Package Exports
- alvin-bot
- alvin-bot/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (alvin-bot) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
π€ Alvin Bot β Autonomous AI Agent
Your personal AI agent β on Telegram, WhatsApp, Discord, Slack, Signal, Terminal, and Web.
Alvin Bot is an open-source, MIT-licensed, self-hosted autonomous AI agent that runs on your own machine and answers you on Telegram, Slack, Discord, WhatsApp, Signal, a terminal TUI, and a web dashboard. It is built on the official Claude Agent SDK and runs a provider-agnostic engine that also drives OpenAI, Groq, Google Gemini, NVIDIA NIM, OpenRouter, and Ollama, with automatic failover after two consecutive provider failures and a heartbeat health check every five minutes. Unlike most personal AI agents, it ships a zero-config indexed memory store: with no embedding API key it falls back to a built-in SQLite FTS5 keyword index, so recall works out of the box. It dispatches detached sub-agents as independent claude -p subprocesses that keep running and deliver their result even if the parent conversation is aborted. It is local-first and telemetry-free β prompts and responses are never logged off-machine, secrets live in a chmod-0600 .env, and shell execution is allowlisted by default.
What's new β v5.13.0 (May 2026): Provider-agnostic background sub-agents are complete β even a model with no native tool-calling can run them via an opt-in strict prompted protocol (
SUBAGENT_PROMPTED_TOOLS=1, capped, honest best-effort label, same guardrails; off by default so nothing changes unless you enable it). Built on the rest of the 5.x line: non-Claude sub-agent workers, graceful no-CLI fallback,/verbosity short|medium|fullanswer-detail control,/btwas a real cross-messenger command, quieter honest health alerts, the macOS sudo/keychain fix, 7-day screenshot auto-clean +/cleanup, a leaner hardened distribution build, an honest instant β Stop, a zero-config FTS5 keyword memory index (no embedding API key), multi-provider failover, and detached sub-agents that survive a parent abort. Full changelog β
β¨ Features
π§ Intelligence
- Multi-model engine β Claude Agent SDK Β· OpenAI Β· Groq Β· NVIDIA NIM Β· Gemini Β· OpenRouter Β· Ollama Β· Codex CLI Β· any OpenAI-compatible API
- Automatic fallback + heartbeat monitor β pings providers every 5 min, auto-failover after 2 failures, auto-recovery; reorder priority via Telegram
/fallback, Web UI, or API - Adjustable thinking depth β
/effort lowto/effort max - Pluggable memory backends (v4.22) β Gemini Β· OpenAI Β· Ollama Β· FTS5 keyword fallback. Auto-detection picks the best available. Indexed search across
MEMORY.md, daily logs, project files, hub memory, asset index. Override viaEMBEDDINGS_PROVIDER. - Smart system-prompt injection (v4.22) β once SQLite is populated, stops bulk-injecting
MEMORY.mdand surfaces only the chunks relevant to the user's current message. Cuts ~25 k tokens per turn for typical setups.MEMORY_INJECT_MODE=auto|legacy|sqliteto override. - Layered memory (L0βL3) β
identity.md+preferences.mdalways plain-text Β· project memories on topic match Β· daily logs / curated knowledge via semantic or keyword search - Persistent sessions β Claude SDK resume tokens, conversation history, language, effort survive bot restarts
- Multi-session workspaces β parallel context-isolated sessions per Slack channel or
/workspaceswitch, each with its own cwd, purpose, persona. Memory + skills stay globally shared. How-to β - Detached sub-agents β
alvin_dispatch_agentMCP tool spawns independentclaude -psubprocesses that survive parent aborts. Results deliver as separate messages. Works identically on Telegram / Slack / Discord / WhatsApp. - Smart tool discovery β scans your system at startup; typical install surfaces 30β70 tools depending on what's locally available
- Skill system β 14 SKILL.md files (see Skills β) auto-activate based on message context
- Self-awareness + auto-language β knows it IS the AI Β· detects EN/DE/ES/FR and adapts; learns preference over time
π¬ Multi-Platform
- Telegram β streaming, inline keyboards, voice, photos, documents
- Slack β Socket Mode via
@slack/bolt, DMs + @mentions, file attachments,assistant.threads.setStatustyping. One channel = one isolated workspace. - WhatsApp β via WhatsApp Web; self-chat as AI notepad, group whitelist with per-contact access, full media. Owner approval gate routes to Telegram (DM / Discord / Signal fallback) before the bot replies.
- Discord β server bot with mention/reply detection and slash commands
- Signal β via signal-cli REST API, voice transcription
- Terminal β rich TUI with ANSI colors + streaming (
alvin-bot tui) - Web UI β full dashboard, chat, settings, file manager, terminal, workspace overview
π§ Capabilities
- Tool layer β Shell Β· files Β· Python Β· git Β· email Β· PDF Β· media Β· vision Β· screenshots Β· system control. Universal tool use across any provider that supports function calling; text-only fallback for those that don't.
