POC - Will change a lot, contact-me to suggest something.
NAVI: Your gateway to the Wired
Navi is currently a prototype. The core architecture is being designed, and no production-ready code has been released yet. This repository will be updated as development progresses.
Why this exists: Most AI orchestrators are built as products to sell subscriptions, not as open-source tools for the community. Navi is different—it's built for developers, by developers, with security and real utility as non-negotiable principles.
For local development after cloning, you can configure Navi with a .env file.
- Copy
.env.exampleto.env - Set your provider, model, and API key
- Run
go run ./cmd/navi/main.go replornavi serve
Supported environment variables:
NAVI_ENV(developmentorproduction) — selects.env.<env>loadingNAVI_DEFAULT_PROVIDER—nvidia|openai|groq|openrouter|ollamaNAVI_DEFAULT_MODEL— default model nameNAVI_API_KEY— direct API key for developmentNAVI_DEFAULT_API_KEY_ENV— env var name to read key from (alternative toNAVI_API_KEY)NAVI_LLM_BASE_URL— endpoint override (proxy/local testing)
Load order (if files exist):
.env → .env.local → .env.<NAVI_ENV> → .env.<NAVI_ENV>.local
Navi now creates the user config directory on startup (os.UserConfigDir()/navi) before command execution.
- Linux:
~/.config/navi - macOS:
~/Library/Application Support/navi - Windows:
%AppData%\navi
This happens on first launch of any Navi command.
Navi is an AI orchestrator designed to be the maestro of your automation orchestra. It connects disparate tools, scripts, and services without requiring ugly glue code, while keeping you in full control.
Unlike "autonomous agents" that might hallucinate and run rm -rf / on your production server, Navi follows a golden rule: you are always in control, and security is non-negotiable.
The name comes from NAVI, the computer from the anime Serial Experiments Lain (1998), which the protagonist uses to access "the Wired"—a global network mixing virtual reality, collective consciousness, and more.
After testing tools like OpenClaw and others, a pattern emerged:
- 🚫 Built as products to be sold, not open-source community tools
- 🚫 Push generic "agency" with bloated features that aren't actually useful
- 🚫 Designed for marketing hype and subscription sales
- 🚫 Security is an afterthought (open ports, plaintext credentials, 1-click RCE)
- 🚫 Acqui-hired by big tech, then fade into irrelevance
| Traditional Orchestrators | Navi |
|---|---|
| Subscription-focused | Community-focused |
| Bloated feature sets | Solves real problems |
| Security as afterthought | Security is non-negotiable |
| Lock-in via proprietary UI | Multiple open interfaces |
| "Magical autonomous agents" | Human-in-the-loop by design |
| One-size-fits-all | User-configurable isolation |
- Build real autonomous agents for development, automation, and desktop workflows
- Prevent accidental OS damage caused by LLM hallucinations
- Keep every side effect auditable and reversible
- Support GUI workflows without breaking isolation guarantees
- Remain cross-platform with flexible isolation backends
- User choice in isolation strategy (Docker, Bubblewrap, native)
- ✅ Accidental filesystem destruction
- ✅ Unintended network exposure
- ✅ Workspace corruption
- ✅ Silent privilege escalation
- ❌ Kernel zero-days
- ❌ Compromised host
- ❌ Malicious user intent
This system protects against agent mistakes, not hostile adversaries.
