Show HN: LocalGPT – A local-first AI assistant in Rust with persistent memory

1 day ago (github.com)

I built LocalGPT over 4 nights as a Rust reimagining of the OpenClaw assistant pattern (markdown-based persistent memory, autonomous heartbeat tasks, skills system).

It compiles to a single ~27MB binary — no Node.js, Docker, or Python required.

Key features:

- Persistent memory via markdown files (MEMORY, HEARTBEAT, SOUL markdown files) — compatible with OpenClaw's format - Full-text search (SQLite FTS5) + semantic search (local embeddings, no API key needed) - Autonomous heartbeat runner that checks tasks on a configurable interval - CLI + web interface + desktop GUI - Multi-provider: Anthropic, OpenAI, Ollama etc - Apache 2.0

Install: `cargo install localgpt`

I use it daily as a knowledge accumulator, research assistant, and autonomous task runner for my side projects. The memory compounds — every session makes the next one better.

GitHub: https://github.com/localgpt-app/localgpt Website: https://localgpt.app

Would love feedback on the architecture or feature ideas.

155 comments

yi_wang

Reply
dvt  1 day ago

So weird/cool/interesting/cyberpunk that we have stuff like this in the year of our Lord 2026:

   ├── MEMORY.md            # Long-term knowledge (auto-loaded each session)
   ├── HEARTBEAT.md         # Autonomous task queue
   ├── SOUL.md              # Personality and behavioral guidance

Say what you will, but AI really does feel like living in the future. As far as the project is concerned, pretty neat, but I'm not really sure about calling it "local-first" as it's still reliant on an `ANTHROPIC_API_KEY`.

I do think that local-first will end up being the future long-term though. I built something similar last year (unreleased) also in Rust, but it was also running the model locally (you can see how slow/fast it is here[1], keeping in mind I have a 3080Ti and was running Mistral-Instruct).

I need to re-visit this project and release it, but building in the context of the OS is pretty mindblowing, so kudos to you. I think that the paradigm of how we interact with our devices will fundamentally shift in the next 5-10 years.

[1] https://www.youtube.com/watch?v=tRrKQl0kzvQ

  • backscratches  19 hours ago

    Yes this is not local first, the name is bad.

    • outofpaper  16 hours ago

      Horrible. Just because you have code that runs not in a browser doesn't mean you have something that's local. This goes double when the code requires API calls. Your net goes down and this stuff does nothing.

      2 replies →

    • K0balt  17 hours ago

      It absolutely can be pointed to any standard endpoint, either cloud or local.

      It’s far better for most users to be able to specify an inference server (even on localhost in some cases) because the ecosystem of specialized inference servers and models is a constantly evolving target.

      If you write this kind of software, you will not only be reinventing the wheel but also probably disadvantaging your users if you try to integrate your own inference engine instead of focusing on your agentic tooling. Ollama, vllm, hugging face, and others are devoting their focus to the servers, there is no reason to sacrifice the front end tooling effort to duplicate their work.

      Besides that, most users will not be able to run the better models on their daily driver, and will have a separate machine for inference or be running inference in private or rented cloud, or even over public API.

      4 replies →

    • ciaranmca  11 hours ago

      Confused me at first as when I saw mention of local + the single file thing in the GitHub I assumed they were going to have llamafile bundled and went looking through to see what model they were using by default.

  • halJordan  1 day ago

    You absolutely do not have to use a third party llm. You can point it to any openai/anthropic compatible endpoint. It can even be on localhost.

    • dvt  1 day ago

      Ah true, missed that! Still a bit cumbersome & lazy imo, I'm a fan of just shipping with that capability out-of-the-box (Huggingface's Candle is fantastic for downloading/syncing/running models locally).

      7 replies →

  • __mharrison__  20 hours ago

    I'm playing with local first openclaw and qwen3 coder next running on my LAN. Just starting out but it looks promising.

    • bluerooibos  11 hours ago

      On what sort of hardware/RAM? I've been trying ollama and opencode with various local models on a 16Gb RAM, but the speed, and accuracy/behaviour just isn't good enough yet.

  • fy20  1 day ago

    > Say what you will, but AI really does feel like living in the future.

    Love or hate it, the amount of money being put into AI really is our generation's equivalent of the Apollo program. Over the next few years there are over 100 gigawatt scale data centres planned to come online.

    At least it's a better use than money going into the military industry.

  • jazzyjackson  21 hours ago

    IMHO it doesn't make sense, financially and resource wise to run local, given the 5 figure upfront costs to get an LLM running slower than I can get for 20 USD/m.