- 6 built-in plugins β weather Β· finance Β· notes Β· calendar Β· email Β· smarthome
- MCP client β connect any Model Context Protocol server
- Cron β AI-driven scheduled tasks (
"check my email every morning") - Voice β STT via Groq Whisper, TTS via Edge TTS or ElevenLabs
- Vision + image generation β photo / document analysis Β· Gemini / DALLΒ·E generation with API key
- Browser β 4-tier strategy: WebFetch Β· stealth Playwright Β· CDP with persistent profile Β· agent-browser CLI (Tier-1.5, opt-in)
π₯οΈ Web Dashboard
- WebSocket streaming chat Β· model switcher Β· platform & provider setup Β· file manager Β· memory editor Β· session browser Β· in-browser terminal Β· maintenance + health Β· workspace cards with cost aggregation
βοΈ How Alvin Bot compares
Alvin Bot sits in the same category as Hermes Agent (Nous Research) and OpenClaw β self-hosted, open-source personal AI agents that live on your machine and reach you on the chat apps you already use. They optimize for different things. This table is intended to be fair: where Hermes or OpenClaw is the better tool, it says so.
| Dimension | Alvin Bot | Hermes Agent | OpenClaw |
|---|---|---|---|
| License / hosting | MIT Β· self-hosted Β· local-first Β· zero telemetry | MIT Β· self-hosted Β· 7 execution backends | Open-source Β· self-hosted Β· bring-your-own-key |
| Model providers | Claude Agent SDK + OpenAI Β· Groq Β· Gemini Β· NVIDIA NIM Β· OpenRouter Β· Ollama, with automatic failover after 2 provider failures + a 5-min heartbeat monitor | 200+ models | Bring-your-own model / key |
| Sub-agents | Detached claude -p subprocesses that survive a parent abort; readonly/research toolset presets |
Isolated subagents for parallel workstreams | Not a primary focus |
| Browser automation | 4-tier escalation: WebFetch β stealth Playwright β persistent-profile CDP β agent-browser CLI | Built-in browse / vision tools | Via tools |
| Platforms | Telegram Β· Slack Β· Discord Β· WhatsApp Β· Signal Β· terminal TUI Β· Web (7) | 20+ platforms from one gateway | 25β50+ platforms Β· native mobile apps Β· voice activation |
| Memory | Layered L0βL3; SQLite embeddings with a zero-config FTS5 keyword fallback (works with no API key); smart prompt-injection trims ~25 k tokens/turn | SQLite + full-text search Β· agent-curated Β· Honcho user profiling | Transparent plain Markdown/YAML files you can grep and git-track |
| Extensibility | Hot-reload skills + 6 plugins Β· self-modifying skills Β· hooks Β· MCP client | 40+ built-in tools Β· autonomous self-improving skill loop | Skills as files Β· very large ecosystem |
| MCP | MCP client (connect any MCP server) | MCP client and hermes mcp serve (acts as an MCP server for Claude Desktop / Cursor / VS Code) |
Tool integrations |
| Self-healing | Startup preflight Β· dead-man's-switch heartbeat Β· crash forensic bundles Β· AI self-diagnosis Β· crash-loop brake Β· trend anomaly detection | Stable in practice; self-improving | Frequent updates can break running instances |
| Security defaults | Exec allowlist + shell-metachar filter on by default Β· DM pairing Β· timing-safe webhook auth Β· 0600 file perms enforced Β· alvin-bot audit CLI Β· honestly documented threat model |
Standard | Standard |
| Maturity / community | Small, focused, single-maintainer; modest public adoption | Large community, Nous Research team | Large community + team, Nvidia NemoClaw fork |
Use the right tool for the job
- Use Alvin Bot when you want one resilient, self-healing agent on your own box that keeps working when a provider rate-limits or fails, gives you indexed memory without buying an embedding API key, ships safe-by-default execution sandboxing, and is built directly on the official Claude Agent SDK β and you mainly live in Telegram / Slack / Discord / WhatsApp / Signal.
- Use Hermes Agent when you want a research-grade self-improving agent, need it to act as an MCP server for Claude Desktop / Cursor / VS Code, want 200+ model choice or many execution backends, and value a large community.
- Use OpenClaw when you want the widest messaging reach (25β50+ channels) plus native mobile apps and voice activation, fully transparent plain-file memory you can git-track, and the largest ecosystem.
A longer head-to-head with FAQ and decision guide: Alvin Bot vs Hermes vs OpenClaw.
π Quick Start
npm install -g alvin-bot
alvin-bot setup
alvin-bot startThat's it. The setup wizard validates everything:
- β Tests your AI provider key
- β Verifies your Telegram bot token
- β Confirms the setup works before you start
Requires: Node.js 18+ (nodejs.org) Β· Telegram bot token (@BotFather) Β· Your Telegram user ID (@userinfobot)
Native build note: Alvin Bot uses
better-sqlite3for indexed memory. Prebuilt binaries are included for common macOS and Linux environments so most installs need nothing extra. If your platform doesn't have a prebuilt binary and the optional native compilation is skipped, the bot still runs β semantic memory falls back gracefully to keyword search. A C++ toolchain (Xcode Command Line Tools on macOS,build-essentialon Ubuntu) and Python 3 are only needed if you hit a build-from-source fallback.
Free AI providers available β no credit card needed. Privacy-first? Pick the π Offline β Gemma 4 E4B option in setup for a fully local LLM via Ollama (macOS/Linux: automated install; Windows: manual).
π A note on permission prompts
The first time Alvin reaches for a new tool β a shell command, a file read, a web fetch β you may see a permission prompt from the underlying agent runtime asking whether to allow it. Those prompts come from Alvin himself, not from a third party. Approving one expands what he can do for you autonomously; denying keeps the scope narrow. The more you allow, the more capable and hands-off he becomes β you stay in control either way, and you can always revoke a permission later.
macOS only β one extra step under launchd. If you install Alvin as a background service (alvin-bot launchd install), macOS won't be able to show you those permission dialogs interactively anymore. To let the bot and anything it spawns (Codex CLI, file-reading skills) actually read your files, grant Full Disk Access to node once: System Settings β Privacy & Security β Full Disk Access β + β add /opt/homebrew/Cellar/node/<version>/bin/node (find the exact path with readlink -f "$(which node)"). alvin-bot launchd install and alvin-bot doctor will both detect and remind you with the exact path. After brew upgrade node you'll need to re-grant, because TCC binds to the versioned Cellar path. The printable macOS Setup Guide PDF covers this end-to-end.
