Skip to main content

Project Roadmap

Tracking progress from first compile to public launch and beyond.

Current State

The full message-in → LLM → response-out pipeline is wired end-to-end across Discord, Telegram, Slack, and webhooks. The system starts messaging adapters, routes inbound messages to agent channels via binding resolution, runs real Rig agent loops for channels/branches/workers, and routes outbound responses back through the messaging layer. The hosted platform (spacebot.sh) is deployed with a control plane, dashboard, and marketing site. Config changes hot-reload without restarts.

Completed

Core Architecture

  • Project structure — all modules declared, module root pattern (src/memory.rs not mod.rs)
  • Error hierarchy — thiserror domain enums wrapped by top-level Error with #[from]
  • Config — hierarchical TOML with file watcher, event filtering, and content hash debounce for hot-reload
  • Multi-agent — per-agent database isolation, Agent struct bundles all dependencies
  • Database connections — SQLite + LanceDB + redb per-agent, migrations for all tables

LLM and Routing

  • LLMSpacebotModel implements Rig’s CompletionModel, routes through LlmManager via HTTP with retries and fallback chains
  • 13 providers — Anthropic, OpenAI, OpenRouter, Kilo Gateway, Z.ai, Groq, Together, Fireworks, DeepSeek, xAI, Mistral, OpenCode Zen, OpenCode Go
  • Model routingRoutingConfig with process-type defaults, task overrides, fallback chains

Memory System

  • Full stack — types, SQLite store (CRUD + graph), LanceDB (embeddings + vector + FTS), fastembed, hybrid search (RRF fusion)
  • Memory maintenance — decay + prune implemented
  • IdentityIdentity struct loads SOUL.md/IDENTITY.md/USER.md, Prompts with fallback chain
  • Eight memory types — Fact, Preference, Decision, Identity, Event, Observation, Goal, Todo
  • Graph edges — RelatedTo, Updates, Contradicts, CausedBy, PartOf

Agent Processes

All three process types run real Rig loops:
  • Channel — per-turn tool registration, status injection, max_turns(5)
  • Branch — history fork, max_turns(10), memory tools, result injection
  • Worker — fresh history, per-worker ToolServer, max_turns(50), interactive mode with input_tx
  • Compactor — tiered thresholds (80%/85%/95%), LLM summarization, pre-compaction archiving, emergency truncation
  • Cortex — signal buffering, bulletin generation on 60min interval, association loop

Tools and Security

  • 16 tools — reply, branch, spawn_worker, route, cancel, skip, react, memory_save, memory_recall, set_status, shell, file, exec, browser, cron, web_search
  • HooksSpacebotHook with tool call/result events, leak detection (11 patterns scanning both tool args and output)
  • Workspace containment — file tool validates paths stay within workspace, shell/exec tools block sensitive operations
  • StatusBlock — event-driven updates, renders to context string

Messaging Adapters

  • MessagingMessaging trait with RPITIT + companion, MessagingManager with fan-in/routing
  • Discord adapter — full Serenity implementation (message handling, streaming via edit, typing indicators, guild/channel/DM filtering)
  • Telegram adapter — full teloxide implementation (long polling, typing indicators, attachment extraction, chat/DM filtering, 4096 char splitting)
  • Slack adapter — full slack-morphism implementation (Socket Mode, thread replies, file upload v2, reactions, streaming via edit, workspace/channel/DM filtering)
  • Webhook adapter — Axum HTTP server (POST /send, GET /poll/, GET /health)
  • Message routing — full event loop with binding resolution, channel lifecycle, outbound routing

Platform Features

  • Conversation persistenceConversationLogger with fire-and-forget SQLite writes, compaction archiving
  • Cron — scheduler with timers, active hours, circuit breaker (3 failures → disable), creates real channels
  • Settings store — redb key-value with WorkerLogMode
  • OpenClaw skills — skill format parsing, tool mapping, directory watcher with hot reload
  • Embedded UI — Vite + React + TypeScript SPA, embedded into binary via rust_embed
  • Bindings API — hot-creates bindings and starts adapters at runtime without restart via ArcSwap
  • Ingestion pipeline — file watcher on agents/{id}/ingest/, chunking, per-chunk worker, memory extraction
  • Agent CLIspacebot agents list/create/delete, identity template bootstrapping

Hosted Platform

  • Control plane — instance provisioning, auth, reverse proxy to private instances over WireGuard mesh
  • Dashboard — web UI for managing agents, viewing metrics, configuring bindings
  • Marketing site — spacebot.sh landing page and documentation

In Progress

Cortex Enhancements

  • Consolidationrun_consolidation() is a stub, no actual memory merging or graph optimization
  • Memory mergemerge_similar_memories() is a no-op placeholder
  • Observe() — extracts some event types but hardcodes values instead of pulling from actual event data
  • CortexHook — all hook methods are trace-only passthrough, no observation logic

Security

  • Secrets store — empty struct, no redb/AES-256-GCM integration yet

Upcoming

Streaming

Implement SpacebotModel.stream() with SSE parsing. The messaging adapters already handle StreamStart/StreamChunk/StreamEnd response types — this is purely the LLM layer.

Cortex Consolidation

  • Implement run_consolidation() — memory merging, decay management, graph optimization
  • Implement merge_similar_memories() in maintenance.rs
  • Cross-channel coherence — shared observations across an agent’s conversations
  • Wire real values into observe() signal extraction
  • Implement CortexHook observation logic (anomaly detection, consolidation triggers)

Secrets Store

Encrypted credentials in redb with DecryptedSecret wrapper type. ChaCha20-Poly1305 AEAD with a local key file. All sensitive config values (token, *_key) encrypted at rest.

