AI assistants that execute real work are crucial for automating complex tasks, but safety and control remain paramount. SafePilot addresses this by providing a self-hosted AI assistant designed for secure, real-world task execution. It empowers users to automate complex workflows by translating messages into executable actions, leveraging SQLite persistence, robust job scheduling, and advanced context compression. Targeting developers and power users seeking reliable AI automation, SafePilot offers a secure, auditable, and extensible platform with extensive integrations.

How It Works

The system orchestrates user requests via Telegram, transforming messages into durable "Runs" stored in SQLite. Each Run comprises a Directed Acyclic Graph (DAG) of "Tasks" with defined dependencies. Tasks undergo a policy-driven classification into "safe," "needs_approval," or "dangerous" categories, enforcing explicit checkpoints before execution. SafePilot offers two LLM modes: direct for immediate response generation and agent for iterative tool-calling, where risky operations are blocked until user approval. It employs 3DCF context compression to manage prompt size and enhance long-term conversational coherence.

Quick Start & Requirements

• Primary Install: Requires a Rust toolchain. Build with cargo build --release and run with cargo run. Docker Compose is also available (docs/docker.md).
• Prerequisites: Mandatory LLM API keys (Anthropic or OpenAI). API keys for integrations (e.g., GitHub, Brave Search) are optional but required for specific functionalities.
• Links: Docker Compose documentation, example docker-compose.yml.

Highlighted Details

• Extensive Integrations: Supports Slack, GitHub, Notion, Linear, Jira, Todoist, Brave Search, Telegram, Discord, X, and more, with configurable workspace-scoped runtimes and binding policies.
• Robust Security Posture: Features checkpointed execution, network controls (SSRF protection for fetch), cleared subprocess environments, and optional Linux sandboxing (bubblewrap).
• Context Management: Utilizes SQLite for persistent context storage, with optional 3DCF compression to reduce prompt token usage and improve long-run performance.
• User Oversight: Implements inline approval buttons and natural language commands for task authorization, alongside role-aware Telegram interfaces.

Maintenance & Community

No specific details on maintainers, community channels (e.g., Discord/Slack), or roadmap were found in the provided README.

Licensing & Compatibility

• License: Apache-2.0.
• Compatibility: The Apache-2.0 license is permissive, generally allowing commercial use and integration into closed-source projects.

Limitations & Caveats

Write-capable tools and the browser tool are disabled by default, requiring explicit configuration (AGENT_ENABLE_WRITE_TOOLS=1, AGENT_ENABLE_BROWSER_TOOL=1) and potentially /unsafe run states. Encryption is applied at the column level, meaning master key loss results in unrecoverable data. The fetch tool blocks private network access by default due to SSRF risks.