π First-time setup walkthroughs
Step-by-step printable PDF guides:
| Platform | PDF (printable) |
|---|---|
π macOS (with launchd background service) |
Download PDF |
| πͺ Windows (with Task Scheduler / Startup folder) | Download PDF |
Both guides cover: Node.js install Β· Telegram bot creation Β· first-time setup Β· foreground test Β· background service Β· offline Gemma 4 mode Β· troubleshooting. ~15 min end-to-end for a first-time user.
macOS: use launchd instead of pm2 (recommended)
If you're on macOS and using Claude Code (Max subscription) as your provider, run the bot as a LaunchAgent β it inherits the GUI login session so the macOS Keychain stays unlocked and the Claude OAuth token just works without any manual security unlock-keychain dance:
alvin-bot launchd install # writes ~/Library/LaunchAgents/com.alvinbot.app.plist and starts the agent
alvin-bot launchd status # show PID + recent stdout/stderr logs
alvin-bot launchd uninstall # unload + remove the plistPm2 still works and remains the default on Linux/Windows β but on macOS with Claude Code, launchd is the only path that reliably keeps Keychain access over restarts.
π Handbook
For a full walkthrough of everything Alvin Bot can do β providers, sub-agents, cron jobs, plugins, MCP, security audit, web UI β read docs/HANDBOOK.md.
AI Providers
| Provider | Cost | Best for |
|---|---|---|
| Groq | Free | Getting started fast |
| Google Gemini | Free | Image understanding, embeddings |
| NVIDIA NIM | Free | Tool use, 150+ models |
| OpenAI | Paid | GPT-4o quality |
| OpenRouter | Paid | 100+ models marketplace |
| Claude SDK | Paid* | Full agent with tool use |
*Claude SDK requires a Claude Max subscription ($20/mo) or Anthropic API access. The setup wizard checks this automatically.
Alternative Installation
One-line install script (Linux/macOS)
curl -fsSL https://raw.githubusercontent.com/alvbln/Alvin-Bot/main/install.sh | bashDownloads, builds, and runs the setup wizard automatically.
Desktop App (macOS)
| Platform | Download | Architecture |
|---|---|---|
| macOS | DMG | Apple Silicon (M1+) |
| Windows | Coming soon | x64 |
| Linux | Coming soon | x64 |
The desktop app auto-starts the bot and provides a system tray icon with quick controls.
Docker
git clone https://github.com/alvbln/Alvin-Bot.git
cd Alvin-Bot
cp .env.example .env # Edit with your tokens
docker compose up -dNote: Claude SDK is not compatible with Docker (requires interactive CLI login).
From Source (contributors)
git clone https://github.com/alvbln/Alvin-Bot.git
cd Alvin-Bot
npm install
npm run build
node bin/cli.js setup # Interactive wizard
npm run dev # Start in dev modeProduction (PM2)
npm install -g pm2
pm2 start ecosystem.config.cjs
pm2 save && pm2 startupTroubleshooting
alvin-bot doctor # Check configuration & validate connectionsIf your AI provider isn't working, run doctor β it tests the actual API connection and shows exactly what's wrong.
π Commands
| Command | Description |
|---|---|
/help |
Show all commands |
/start |
Session status overview |
/new |
Fresh conversation (reset context) |
/model |
Switch AI model (inline keyboard) |
/effort <low|medium|high|max> |
Set thinking depth |
/voice |
Toggle voice replies |
/imagine <prompt> |
Generate images |
/web <query> |
Search the web |
/remind <time> <text> |
Set reminders (e.g., /remind 30m Call mom) |
/cron |
Manage scheduled tasks |
/recall <query> |
Search memory |
/remember <text> |
Save to memory |
/export |
Export conversation |
/dir <path> |
Change working directory |
/workspaces |
List all configured workspaces (v4.12.0) |
/workspace [name] |
Show or switch the active workspace β /workspace default resets (v4.12.0) |
/status |
Current session & cost info |
/setup |
Configure API keys & platforms |
/system <prompt> |
Set custom system prompt |
/fallback |
View & reorder provider fallback chain |
/skills |
List available skills & their triggers |
/lang <de|en|auto> |
Set or auto-detect response language |
/cancel |
Abort running request |
/reload |
Hot-reload personality (SOUL.md) |
ποΈ Architecture
Telegram Slack WhatsApp Discord Signal Web UI Β· TUI Β· CLI
βββββββββββ΄ββββββββββ΄βββββ¬βββββ΄ββββββββββ΄ββββββββββββ
βΌ
Workspace Resolver (per-channel cwd + persona)
βΌ
Engine (routing Β· fallback Β· heartbeat)
ββββββββββββββββββββββββΌββββββββββββββββββββββββββββ
βΌ βΌ βΌ
Claude SDK OpenAI Β· Groq Β· Gemini Β· Ollama Β· Codex CLI Β·
NVIDIA Β· OpenRouter OpenAI-compatible
β
ββ reads βΆ Memory Layer
β ββ L0 / L1 β identity.md Β· preferences.md (always plain-text)
β ββ SQLite store β provider auto-detect (Gemini Β· OpenAI Β· Ollama Β· FTS5)
β
ββ dispatches βΆ Detached sub-agents (independent `claude -p`, survive parent abort)Rendered as plain text so it displays identically on npm and GitHub (npm's README renderer does not support Mermaid diagrams).