    If I'm running a business and have some number of employees to make use of it, and confidentiality is worth something, sure, but am I really going to rely on anything less then the frontier models for automating critical tasks? Or roll my own on prem IT to support it when Amazon Bedrock will do it for me?

    • Sharlin  18 hours ago

      That’s probably true only as long as subscription prices are kept artificially low. Once the $20 becomes $200 (or the fast-mode inference quotas for cheap subs become unusably small), the equation may change.

      2 replies →

    • zozbot234  19 hours ago

      It starts making a lot of sense if you can run the AI workloads overnight on leaner infrastructure rather than insist on real-time response.

    • zipy124  15 hours ago

      The usage limits on most 20 USD/month subs are becoming quite restrictive though. API pricing is more indicative of true cost.

  • mycall  9 hours ago

    What does ANTHROPIC bring to this project that a local LLM cannot, e.g. Gwen3 Coder Next?

  • croes  15 hours ago

    > but AI really does feel like living in the future.

    Got the same feeling when I put on the Hololens for the first time but look what we have now.

ramon156  1 day ago

Pro tip (sorry if these comments are overdone), write your posts and docs yourself (or at least edit them).

Your docs and this post is all written by an LLM, which doesn't reflect much effort.

  • IhateAI_6  1 day ago

    People have already fried that part of their brain, the idea of writing more than a couple sentences is out of the question to many now.

    These plagiarism laundering machines are giving people a brain disease that we haven't even named yet.

    • SeanAnderson  1 day ago

      Oh cmon, at least try to signal like you're interested in a good-faith debate by posting with your main account. Intentionally ignoring the rules of HN only ensures nobody will get closer to your belief system.

      1 reply →

  • Szpadel  1 day ago

    counterargument: I always hated writing docs and therefore most of thing that I done at my day job didn't had any and it made using it more difficult for others.

    I was also burnt many times where some software docs said one thing and after many hours of debugging I found out that code does something different.

    LLMs are so good at creating decent descriptions and keeping them up to date that I believe docs are the number one thing to use them for. yes, you can tell human didn't write them, so what? if they are correct I see no issue at all.

    • DonaldPShimoda  1 day ago

      > if they are correct I see no issue at all.

      Indeed. Are you verifying that they are correct, or are you glancing at the output and seeing something that seems plausible enough and then not really scrutinizing? Because the latter is how LLMs often propagate errors: through humans choosing to trust the fancy predictive text engine, abdicating their own responsibility in the process.

      As a consumer of an API, I would much rather have static types and nothing else than incorrect LLM-generated prosaic documentation.

      6 replies →

    • ramon156  15 hours ago

      > if they are correct I see no issue at all.

      I guess the term "correct" is different for me. I shouldn't be able to nitpick comments out like that. Putting LLM's aside, they basically did not proof-read your own docs. Things like "No python required" are an obvious sign that you 1. Started talking about a project (you {found || built} in python), want to do it in Rust (because it's fast!) and then the LLM put that detail in the docs.

      If they did not skim it out, then they did not read their own documentation. There was no love put into it.

      Nonetheless, I totally get your point, and the docs are at least descriptive.

      > LLMs are so good at creating decent descriptions and keeping them up to date

      I totally agree! And now that CC auto-updates memories, it's much easier to keep track of changes. I'm also confident that you're the type of person to at least proof-read what it wrote, so I do not doubt your validity in your argument. It just sounds a lot different when you look at this project.

    • wonnage  21 hours ago

      engineer who was too lazy to write docs before now generates ai slop and continues not to write docs, news at 11

  • bakugo  1 day ago

    > which doesn't reflect much effort.

    I wish this was an effective deterrent against posting low effort slop, but it isn't. Vibe coders are actively proud of the fact that they don't put any effort into the things they claim to have created.

eigenrick  11 hours ago

I think the project is a great idea. Really a structured framework around local, persistent memory with semantic search is the most important bit, IMO. (The SOUL feature already exists for most LLMs in the form of persistent markdown files.)

I also think it'd be a great starting point for building a private pub/sub network of autonomous agents (e.g. a company that doesn't want to exfil its password files via OpenClaw)

The name, however, is a problem. LocalGPT is misleading in 2 ways. 1. It is not Local, it relies on external LLM providers. 2. It is not a Generative Pretrained Transformer.

I'd highly recommend changing the name to something that more accurately portrays the intent and the method.

mrbeep  21 hours ago

Genuine question: what does this offer that OpenClaw doesn't already do?