Cost Tracking

Per-agent token usage and cost tracking with budget enforcement. Session, daily, and monthly aggregates stored in redb. Per-model breakdown so you can see what’s expensive.
Warning threshold at configurable percentage, hard block when budget is exceeded. Essential for the hosted platform’s pricing model and for self-hosted users who want to cap spend.

Hardening

  • Autonomy levels — readonly, supervised, full modes
    • Readonly blocks all write tools
    • Supervised requires confirmation for destructive operations
    • Full is the current unrestricted mode
  • Command allowlisting — opt-in allowlist mode for shell tool (more secure than current blocklist)
  • SSRF protection — block private IP ranges (RFC1918, link-local, loopback), IPv4-mapped IPv6 bypasses, and shared address space
  • Error message sanitization — scrub API keys and tokens from provider error messages
  • Audit logging — structured JSONL trail of security-relevant events (command execution, file access, policy violations)
  • Tool nudging — inject “use your tools” in SpacebotHook.on_completion_response() when LLM responds with text in early iterations
  • Outbound HTTP leak scanning — block exfiltration via tool output before it reaches external services

Observability

  • OpenTelemetry trace + metrics export (OTLP)
  • Prometheus metrics endpoint on the control API
  • Structured per-agent metrics: token usage, tool call counts, latency percentiles, memory operations

Additional Channel Adapters

  • WhatsApp — Meta Cloud API. Hosted instances receive webhooks via the platform proxy. Self-hosted users point the callback URL at their own reverse proxy or Tailscale funnel.
  • Matrix — decentralized chat protocol. Bridges to self-hosted Matrix/Element deployments.
  • iMessage — macOS-only, AppleScript bridge. Personal use on self-hosted Mac instances.
  • IRC — TLS socket connection. Lightweight protocol, maps channels to conversations.
  • Lark — Feishu/Lark webhook integration for enterprise teams.
  • DingTalk — webhook integration for Chinese enterprise teams.

Onboarding CLI

  • spacebot setup --quick --provider openrouter --key sk-... — non-interactive fast path for scripted deploys
  • spacebot setup --channels-only — add channels to an existing instance

Decided Against

Built-in Tunnel Support

Some self-hosted agent frameworks bundle Cloudflare/ngrok/Tailscale tunnel management into the binary. We intentionally don’t — it’s unnecessary for Spacebot’s architecture. All current channel adapters (Discord, Telegram, Slack, webhooks) use outbound connections. The bot connects to the platform’s gateway or API — nothing needs to POST inbound to the agent. There’s no port to expose.
For hosted instances, the platform proxy handles access over a private WireGuard mesh. For self-hosted instances, the embedded API and UI are accessible on your LAN. If you want remote access, Tailscale works out of the box.
If a future channel adapter requires inbound HTTP callbacks (e.g. WhatsApp Business API), hosted instances would handle it via the platform proxy, and self-hosted users can point the callback URL at their existing Tailscale/Cloudflare setup.

doctor Diagnostic Command

Some agent frameworks ship a doctor CLI command that checks daemon heartbeats, scheduler health, and channel connectivity. This usually exists to compensate for a fragile runtime — if you need a separate command to tell you your process is dead, the process management is the problem. Spacebot handles this through its control interface and the cortex. The embedded UI shows adapter status, agent health, and active connections in real-time. The cortex observes system-wide signals and surfaces issues proactively. Channel token validation happens at setup time through the bindings API — if something is misconfigured, you find out immediately when you add the binding, not by running doctor ten minutes later.

Post-Launch

Cross-Agent Communication

Routing between agents, shared observations across agent boundaries. Enable multi-agent workflows where one agent can delegate to another with different capabilities or permissions.

Hot Reload Agent Topology

Add or remove agents without restart. Currently requires a full process restart to modify the agent list.

Agent Templates

Pre-built configurations for common use cases:
  • Code review assistant
  • Documentation writer
  • DevOps helper
  • Research assistant
  • Community moderator

JsonSchema-Derived Tool Definitions

Replace hand-written JSON schemas in all tools with the JsonSchema derive that’s already on every Args struct. Reduce duplication and ensure schema accuracy.

Spacedrive Integration

Connect agents to terabytes of indexed, content-addressed file data across devices. Spacebot is the AI counterpart to Spacedrive — an open source cross-platform file manager built on a virtual distributed filesystem.
Spacedrive indexes files across all your devices, clouds, and platforms with content-addressed identity, semantic search, and local AI analysis. Spacebot brings autonomous reasoning, memory, and task execution. Together, an agent that can think, remember, and act — backed by terabytes of queryable data across every device you own.
Both projects are independent and fully functional on their own, but complementary by design. When integrated:
  • Agents can query file metadata and content across your entire device fleet
  • Search becomes device-aware: “find that PDF I saved on my laptop last week”
  • Memory can reference content-addressed files that follow you across devices
  • Workers can operate on files regardless of which machine they’re stored on
  • The distributed filesystem becomes the agent’s long-term knowledge base
This transforms Spacebot from a conversational AI into a true personal operating system overlay — one that knows what you have, where it is, and how to work with it.

Build docs developers (and LLMs) love

Get started for freeTalk to us