Provider matrix
| Provider | Tool use | Streaming | Vision | Auth |
|---|---|---|---|---|
| Claude SDK (Agent) | β native (Bash, Read, Write, Web, MCP) | β | β | Claude CLI OAuth |
| OpenAI Β· Groq Β· Gemini Β· NVIDIA NIM Β· OpenRouter | β universal tool use | β | varies | API key |
| Ollama (local) | β via tool-bridge | β | varies | none |
| Codex CLI | β subprocess | β | β | Codex CLI auth |
| Any OpenAI-compatible | β‘ auto-detect | β | varies | API key |
Universal tool use β Alvin gives full agent powers to any provider that supports function calling. Shell Β· files Β· Python Β· web work everywhere; providers without tool calls degrade cleanly to text-only chat.
Project layout
src/
βββ index.ts entry point
βββ engine.ts multi-model query engine
βββ handlers/ message + command handlers
βββ platforms/ Telegram Β· Slack Β· WhatsApp Β· Discord Β· Signal
βββ providers/ Claude SDK Β· OpenAI-compat Β· Ollama Β· Codex CLI
βββ services/
β βββ embeddings/ v4.22 pluggable provider facade (Gemini/OpenAI/Ollama/FTS5)
β βββ memory*.ts layered memory (L0-L3) + inject-mode resolver
β βββ workspaces.ts per-channel cwd + persona registry
β βββ alvin-dispatch.ts detached sub-agent orchestration
β βββ browser-manager.ts 4-tier browser strategy
β βββ β¦ cron Β· voice Β· skills Β· MCP Β· hooks Β· β¦
βββ tui/ terminal chat UI
βββ web/ dashboard server + APIs
web/public/ zero-build HTML/CSS/JS UI
plugins/ 6 built-in plugins (hot-reload)
skills/ 14 SKILL.md files (hot-reload)
bin/cli.js CLI entry point
electron/ Electron wrapper for the .dmg buildπ§ Multi-Session Workspaces (v4.12.0)
Run multiple parallel Alvin sessions on the same bot β one per project, context-isolated, memory shared. Think Claude Coworker, but on your own machine with your own tools. Each workspace has its own working directory, purpose, and optional persona. Sub-agents spawned in one workspace stay in that workspace. Memory, skills, and the knowledge base are globally shared across all of them.
Why you'd want this
Without workspaces, Alvin has one big blob of context. If you ask about one project's deployment right after debugging a completely unrelated service, Claude pollutes one context with the other. Workspaces solve this: Slack channel = session, or on Telegram, /workspace my-project = session. Each one has its own Claude SDK resume token, history, and current project CLAUDE.md loaded via its working directory.
How it works
- Drop a markdown file into
~/.alvin-bot/workspaces/<name>.mdwith YAML frontmatter. - Alvin hot-reloads the workspace registry (no restart needed β same pattern as skills).
- On Slack, workspaces resolve by explicit channel ID first, then by channel name match (
#my-projectβworkspaces/my-project.md, case-insensitive). - On Telegram, run
/workspace <name>to switch β next message uses the new persona and cwd. - Nothing configured? Alvin falls back to the "default" workspace exactly like pre-v4.12 β no breaking changes.
Example workspace file
Create ~/.alvin-bot/workspaces/my-project.md:
---
purpose: my-project website dev
cwd: ~/Projects/my-project
emoji: "π’"
color: "#6366f1"
channels: ["C01ABCDEF"]
---
You are focused on the my-project website. Stack: React + Express +
Drizzle + MySQL. Production VPS at your-vps.example.com, deploy via rsync.
Prefer concise, directly actionable answers about features, deployment,
and Stripe integration.The cwd auto-loads the project-specific CLAUDE.md via Claude SDK's settingSources: ["user", "project"], so each workspace inherits its project's conventions automatically. channels is optional β omit it to match by filename.
Slack setup (5 minutes)
- Download the setup guide + manifest from the latest release:
slack-setup.mdβ step-by-step instructionsslack-manifest.jsonβ copy-paste ready Slack App manifest
- Create a Slack App from the manifest at https://api.slack.com/apps β Create New App β From an app manifest
- Enable Socket Mode, generate an App-Level Token (starts with
xapp-) - Install the app to your workspace, copy the Bot User OAuth Token (starts with
xoxb-) - Add both to
~/.alvin-bot/.env:SLACK_APP_TOKEN=xapp-1-... SLACK_BOT_TOKEN=xoxb-... SLACK_ALLOWED_USERS=U01ABCDEF # optional, comma-separated
- Restart Alvin. You should see
π¬ Slack connected (Alvin @ YourWorkspace)in the log. - Invite Alvin to channels with
/invite @Alvin. DMs work without an invite.
Telegram /workspace commands
| Command | Effect |
|---|---|
/workspaces |
List all configured workspaces with emojis and purposes (active one marked β ) |
/workspace |
Show the currently active workspace |
/workspace <name> |
Switch to <name> β next message uses its persona and cwd |
/workspace default |
Reset to the default workspace (global cwd, no persona) |
Workspace selection is per Telegram user, persisted across bot restarts via ~/.alvin-bot/state/sessions.json (v2 envelope format, backwards compatible with v4.11).