Navi is built on Hexagonal Architecture, which means:
- Core logic is isolated from external concerns (isolation backends, LLM providers, UI modes)
- Swappable implementations without changing business logic
- Testable interfaces without calling actual models or services
- User choice in every layer
┌─────────────────────────────────────────────────────────────┐
│ Entry Points (Ports) │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ TUI │ │ REST API │ │ Discord │ │ Telegram │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
└─────────────────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────┐
│ Authentication Layer (Required) │
│ - API Keys / Tokens │
│ - User Sessions │
│ - Permission Checks │
└──────────────────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────┐
│ Orchestrator (Core Logic) │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Agency Coordination Layer │ │
│ │ - Planner Agent - Researcher Agent │ │
│ │ - Coder Agent - Verifier Agent │ │
│ │ - Executor Agent - Custom Agents │ │
│ └────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────────┐
│ Adapters (User-Selectable) │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Isolation │ │ LLM Provider │ │ Storage │ │
│ │ - Docker │ │ - OpenAI │ │ - SQLite │ │
│ │ - Bubblewrap │ │ - Anthropic │ │ - Postgres │ │
│ │ - Native │ │ - Ollama │ │ - S3 │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
└──────────────────────────────────────────────────────────────┘
Docker is optional. Navi supports multiple isolation backends:
| Isolation Backend | Best For | Pros | Cons |
|---|---|---|---|
| Docker | VPS, multi-user, production | Strong isolation, cross-platform, resource limits | Heavier, requires daemon |
| Bubblewrap | Linux desktop | Lightweight, no daemon, fast setup | Linux-only |
| Native Restricted | Simple tasks, trusted environments | Minimal overhead, no dependencies | Weaker isolation |
Users choose their isolation strategy based on their use case:
- VPS / Server: Docker for strong multi-tenant isolation
- Linux Desktop: Bubblewrap for lightweight local automation
- Trusted Local: Native sandbox for simple tasks
Authority is expressed as explicit capabilities, enforced by the chosen isolation backend:
- ❌ No implicit global filesystem access
- ❌ No unrestricted host execution
- ❌ No automatic network exposure
Capability Configuration Example:
{
"agent": "coding",
"capabilities": {
"filesystem": ["workspace:rw", "/home/user/project:ro"],
"network": ["api.github.com"],
"ports": [],
"exec": ["bash", "node", "go"]
}
}Workspace Mount:
# Only default writable path
-v /host/workspace:/workspace
# Additional mounts require explicit user approvalAll interaction modes require authentication. No exceptions.
| Mode | Authentication Methods |
|---|---|
| REST API | API keys, JWT tokens, OAuth |
| REPL | Local token or password |
| Discord Bot | Discord OAuth + user linking |
| Telegram Bot | Telegram user ID + PIN |
Navi doesn't lock you into a single UI. Choose your interface:
- Full HTTP API for mobile apps and integrations
- Start:
navi serveor justnavi - Authentication: API keys, JWT
- Interactive full-screen terminal UI by default, with a plain line REPL fallback via
navi repl --plain - Start:
navi repl - Direct TUI entry:
navi tui - TUI features: markdown rendering, syntax-highlighted code blocks, diff coloring, multi-line editing, persistent prompt history,
@filecompletion, collapsible tool logs, mode switching, status bar, interrupt handling - Plain REPL commands:
:help,:agents,exit,quit - Authentication: local token or password
- Single-shot chat:
navi chat <msg> - Task lifecycle:
navi tasks create <prompt>,navi tasks list,navi tasks get <id> - Agent inspection/sync:
navi agents list,navi agents get <id>,navi agents sync
- Discord: Secure server automation
- Telegram: Remote task triggering
- Authentication: user linking + optional PIN
Define your own interaction mode via the adapter pattern.
Navi supports multiple operation modes, configurable by the user:
For rapid prototyping and experimentation:
- Quick iteration with minimal friction
- Temporary sandboxes
- Ideal for learning and testing
For critical workflows:
- Strict capability enforcement
- Multi-agent verification
- Human-in-the-loop approvals
- Full audit trail
Users can define custom modes via LLM-generated configurations:
# Example: Daily AI News Mode
mode:
name: "daily-news"
trigger: "cron: 0 12 * * *" # Every day at 12 AM
agents:
- Researcher: "Fetch AI news from configured sources"
- Summarizer: "Summarize top 5 stories"
- Notifier: "Send to Telegram/Discord"
isolation: docker
approval: false # Auto-execute for this mode
output:
- telegram: "channel_id"
- discord: "channel_id"Users can ask the LLM to generate custom modes based on their needs:
"Create a mode that monitors my GitHub PRs every hour and posts a summary to Discord"
Navi implements smart parallelism to give real agency to agents. Agents can delegate tasks among themselves based on capability, workload, and context.