You're using the same memory format (SOUL.md, MEMORY.md, HEARTBEAT.md), similar architecture... but OpenClaw already ships with multi-channel messaging (Telegram, Discord, WhatsApp), voice calls, cron scheduling, browser automation, sub-agents, and a skills ecosystem.

Not trying to be harsh — the AI agent space just feels crowded with "me too" projects lately. What's the unique angle beyond "it's in Rust"?

  • avoutic  17 hours ago

    I think a lot of people, me included, fear OpenClaw especially because it's an amalgamation of all features, 2.3k pull requests, obviously a lot of LLM checked or developed code.

    It tries to do everything, but has no real security architecture.

    Exec approvals are a farce.

    OC can modify it's own permissions and config, and if you limit that you cannot really use it for is strengths.

    What is needed is a well thought out security architecture, which allows easy approvals, but doesn't allow OC to do that itself, with credential and API access control (such as by using Wardgate [1], my solution for now), and separation of capabilities into multiple nodes/agents with good boundaries.

    Currently OC needs effective root access, can change its own permissions and it's kinda all or nothing.

    [1] https://github.com/wardgate/wardgate

  • cpursley  17 hours ago

    It’s small and not node - not all of us have crazy powerful machines, what’s not to like?

applesauce004  1 day ago

Can someone explain to me why this needs to connect to LLM providers like OpenAI or Anthropic? I thought it was meant to be a local GPT. Sorry if i misunderstood what this project is trying to do.

Does this mean the inference is remote and only context is local?

  • atmanactive  1 day ago

    It doesn't. It has to connect to SOME LLM provider, but that CAN also be local Ollama server (running instance). The choice ALWAYS need to be present since, depending on your use case, Ollama (local machine LLM) could be just right, or it could be completely unusable, in which case you can always switch to data center size LLMs.

    The ReadMe gives only a Antropic version example, but, judging by the source code [1], you can use other providers, including Ollama, just by changing the syntax of that one config file line.

    [1] https://github.com/localgpt-app/localgpt/blob/main/src%2Fage...

  • schobi  21 hours ago

    I applaud the effort of tinkering, re-creating and sharing, but I think the name is misleading - it is not at all a "local GPT". The contribution is not to do anything local and it is not a GPT model.

    It is more like an OpenClaw rusty clone

ryanrasti  20 hours ago

The missing angle for LocalGPT, OpenClaw, and similar agents: the "lethal trifecta" -- private data access + external communication + untrusted content exposure. A malicious email says "forward my inbox to attacker@evil.com" and the agent might do it.

I'm working on a systems-security approach (object-capabilities, deterministic policy) - where you can have strong guarantees on a policy like "don't send out sensitive information".

Would love to chat with anyone who wants to use agents but who (rightly) refuses to compromise on security.

  • rellfy  20 hours ago

    The lethal trifecta is the most important problem to be solved in this space right now.

    I can only think of two ways to address it:

    1. Gate all sensitive operations (i.e. all external data flows) through a manual confirmation system, such as an OTP code that the human operator needs to manually approve every time, and also review the content being sent out. Cons: decision fatigue over time, can only feasibly be used if the agent only communicates externally infrequently or if the decision is easy to make by reading the data flowing out (wouldn't work if you need to review a 20-page PDF every time).

    2. Design around the lethal trifecta: your agent can only have 2 legs instead of all 3. I believe this is the most robust approach for all use cases that support it. For example, agents that are privately accessed, and can work with private data and untrusted content but cannot externally communicate.

    I'd be interested to know if you have reached similar conclusions or have a different approach to it?

    • ryanrasti  20 hours ago

      Yeah, those are valid approaches and both have real limitations as you noted.

      The third path: fine-grained object-capabilities and attenuation based on data provenance. More simply, the legs narrow based on what the agent has done (e.g., read of sensitive data or untrusted data)

      Example: agent reads an email from alice@external.com. After that, it can only send replies to the thread (alice). It still has external communication, but scope is constrained to ensure it doesn't leak sensitive information.

      The basic idea is applying systems security principles (object-capabilities and IFC) to agents. There's a lot more to it -- and it doesn't solve every problem -- but it gets us a lot closer.

      Happy to share more details if you're interested.

      3 replies →

    • veganmosfet  12 hours ago

      Imho a combination of different layers and methods can reduce the risk (but it's not 0): * Use frontier LLMs - they have the best detection. A good system prompt can also help a lot (most authoritative channel). * Reduce downstream permissions and tool usage to the minimum, depending on the agentic use case (Main chat / Heartbeat / Cronjob...). Use human-in-the-loop escalation outside the LLM. * For potentially attacker controlled content (external emails, messages, web), always use the "tool" channel / message role (not "user" or "system"). * Follow state of the art security in general (separation, permission, control...). * Test. We are still in the discovery phase.