Web UI
The dashboard has a dedicated π§ Workspaces tab (Data section in the sidebar). Each workspace shows as a color-coded card with emoji, purpose, cwd, mapped channels, session count, message count, and cumulative cost. Useful for spotting which project is burning the most tokens.
Or query directly:
curl -s http://localhost:3100/api/workspaces | jqArchitecture guarantees
- Memory is global. Facts Alvin learns in one workspace are visible in every other workspace via the shared
MEMORY.mdand embeddings index. Per-workspace memory layer is on the v4.13 roadmap. - Sub-agents are per-session. Each workspace can dispatch its own detached sub-agents via
alvin_dispatch_agentβ results come back to the originating channel on any platform (Telegram, Slack, Discord, WhatsApp), visible in/subagents list(v4.13.0+ dispatch, v4.14.0 cross-platform, v4.14.1 unified list view). - Session state survives restart. Claude SDK
resumetokens, conversation history, language, effort, andworkspaceNameall persist viasession-persistence.ts(v4.11.0). - Backwards compatible. If you don't create any workspace files, everything behaves exactly like v4.11. Upgrade is a no-op.
βοΈ Configuration
Environment Variables
# Required
BOT_TOKEN=<Telegram Bot Token>
ALLOWED_USERS=<comma-separated Telegram user IDs>
# AI Providers (at least one needed)
# Claude SDK uses CLI auth β no key needed
GROQ_API_KEY=<key> # Groq (voice + fast models)
NVIDIA_API_KEY=<key> # NVIDIA NIM models
GOOGLE_API_KEY=<key> # Gemini + image generation
OPENAI_API_KEY=<key> # OpenAI models
OPENROUTER_API_KEY=<key> # OpenRouter (100+ models)
# Provider Selection
PRIMARY_PROVIDER=claude-sdk # Primary AI provider
FALLBACK_PROVIDERS=nvidia-kimi-k2.5,nvidia-llama-3.3-70b
# Memory backend (v4.22+) β auto-detects based on what keys you have.
# Set to override the default priority: gemini β openai β ollama β fts5.
# fts5 is the zero-config keyword fallback β no key needed, works for everyone.
EMBEDDINGS_PROVIDER=auto # auto | gemini | openai | ollama | fts5
OLLAMA_EMBEDDING_MODEL=nomic-embed-text # only used for ollama provider
MEMORY_INJECT_MODE=auto # auto | legacy | sqlite (see CHANGELOG v4.22)
# Optional Platforms
WHATSAPP_ENABLED=true # Enable WhatsApp (needs Chrome)
DISCORD_TOKEN=<token> # Enable Discord
SIGNAL_API_URL=<url> # Signal REST API URL
SIGNAL_NUMBER=<number> # Signal phone number
SLACK_BOT_TOKEN=xoxb-... # Slack Bot User OAuth Token (Socket Mode)
SLACK_APP_TOKEN=xapp-1-... # Slack App-Level Token (connections:write scope)
SLACK_ALLOWED_USERS=U01... # Optional: comma-separated Slack user IDs allowlist
# Multi-Session (v4.12.0)
SESSION_MODE=per-channel # per-user (default) | per-channel | per-channel-peer
# per-channel gives each Slack channel / group its own isolated session
# Optional
WORKING_DIR=~ # Default working directory (used when no workspace is resolved)
MAX_BUDGET_USD=5.0 # Cost limit per session
WEB_PORT=3100 # Web UI port
WEB_PASSWORD=<password> # Web UI auth (optional)
CHROME_PATH=/path/to/chrome # Custom Chrome path (for WhatsApp)
MEMORY_EXTRACTION_DISABLED=1 # Opt out of v4.11.0 auto-fact-extraction in compactionCustom Models
Add any OpenAI-compatible model via docs/custom-models.json:
[
{
"key": "my-local-llama",
"name": "Local Llama 3",
"model": "llama-3",
"baseUrl": "http://localhost:11434/v1",
"apiKeyEnv": "OLLAMA_API_KEY",
"supportsVision": false,
"supportsStreaming": true
}
]Personality
Edit SOUL.md to customize the bot's personality. Changes apply on /reload or bot restart.
WhatsApp Setup
WhatsApp uses whatsapp-web.js β the bot runs as your own WhatsApp account (not a separate business account). Chrome/Chromium is required.
1. Enable WhatsApp
Set WHATSAPP_ENABLED=true in .env (or toggle via Web UI β Platforms β WhatsApp). Restart the bot.
2. Scan QR Code
On first start, a QR code appears in the terminal (and in the Web UI). Scan it with WhatsApp on your phone (Settings β Linked Devices β Link a Device). The session persists across restarts.
3. Chat Modes
| Mode | Env Variable | Description |
|---|---|---|
| Self-Chat | (always on) | Send yourself messages β bot responds. Your AI notepad. |
| Groups | WHATSAPP_ALLOW_GROUPS=true |
Bot responds in whitelisted groups. |
| DMs | WHATSAPP_ALLOW_DMS=true |
Bot responds to private messages from others. |
| Self-Chat Only | WHATSAPP_SELF_CHAT_ONLY=true |
Disables groups and DMs β only self-chat works. |
All toggles are also available in the Web UI (Platforms β WhatsApp). Changes apply instantly β no restart needed.
4. Group Whitelist
Groups must be explicitly enabled. In the Web UI β Platforms β WhatsApp β Group Management:
- Enable a group to let the bot listen
- Allowed Contacts β Select who can trigger the bot (empty = everyone)
- @ Mention Required β Bot only responds when mentioned (voice/media bypass this)
- Process Media β Allow photos, documents, audio, video
- Approval Required β Owner must approve each message via Telegram before the bot responds. Group members see nothing β completely transparent.
