1.0.