┌──────────────┐
│ Main Agent │ Receives task: "Build a REST API with auth"
└──────┬───────┘
│
├──► Delegates to Planner Agent
│ "Break down the task"
│
├──► Planner creates subtasks:
│ 1. Research auth patterns (Researcher)
│ 2. Design API structure (Planner)
│ 3. Implement endpoints (Coder)
│ 4. Write tests (Coder + Verifier)
│ 5. Build & run (Executor)
│
├──► Parallel Execution:
│ ┌───────────────┐ ┌───────────────┐
│ │ Researcher │ │ Planner │
│ │ (searches │ │ (designs │
│ │ patterns) │ │ structure) │
│ └───────────────┘ └───────────────┘
│ │ │
│ └──────┬─────────┘
│ ▼
│ ┌───────────────┐
│ │ Coder │
│ │ (implements) │
│ └───────────────┘
│ │
│ ▼
│ ┌───────────────┐
│ │ Verifier │
│ │ (validates) │
│ └───────────────┘
│
└──► Orchestrator collects results and presents to user
| Single Thread | Intelligent Parallelism |
|---|---|
| Sequential execution | Concurrent task processing |
| One agent bottleneck | Distributed workload |
| Linear time cost | Optimized completion time |
| No task delegation | Dynamic task routing |
No hidden side effects. Every action is logged and traceable:
- ✅ Every task generates an event
- ✅ Every container/process start/stop logged
- ✅ Every capability grant logged
- ✅ Every filesystem mutation tied to commit hash
CREATE TABLE event_log (
id INTEGER PRIMARY KEY,
timestamp TEXT NOT NULL,
agent_id TEXT NOT NULL,
action TEXT NOT NULL,
capability TEXT,
workspace_path TEXT,
git_commit TEXT,
result TEXT,
error TEXT,
user_id TEXT NOT NULL
);Navi is built around LLM weaknesses, not their strengths:
| Weakness | How Navi Addresses It |
|---|---|
| Context Dilution | Specialized agents with focused contexts |
| Overconfidence | Verifier agent + human-in-the-loop |
| No Memory | External persistence with SQLite + vectors |
| Generalist Trap | Domain-specific agents |
| Hallucinations | Multi-agent verification + sandboxed execution |
| Accidental Damage | Isolation backend + capability-based authority |
- Language: Go 1.25+
- Architecture: Hexagonal (Ports & Adapters)
- Isolation: Docker, Bubblewrap, or Native (user choice)
- UI: REST API (default), REPL, Bubble Tea TUI
- Database: SQLite (pure Go, no CGO) with WAL mode
- API: Chi router for HTTP
- Authentication: JWT, API Keys, OAuth adapters
- LLM Clients: OpenAI-compatible API pattern
- MCP: Model Context Protocol support
This is an open-source project focused on solving real problems without selling out to the hype cycle.
- Watch this space: Code will be pushed soon
- Join the discussion: Discord
- Follow updates: X/Twitter
- Star the repo: Show support while we build
- Public development (messy experimentation included)
- Focus on security and real utility
- No subscription traps or vendor lock-in
- Community-driven feature priorities
- User choice in every layer
MIT License - See LICENSE file for details.
- Lain Iwakura: For inspiring the name and vision
- Serial Experiments Lain: For being dense, intellectual, and philosophical
- The open-source Go community for incredible tooling
- Everyone building real tools instead of hype
"Present day, present time!"
Infrastructure survives bubbles. Hype doesn't. Build the former.
Built with ❤️ by @enrell