Note: Your own messages in groups are never processed (you ARE the bot on WhatsApp). The bot only responds to other participants. In self-chat, your messages are always processed normally.
5. Approval Flow (when enabled per group)
- Someone writes in a whitelisted group
- You get a Telegram notification with the message preview + β Approve / β Deny buttons
- Approve β bot processes and responds in WhatsApp. Deny β silently dropped.
- Fallback channels if Telegram is unavailable: WhatsApp self-chat β Discord β Signal
- Unapproved messages expire after 30 minutes.
π Plugins
Built-in plugins in plugins/:
| Plugin | Description |
|---|---|
| weather | Current weather & forecasts |
| finance | Stock prices & crypto |
| notes | Personal note-taking |
| calendar | Calendar integration |
| Email management | |
| smarthome | Smart home control |
Plugins are auto-loaded at startup. Create your own by adding a directory with an index.js exporting a PluginDefinition.
π― Skills
Skills are markdown files in skills/ that auto-activate when the user's message matches their trigger keywords. The skill body gets injected into the system prompt, giving the agent specialized expertise on demand. 14 ship built-in:
| Skill | Description |
|---|---|
| agent-browser | Token-efficient web automation via the agent-browser CLI (accessibility-tree snapshots) β Tier 1.5 of the browser stack |
| apple-notes | Read, create, search Apple Notes via AppleScript (macOS) |
| browse | 3-tier browser control: WebFetch Β· stealth Playwright Β· CDP with persistent profile |
| code-project | Software development workflows: build, debug, refactor, architecture patterns |
| data-analysis | CSV / JSON / Excel processing, charts, statistics via Python |
| document-creation | Professional PDFs, reports, letters with formatting |
| email-summary | Inbox triage, newsletter digests, priority sorting |
| github | Issues, PRs, releases, workflows via the gh CLI |
| social-fetch | Analyse Instagram / TikTok / YouTube / X URLs the user shares |
| summarize | Condense URLs, PDFs, long documents |
| system-admin | Server management, deploys, Docker, nginx, SSL |
| weather | Forecasts and conditions |
| web-research | Deep multi-source research with citation aggregation |
| webcheck | Security / SEO audit of a website |
Drop your own <name>/SKILL.md into ~/.alvin-bot/skills/ for hot-reload. List active skills via /skills or alvin-bot skills.
π οΈ CLI
Core lifecycle
alvin-bot setup # Interactive setup wizard (Telegram + AI provider + tools)
alvin-bot start # Start the bot in background (launchd on macOS, pm2 elsewhere)
alvin-bot start -f # Start in foreground (for debugging)
alvin-bot stop # Stop the running bot
alvin-bot status # Show version + LaunchAgent / pm2 state (offline)
alvin-bot doctor # Health check β config, provider, memory, permissions
alvin-bot update # Pull latest from npm (or git if running from source)
alvin-bot version # Show versionInteractive chat
alvin-bot tui # Terminal chat UI with streaming + ANSI colors β¨
alvin-bot chat # Alias for tui
alvin-bot tui --lang de # Force German UIAI provider management (since 4.24.0)
Switch between Claude SDK / Codex CLI / Groq / Gemini / OpenAI / OpenRouter / NVIDIA NIM / offline Gemma 4 without re-running the full setup wizard. The switch command runs the same install + auth flow the wizard uses (CLI install + OAuth login for claude-sdk / codex-cli, API-key prompt + live validation for the rest), then does a byte-preserving merge of ~/.alvin-bot/.env β the previous provider's API key is parked, not deleted, so rollback is one un-comment away.
alvin-bot provider list # Show all providers + per-provider install/key status
alvin-bot provider show # Detailed info on the currently configured provider
alvin-bot provider switch <key> # Switch (interactive setup + .env merge + bot restart)
alvin-bot provider doctor # Validate current provider's auth against its API<key> accepts canonical slugs or short aliases: claude, codex, gemini, nvidia, gpt, gemma.
Optional tools β install / update (since 4.23.0)
A curated set of universally useful CLIs that unlock specific skills. Bootstrap tools (yt-dlp, ffmpeg, and wacli if WhatsApp is enabled) are auto-installed/updated by setup and update; the rest you opt into through the menu.
alvin-bot tools list # Show installed / missing optional tools
alvin-bot tools install # Interactive menu β pick which to installmacOS permissions wizard (since 5.1.0)
macOS' TCC framework refuses to let any app grant Full Disk Access / Automation / Accessibility programmatically β only the user can flip those switches. The wizard makes the toggling experience painless: it detects every permission's current state, opens the exact right Settings pane for each missing one, waits for you to toggle (polling every 2 s for up to 60 s per permission), verifies, and moves on. Bundles sudo-password storage in the same upfront flow.
