AgentWASP: The Self-Hosted Agent Runtime Built for Operators (vs OpenClaw & Hermes)
A new entrant just raised the bar for self-hosted autonomous agents. AgentWASP is a Docker-based runtime built around a single premise: agents that can actually be trusted to run unattended.
The project ships with 10+ persistent memory tiers, a truth-binding response layer, capability tiers per skill, and 41 background jobs running 24/7. It’s Apache 2.0 licensed and installs with one line.
What Makes WASP Different
Three architectural commitments separate WASP from other self-hosted agent harnesses:
1. Truth-Binding Response Layer
The biggest problem with autonomous agents? They confidently report actions they never took. WASP addresses this with five deterministic guards:
- URL substitution — ensures links match actual fetched content
- Action announcer — logs every action before execution
- Response grounder — validates outputs against actions actually taken
- Schedule honesty — prevents false claims about scheduled tasks
- Prompt-leak redaction — blocks system prompt exfiltration
The key design choice: no LLM in the policy path. These are deterministic guards, not AI-powered validators that can be fooled.
2. Layered Persistent Memory (28 PostgreSQL Tables)
WASP doesn’t just have “memory” — it has a full cognitive architecture across 10+ named tiers:
| Layer | Purpose |
|---|---|
| Episodic | Full conversation history with timestamps |
| Semantic | Distilled facts and preferences |
| Procedural | Multi-step solutions as named procedures |
| Knowledge Graph | Entity + relation extraction per message |
| Behavioral | Rules learned from user corrections |
| Temporal | World timeline with trend detection |
| Vector | Dense embeddings (cosine similarity) |
| Self-Model | Skill success rates, known failures |
| Working | Active context for current task |
| Goal-Scoped | Per-goal memory isolation |
All memory persists across sessions, reboots, and model switches. This is the level of memory architecture you’d expect from cognitive science research, not a side project.
3. Capability Tiers + Anticipatory Simulation
Every skill has an explicit privilege level:
- PUBLIC — safe operations anyone can trigger
- CONTROLLED — standard operations with logging
- RESTRICTED — sensitive ops requiring confirmation
- PRIVILEGED — dangerous actions with simulation preview
For privileged operations, WASP runs anticipatory simulation — the LLM previews consequences before execution, with a 5-minute cache. Combined with a plan critic that validates every TaskGraph before execution, you get actual guardrails rather than “please don’t do bad things” prompt engineering.
The Comparison Table
WASP publishes a detailed comparison against Hermes Agent and OpenClaw. Here’s what stands out:
| Capability | WASP | Hermes Agent | OpenClaw |
|---|---|---|---|
| Memory tiers | 10+ named (28 Postgres tables) | Agent-curated + FTS5 | Workspace-scoped |
| Knowledge graph | Built-in | Not documented | Not documented |
| Background jobs | 41 pre-built | Cron + background_review | Cron + nodes |
| Self-improvement | Patch-based with persistence | Autonomous skill creation | Skill installation |
| Capability tiers | 4 explicit levels | Command-pattern approval | Per-tool allow/deny |
| Anticipatory simulation | Yes (5-min cache) | Not documented | Not documented |
| Plan critic | LLM validates TaskGraphs | Not documented | Not documented |
| Channels | 12 platforms | 6 platforms | 22+ platforms |
| LLM providers | 5 native + Ollama | 300+ via Nous Portal | Multiple with failover |
Installation
One-liner that handles everything:
sudo bash -c "$(curl -fsSL https://agentwasp.com/install.sh)"This detects your distro (8 Linux flavors + macOS), installs Docker if missing, pulls the source, generates secrets, and walks you through onboarding. Default install path: /opt/wasp.
For the security-conscious:
curl -fsSL https://agentwasp.com/install.sh -o install.sh
curl -fsSL https://agentwasp.com/install.sh.sha256 | sha256sum -c -
sudo bash install.shRequirements: 4GB RAM minimum (8GB recommended), 10GB disk, and at least one LLM provider key (or Ollama for fully self-hosted).
The 41 Background Jobs
WASP runs 41 scheduled jobs 24/7:
- Memory consolidation — compresses and indexes memories across tiers
- Perception — processes incoming sensory data from integrations
- Autonomous goals — generates and pursues long-running objectives
- Self-integrity monitor — validates system consistency
- CPI monitor — tracks cognitive pressure index
- Behavioral learner — extracts rules from user corrections
All jobs persist state and catch up on restart.
Skills and Integrations
37 built-in skills covering:
- Web search and browser automation (nodriver + Selenium)
- Email (Gmail with allowlist)
- Scraping and RSS
- Scheduling and reminders
- File operations
- Python execution (sandboxed)
- Self-improvement
40+ integrations including:
- Smart home (Home Assistant, Philips Hue, Eight Sleep)
- Automation (Zapier, webhooks, cron)
- Communication (Telegram, Discord, Slack, Teams, WhatsApp, Signal, Matrix, iMessage, and more)
- Developer tooling (MCP)
Controlled Self-Improvement
WASP can modify its own source code. But unlike unrestricted self-modification, it uses:
- AST validation — blocks subprocess, eval, ctypes, pickle, importlib
- Sandbox execution — tests changes before applying
- Patch persistence — changes survive container rebuilds
- Reversibility — all patches can be rolled back
The default limit is 5 self-improvement operations per day.
Dashboard
151 HTTP endpoints power the dashboard across:
- Chat interface
- Traces and debugging
- Scheduler management
- Memory exploration
- Knowledge graph visualization
- World model timeline
- Agent management
- Integration configuration
- Audit log
Dashboard binds to 127.0.0.1:8080 (loopback only) by default — use SSH tunnel or reverse proxy for remote access.
Security Model
WASP takes a fail-closed approach:
- Telegram bridge refuses to start without a user allowlist — no public bot mode
- Gmail requires per-address or domain allowlist — prevents prompt-injection exfiltration
- SSRF prevention with DNS rebinding protection and manual redirect re-validation
- Path traversal blocked via realpath containment
- Argon2 hashing with Redis sessions (24h TTL) and 5-attempt lockout
- CSRF protection with session-bound single-use tokens
When to Use WASP vs OpenClaw
Choose WASP if:
- You need an agent that runs unattended 24/7
- Truth-binding and audit trails are requirements
- You want structured memory architecture out of the box
- Self-improvement with safety rails matters
Choose OpenClaw if:
- You want the largest skill ecosystem (5,400+)
- You need 22+ communication channels
- Community and ecosystem size matter more than built-in memory depth
- You prefer Node.js over Python
Choose Hermes Agent if:
- You want 300+ LLM providers via Nous Portal
- You need multiple runtime isolation backends (Docker, SSH, Modal, Vercel Sandbox)
- Isolated subagent spawn for parallel workstreams is critical
The Bottom Line
WASP is what happens when someone builds an agent runtime with operational reliability as the primary design goal rather than feature count. The truth-binding layer, capability tiers with anticipatory simulation, and 10+ memory tiers create a foundation for agents you can actually trust to run while you sleep.
The tradeoff is ecosystem size — WASP has 37 skills vs OpenClaw’s 5,400+. But for operators who need reliability over breadth, WASP fills a gap that’s been missing in the self-hosted agent space.
GitHub: github.com/agentwasp/agentwasp
Docs: docs.agentwasp.com
License: Apache 2.0