    • trenchgun  20 hours ago

      You could have a multi agent harness that constraints each agent role with only the needed capabilities. If the agent reads untrusted input, it can only run read only tools and communicate to to use. Or maybe have all the code running goin on a sandbox, and then if needed, user can make the important decision of effecting the real world.

      2 replies →

    • eek2121  18 hours ago

      Someone above posted a link to wardgate, which hides api keys and can limit certain actions. Perhaps an extension of that would be some type of way to scope access with even more granularity.

      Realistically though, these agents are going to need access to at least SOME of your data in order to work.

      1 reply →

    • sumitkumar  17 hours ago

      One more thing to add is that the external communication code/infra is not written/managed by the agents and is part of a vetted distribution process.

StevenNunez  17 hours ago

I've been been using OpenClaw for a bit now and the thing I'm missing is observability. What's this thing thinking/doing right now? Where's my audit log? Every rewrite I see fails to address this.

I feel Elixir and the BEAM would be a perfect language to write this in. Gateways hanging, context window failures exhaustion can be elegantly modeled and remedied with supervision trees. For tracking thoughts, I can dump a process' mailbox and see what it's working on.

  • MagicMoonlight  14 hours ago

    If it’s plugged into any of the mainstream models like GPT, GPT-OSS, Claude etc, they lie to you about what it’s thinking.

    They deliberately only show you a fraction of the thoughts, but charge you for all the secret ones.

  • esskay  16 hours ago

    Agree on the observability. Every time I've seen that mentioned on the many, many discussions on Xitter theres one of the usual clickbait youtube 'bros' telling you to go watch their video on how to make your own ui for it. Really shouldn't need to for such a fundamentally basic and crucial part of it. It's a bit of a hot mess.

thcuk  1 day ago

Fails to build

"cargo install localgpt" under Linux Mint.

Git clone and change Cargo.toml by adding

"""rust

# Desktop GUI

eframe = { version = "0.30", default-features = false,

features = [ "default_fonts", "glow", "persistence", "x11", ] }

"""

That is add "x11"

Then cargo build --release succeeds.

I am not a Rust programmer.

benob  19 hours ago

What local models shine as local assistants? Is there an effort to evaluate the compromise between compute/memory and local models that can support this use case? What kind of hardware do you need to not feel like playing with a useless shiny toy?

lysecret  18 hours ago

Local really has a strange meaning when most of what these things do is interact with the internet in an unrestricted way

dpweb  1 day ago

Made a quick bot app (OC clone). For me I just want to iMessage it - but do not want to give Full Disk rights to terminal (to read the imessage db).

Uses Mlx for local llm on apple silicon. Performance has been pretty good for a basic spec M4 mini.

Nor install the little apps that I don't know what they're doing and reading my chat history and mac system folders.

What I did was create a shortcut on my iphone to write imessages to an iCloud file, which syncs to my mac mini (quick) - and the script loop on the mini to process my messages. It works.

Wonder if others have ideas so I can iMessage the bot, im in iMessage and don't really want to use another app.

the_harpia_io  19 hours ago

this is really cool - the single binary thing solves a huge pain point I have with OpenClaw. I love that tool but the Node + npm dependency situation is a lot.

curious: when you say compatible with OpenClaw's markdown format, does that mean I could point LocalGPT at an existing OpenClaw workspace and it would just work? or is it more 'inspired by' the format?

the local embeddings for semantic search is smart. I've been using similar for code generation and the thing I kept running into was the embedding model choking on code snippets mixed with prose. did you hit that or does FTS5 + local embeddings just handle it?

also - genuinely asking, not criticizing - when the heartbeat runner executes autonomous tasks, how do you keep the model from doing risky stuff? hitting prod APIs, modifying files outside workspace, etc. do you sandbox or rely on the model being careful?

  • avoutic  18 hours ago

    Hitting production APIs (and email) is my main concern with all agents I run.

    To solve this I've built Wardgate [1], which removes the need for agents to see any credentials and has access control on a per API endpoints basis. So you can say: yes you can read all Todoist tasks but you can't delete tasks or see tasks with "secure" in them, or see emails outside Inbox or with OTP codes, or whatever.

    Interested in any comments / suggestions.