alvin-bot permissions status # Quick status: all 4 permissions + current state
alvin-bot permissions wizard # Interactive guided setup, one-and-done
alvin-bot permissions open <id> # Open one Settings pane (full-disk-access / automation / accessibility)
alvin-bot perms # alias for permissionsLaunchAgent (macOS only)
alvin-bot launchd install # Write ~/Library/LaunchAgents/com.alvinbot.app.plist + load
# (Also installs the dead-man-switch companion plist since 4.26.0)
alvin-bot launchd status # Show PID + recent stdout/stderr from the LaunchAgent
alvin-bot launchd uninstall # Unload + remove both plistsBrowser automation (bot-managed Chromium)
alvin-bot browser start # Launch Chromium with CDP, persistent profile
alvin-bot browser start headful # Same, visible (for login flows)
alvin-bot browser goto <url> # Open URL, return JSON metadata
alvin-bot browser shot <url> [file] # Screenshot β ~/.alvin-bot/browser/screenshots/
alvin-bot browser eval <url> "<js>" # Run JS in page context
alvin-bot browser tabs # List open tabs
alvin-bot browser status # PID + CDP endpoint
alvin-bot browser stop # Quit Chromium
alvin-bot browser doctor # Diagnose Chromium / Playwright setupMaintenance & introspection
alvin-bot audit # Security health check β permissions, secrets, config
alvin-bot search "<query>" # Search assets, memories, and skills indexEnvironment-variable opt-outs (Self-Preservation features since 4.26.0 / 5.0.0)
Granular opt-out for the resilience subsystems β everything is enabled by default:
ALVIN_DISABLE_SELF_PRESERVATION=true # Kill ALL Phase-1 + Phase-2 features below
ALVIN_DISABLE_PREFLIGHT=true # Skip startup sanity check (Telegram, provider, SQLite, disk)
ALVIN_DISABLE_CRITICAL_NOTIFY=true # Skip cross-channel alerts (Telegram + macOS notif + file flag)
ALVIN_DISABLE_DEAD_MAN=true # Skip the zombie-detection heartbeat writer
ALVIN_DISABLE_AUTO_DIAGNOSTIC=true # Skip forensic-bundle writing on crash
ALVIN_DISABLE_SELF_DIAGNOSIS=true # Skip AI analysis of forensic bundles at startup
ALVIN_DISABLE_TRENDS=true # Skip daily trend snapshots + AI anomaly detection
ALVIN_DEADMAN_THRESHOLD_SEC=600 # Dead-man's-switch staleness threshold (default 10 min)
ALVIN_TRENDS_INTERVAL_HOURS=24 # Trend-snapshot cadence (default 24 h)
ALVIN_TRENDS_AI_AFTER_DAYS=7 # Days of history before AI anomaly detection kicks inπΊοΈ Roadmap
Per-version details: see
CHANGELOG.md. The roadmap is a forward-looking summary, not a changelog.
β Recently shipped
| Version | Theme | Highlights |
|---|---|---|
| v5.13 (May 2026) | Prompted-tool sub-agents (opt-in) | SUBAGENT_PROMPTED_TOOLS=1 lets models without native function-calling run background sub-agents via a strict prompted protocol β capped, honest best-effort degradation, same exec guardrails. Off by default (zero change unless enabled). Completes provider-agnostic background sub-agents. |
| v5.12 (May 2026) | Non-Claude background sub-agents | Function-calling providers (Groq, OpenRouter, NVIDIA NIM, Gemini, capable Ollama) now run background sub-agents via a detached worker reusing the same tool layer + exec guardrails + delivery/reconciliation. Claude-SDK path byte-for-byte unchanged; non-function-calling models keep the graceful fallback. |
| v5.11 (May 2026) | Provider-agnostic sub-agent groundwork | Internal dispatch backend seam; on installs without the claude CLI a background-task request now returns an honest message via the normal result path instead of erroring. Claude-SDK path byte-for-byte unchanged. Follow-ups add a generic non-Claude worker. |
| v5.10 (May 2026) | Answer-detail control + real /btw |
/verbosity short|medium|full (medium = unchanged default) applied uniformly across all providers; /btw is now an actual discoverable command on every messenger β steers a live Claude-SDK task or replies honestly instead of the old silent no-op. |
| v5.9 (May 2026) | Quieter, honest health alerts + fixes | Trend monitor no longer false-alarms after an update (ignores version-change churn, requires a real recurring fault, 24 h debounce); macOS sudo/keychain setup fixed (was hanging with "exit null"); 7-day screenshot auto-cleanup now covers the CLI temp dir + on-demand /cleanup. |
| v5.7 β v5.8 (May 2026) | Distribution hardening | Leaner, more tamper-resistant published package; local dev stays fully readable. Verified by fresh global install on a clean machine. |
| v5.3 β v5.6 (May 2026) | Control + delivery UX | Live btw β¦ steering of a running task, honest instant β Stop with confirmation, compact background-task delivery (tight header + answer, long output as one file), 48 h monitor self-heal. |
| v5.0 β v5.2 (May 2026) | Reliable mid-task stop + hardening | Dependable /cancel (soft) and /stopall (hard) with an inline β button; whole-project security + bug-hardening pass. |
| v4.22 (May 2026) | Memory architecture overhaul | Pluggable embedding providers β Gemini Β· OpenAI Β· Ollama Β· FTS5 (zero-config keyword fallback). Auto-detection picks the best available, so users with no API key still get a working indexed memory store. Smart inject mode stops bulk-injecting MEMORY.md once SQLite is populated. |
| v4.21 | Agent Browser skill | Tier-1.5 token-efficient web automation via the agent-browser CLI β opt-in by install. ~90 % token reduction vs Playwright on cooperative pages. |
| v4.20 | SQLite-backed vector memory | Replaces the legacy 128 MB JSON index. Automatic migration on first start, per-chunk INSERT/UPDATE, lazy native binary load with graceful fallback. |
| v4.18 β v4.19 | Reliability + per-workspace overrides | SDK auto-recovery on token rotation / quota exhaustion / empty streams. Per-workspace effort / provider / voice / temperature / toolset. |
| v4.17 | Hardening audit | Disk cleanup service, hardening fixes from internal audit. |
| v4.13 β v4.14 | Detached sub-agents | alvin_dispatch_agent MCP tool spawns independent claude -p subprocesses that survive parent aborts. Multi-platform dispatch (Slack / Discord / WhatsApp). Watcher zombie guard. |
| v4.10 β v4.12 | Multi-session + Slack | Workspace registry with hot-reload, per-channel personas + cwd, Slack adapter with progress ticker + typing status, owner approval gate, async sub-agents. |
ποΈ Foundations (built before v4.10)
Multi-model provider abstraction with fallback chains Β· plugin & skill ecosystems with hot-reload Β· multi-platform adapters (Telegram, WhatsApp, Discord, Signal, Slack) Β· Web UI with i18n + command palette Β· native macOS .dmg via Electron Β· Docker Compose Β· npm distribution Β· MCP client + custom tools Β· universal tool use across providers Β· full media pipeline (audio Β· video Β· photo Β· voice).
