Single binary · Local-first · Telegram-ready · Cloud-pairable

Your AI agent,
on a host you control

Hiveloom is a single-binary CLI agent runtime. It holds all your secrets locally, drives Telegram, webhook, schedule, and MCP integrations, and optionally pairs with a small cloud surface so you can drive it from a browser — without the cloud ever executing agent work or durably storing agent state.

Install → Quickstart Read the docs
Why hiveloom

One binary, two systems, your data

The CLI is the agent: a single statically-linkable Rust binary that runs end-to-end on your host and is the single source of record for everything it does. The optional cloud surface is an additive browser-driven dashboard — it never executes agent work and never durably stores agent state.

Single static binary

One Rust binary, statically linkable. No Kubernetes, no managed databases, no sidecars. Linux x86_64 and aarch64.

Local-first, optional cloud pairing

All secrets, runs, and vault state live on your host under $HIVELOOM_HOME. Pair with hiveloom-cloud when you want a browser dashboard; revoke at any time.

Markdown skills

Drop a SKILL.md with YAML frontmatter into $HIVELOOM_HOME/skills/. The body is injected into the system prompt at runtime — no vector store required.

Triggers — Telegram, webhooks, schedules

Drive the agent from a Telegram bot, signed webhooks, or cron-style schedules. All three are first-class, configured from the CLI, and gated by a per-tool approval layer.

MCP integrations

Plug remote tools into the agent over stdio, Streamable HTTP, or SSE. Add, list, test, and remove MCP servers with one command each.

Vault + age-encrypted secrets

Secrets sit in an age-encrypted store unlocked by a passphrase you control. The vault holds CLI-local memory the agent can reuse across runs — never mirrored to the cloud.

Per-tool approval gates

Every tool call passes through an approval gate. Persist "Always" decisions, list them, or revoke them — durable choices that survive restarts and pairings.

Operator-friendly

First-run init wizard, doctor diagnostics, install-service for systemd, structured JSON logs in non-TTY contexts. Two CLI instances can coexist on the same host.

Install

One command, one binary

A single static binary. No runtime, no build step, no package manager gymnastics. Released today for Linux x86_64 and aarch64; macOS targets land next.

shell 
# Install the CLI
curl -fsSL https://get.hiveloom.cloud/install.sh | sh

Current release: v0.1.0 · Linux x86_64 and aarch64.

Prefer to download the tarball yourself?

shell — manual download 
# Linux aarch64 (swap target triple for x86_64-unknown-linux-gnu)
curl -fsSL https://get.hiveloom.cloud/releases/latest/hiveloom-aarch64-unknown-linux-gnu.tar.gz -o hiveloom.tar.gz
tar -xzf hiveloom.tar.gz
sudo install -m 0755 hiveloom /usr/local/bin/
5-minute quickstart

From install to chat in 3 commands

Run the wizard, start the daemon, and either send a one-shot prompt or open the REPL. The wizard writes a starter config.toml and unlocks the secret store with a passphrase you choose.

shell 
# 1. First-run wizard — creates ~/.hiveloom/ and captures your Anthropic key
hiveloom init

# 2. Start the daemon
hiveloom serve &

# 3a. One-shot prompt
hiveloom run "draft a summary of today's inbox"

# 3b. Or open the REPL
hiveloom chat

The secret-store passphrase comes from HIVELOOM_SECRET_PASSPHRASE, a --passphrase-file, or systemd-creds — never from a flag in production. Run hiveloom doctor any time to self-check the install.

Triggers & integrations

Drive it from Telegram, cron, webhooks, or MCP

Triggers are first-class. Configure a Telegram bot, register a cron schedule that runs a saved skill, sign incoming webhooks, or plug remote MCP servers into the agent — every action runs through the same approval gate.

shell — cron schedule 
# Run a saved skill every weekday at 07:00 local
hiveloom schedule create \
  --name morning-brief \
  --cron "0 7 * * *" \
  --skill morning-brief
shell — Telegram bot 
# Register a bot token; allowlist your Telegram user id
hiveloom integration telegram set-token
hiveloom integration telegram allowlist add 1234567
shell — MCP server 
# Attach a Streamable-HTTP MCP server, then verify it
hiveloom mcp add github \
  --transport http \
  --url https://mcp.github.example/
hiveloom mcp test github

Webhook handlers default to strict signing — see the docs for the HMAC envelope. hiveloom approval list shows every "Always" decision a trigger has recorded; hiveloom approval revoke removes one.

Next steps

Dig deeper

  1. Author a skill. Scaffold the folder, edit the SKILL.md frontmatter, then validate. hiveloom skill new morning-brief && hiveloom skill edit morning-brief && hiveloom skill validate morning-brief
  2. Bookmark a document. Ingest a URL (HTML or PDF) into the vault and index it for semantic recall. hiveloom documents add https://example.com/runbook.pdf
  3. Pair with the cloud. Get a browser dashboard backed by your local CLI. State stays on your host; the cloud only relays. hiveloom pair --cloud https://cloud.hiveloom.dev && hiveloom pair status
  4. Run as a service. Install a per-user systemd unit and let the agent start on boot under your account. hiveloom install-service && systemctl --user start hiveloom