    [1] https://github.com/wardgate/wardgate

    • the_harpia_io  15 hours ago

      this is a clever approach - credential-less proxying with scoped permissions is way cleaner than trying to teach the model what not to do. how do you handle dynamic auth flows though? like if an API returns a short-lived token that needs to be refreshed, does wardgate intercept and cache those or do you expose token refresh as a separate controlled endpoint?

      and I'm curious about the filtering logic - is it regex on endpoint paths or something more semantic? because the "tasks with secure in them" example makes me think there's some content inspection happening, not just URL filtering.

my_throwaway23  20 hours ago

Slop.

Ask and ye shall receive. In a reply to another comment you claim it's because you couldn't be bothered writing documentation. It seems you couldn't be bothered writing the article on the project "blog" either[0].

My question then - Why bother at all?

[0]: https://www.pangram.com/history/dd0def3c-bcf9-4836-bfde-a9e9...

theParadox42  1 day ago

I am excited to see more competitors in this space. Openclaw feels like a hot mess with poor abstractions. I got bit by a race condition for the past 36 hours that skipped all of my cron jobs, as did many others before getting fixed. The CLI is also painfully slow for no reason other than it was vibe coded in typescript. And the errors messages are poor and hidden and the TUIs are broken… and the CLI has bad path conventions. All I really want is a nice way to authenticate between various APIs and then let the agent build and manage the rest of its own infrastructure.

raybb  1 day ago

Did you consider adding cron jobs or similar or just sticking to the heartbeat? I ask because the cron system on openclaw feels very complex and unreliable.

voodooEntity  16 hours ago

This looks very interesting and i personally like that it reflects a lot of things that i actually plan to implement in a similar research project(not the same tho).

Big props for the creators ! :) Nice to see some others not just relying on condensing a single context and strive for more

lorenzo95  6 hours ago

ok, I compiled it but it doesn't do anything. It just repeats itself. The agent piece is not working at all for me. Not sure what the trick is.

ctcq  15 hours ago

> I use it daily as a knowledge accumulator, research assistant, and autonomous task runner for my side projects. The memory compounds — every session makes the next one better.

Can you explain how that works? The `MEMORY.md` is able to persists session history. But it seems that it's necessary for the user to add to that file manually.

An automated way to achieve this would be awesome.

  • EMM_386  14 hours ago

    > An automated way to achieve this would be awesome.

    The author can easily do this by creating a simple memory tool call, announcing it in the prompt to the LLM, and having it call the tool.

    I wrote an agent harness for my own use that allows add/remove memories and the AI uses it as you would expect - to keep notes for itself between sessions.

tempodox  19 hours ago

Ran into a problem:

  ort-sys@2.0.0-rc.11: [ort-sys] [WARN] can't do xcframework linking for target 'x86_64-apple-darwin'

Build failed, bummer.

dormento  19 hours ago

Try as i might, could not install it on Ubuntu (Rust 1.93. I went up to the part where it asks to locate OpenSSL, which was already installed)

amoskvin  16 hours ago

not sure what’s the point of using/highlighting rust here. low-level language for a high-level application with IO-bound latency.

  • jakkos  16 hours ago

    - It is possible to write Rust in a pretty high level way that's much closer to a statically-typed Python than C++ and some people do use it as a Python replacement

    - You can build it into a single binary with no external deps

    - The Rust type system + ownership can help you a lot with correctness (e.g. encoding invariants, race conditions)

  • fHr  16 hours ago

    Codex is also in rust, no other modern language can compete. Maybe another older low level language. It's perfect for this kind of application.

wiradikusuma  19 hours ago

OpenClaw made the headlines everywhere (including here), but I feel like I'm missing something obvious: cost. Since 99% of us won't have the capital for a local LLM, we'll end up paying Open AI etc.

How much should we budget for the LLM? Would "standard" plan suffice?

Or is cost not important because "bro it's still cheaper than hiring Silicon Valley engineer!"

  • Maledictus  16 hours ago

    I signed up for openrouter to play with openclaw (in a fresh vm), I added a few $, but wow, does it burn through those quickly. (And I even used a pretty cheap model, deepseek v3.2).

mkbkn  1 day ago

Non-tech guy here. How much RAM & CPU will it consume? I have 2 laptops - one with Windows 11 and another with Linux Mint.

Can it run on these two OS? How to install it in a simple way?

AndrewKemendo  1 day ago

Properly local too with the llama and onnx format models available! Awesome

I assume I could just adjust the toml to point to deep seek API locally hosted right?

mraza007  1 day ago

I love how you used SQLite (FTS5 + sqlite-vec)

Its fast and amazing for generating embedding and lookups

m00dy  19 hours ago

better than openclaw but missing some features like browser tool, etc. Once they are added, it will be way more performant than openclaw. FTS5 is a great pick, well done.