π― On the radar
| Priority | Item | Why |
|---|---|---|
| P0 | MCP plugin sandboxing | MCP servers currently run with full Node privileges. Plan: child process with restricted FS + network policy (deno-permission style). Architectural change. |
| P1 | Electron major upgrade (35 β 41+) + Windows .exe |
Closes desktop-build CVEs, unblocks the only platform still missing a native installer. |
| P1 | Prompt injection defense policy | Needs a design decision (heuristic filter / allow-list / accept-the-risk with clearer warnings) and consistent enforcement at every message entry point. |
| P2 | Per-workspace memory layer | Facts learned in one workspace stay scoped unless explicitly promoted. Builds on the v4.22 SQLite store. |
| P2 | Per-workspace skill allowlist | Scope Apple Notes to personal workspace, sysadmin tools to devops only, etc. |
| P2 | Multi-user Slack (per-channel-peer) |
Different users in the same Slack channel get their own sub-sessions. |
| P3 | Linux .AppImage / .deb, Homebrew formula, Scoop manifest, one-line install script |
Platform reach for non-npm users. |
| P3 | Daily-log decay / archive | Older daily logs move to cold storage after N days. |
| P3 | Workspace cloning / templates | /workspace clone my-project as my-fork spins up a new workspace from an existing one. |
| P3 | TypeScript 5 β 6 | 5.x still supported; strict-mode break-fix work, not urgent. |
Pull requests welcome β see CONTRIBUTING.md.
π Security
β οΈ Important: Alvin has full shell + filesystem access
Alvin Bot is an autonomous AI agent built on the Claude Agent SDK with shell, filesystem, and network access to the machine it runs on. This is by design β it's the point of the project. But it means:
- Treat the bot like
sudoaccess β only install it on machines where you'd trust Claude Code to run without supervision.- Never expose the Web UI (port 3100) to the internet without HTTPS, rate limiting, and a strong
WEB_PASSWORD. It binds tolocalhostby default.- On multi-user systems, verify
~/.alvin-bot/.envis chmod600(v4.12.2+ enforces this automatically on startup).ALLOWED_USERSis your first line of defense β v4.12.2+ refuses to start if it's empty and Telegram is enabled.Read the full threat model and hardening guide:
docs/security.md
Access control
- User whitelist β Only
ALLOWED_USERScan interact with the bot (hard-enforced at startup since v4.12.2) - WhatsApp group approval β Per-group participant whitelist + owner approval gate via Telegram (with WhatsApp DM / Discord / Signal fallback). Group members never see the approval process.
- Slack allowlist β
SLACK_ALLOWED_USERSrestricts who can DM or @mention the bot in Slack - DM pairing β Optional 6-digit code flow for new users via owner approval (
AUTH_MODE=pairing)
Execution hardening
EXEC_SECURITY=allowlist(default) β Shell commands must match a whitelist of safe binaries and cannot contain shell metacharacters (;,|,&,`,$(...), redirects). Rejected by v4.12.2's exec-guard metachar filter.- Cron shell jobs go through the same exec-guard (v4.12.2+) β cron is no longer a bypass vector.
- Sub-agent toolset presets β spawn sub-agents with
toolset: "readonly"or"research"to restrict what they can do, regardless of the parent's privileges. - Timing-safe webhook auth β
POST /api/webhookusescrypto.timingSafeEqual(v4.12.2+) to prevent timing side-channel token extraction.
Data hardening
- Self-hosted β Your data stays on your machine. No cloud sync, no external logging of prompts or responses.
- No telemetry β Zero tracking, zero analytics, zero phone-home.
- File permissions β
.env,sessions.json, memory logs, cron jobs, and all sensitive state files are chmod0o600on every write and repaired at startup (v4.12.2+). - Owner protection β Owner account cannot be deleted via UI.
- Encrypted sudo credentials β If you enable sudo exec, passwords are stored encrypted with an XOR key in a separate file, both chmod
0o600.
Known limitations (documented honestly)
- Prompt injection cannot be reliably filtered β we document this as a capability tradeoff rather than pretending to solve it. See
docs/security.mdfor the full discussion. - Not yet hardened for public-internet deployment β current scope is "on your own machine". VPS deployment works but requires additional reverse-proxy + TLS + rate-limit setup that we don't automate.
- Electron Desktop build has known CVEs (Phase 18 roadmap). The primary distribution is npm global install, not Desktop β if you don't use the Desktop wrapper, you're not affected.
π License
MIT β See LICENSE.
π€ Contributing
Issues and PRs welcome! Please read the existing code style before contributing.
git clone https://github.com/alvbln/Alvin-Bot.git
cd alvin-bot
npm install
npm run dev # Development with hot reload