by osaurus-ai
Own your AI. The native macOS harness for AI agents -- any model, persistent memory, autonomous execution, cryptographic identity. Built in Swift. Fully offline. Open source.
# Add to your Claude Code skills
git clone https://github.com/osaurus-ai/osaurusGuides for using ai agents skills like osaurus.
Last scanned: 4/19/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-04-19T06:01:26.219Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}Models are getting cheaper and more interchangeable by the day. What's irreplaceable is the layer around them -- your context, your memory, your tools, your identity. Others keep that layer on their servers. Osaurus keeps it on your machine.
Osaurus is the AI harness for macOS. It sits between you and any model -- local or cloud -- and provides the continuity that makes AI personal: agents that remember, execute autonomously, run real code, and stay reachable from anywhere. The models are interchangeable. The harness is what compounds.
Works fully offline with local models. Connect to any cloud provider when you want more power. Nothing leaves your Mac unless you choose.
Native Swift on Apple Silicon. No Electron. No compromises. MIT licensed.
brew install --cask osaurus
Or download the latest .dmg from Releases. After installing, launch from Spotlight (⌘ Space → "Osaurus") or the CLI:
osaurus ui # Open the chat UI
osaurus serve # Start the server
osaurus status # Check status
Requires macOS 15.5+ and Apple Silicon.
Agents are the core of Osaurus. Each one gets its own prompts, memory, and visual theme -- a research assistant, a coding partner, a file organizer, whatever you need. Tools and skills are automatically selected via RAG search based on the task at hand -- no manual configuration needed. Everything else in the harness exists to make agents smarter, faster, and more capable over time.
Agents can also opt into a private encrypted database and a single self-scheduled next run -- see Agent DB & Self-Scheduling.
Every chat is an agent loop. Pick a working folder and the agent gets file, search, and git tools. Toggle the sandbox and it gets shell access in an isolated Linux VM. The model writes a markdown todo list, executes against it, and closes out with a verified summary -- all in the same chat window. See the Agent Loop Guide.
Agents execute code in an isolated Linux VM powered by Apple's Containerization framework. Full dev environment -- shell, Python, Node.js, compilers, package managers -- with zero risk to your Mac.
Each agent gets its own Linux user and home directory. The VM connects back to Osaurus (inference, memory, secrets) via a vsock bridge -- sandboxed but not disconnected. Extend with simple JSON plugin recipes, no Xcode or code signing required.
┌────────────────┐ ┌────────────────────────────┐
│ Osaurus │ │ Linux VM (Alpine) │
│ │ │ │
│ Sandbox Mgr ──┼───────┤→ /workspace (VirtioFS) │
│ Host API ←──┼─vsock─┤→ osaurus-host bridge │
│ │ │ │
│ │ │ agent-alice (Linux user) │
│ │ │ agent-bob (Linux user) │
└────────────────┘ └────────────────────────────┘
Requires macOS 26+ (Tahoe). See the Sandbox Guide for configuration, built-in tools, and plugin authoring.
Three layers -- identity, pinned facts, and per-session episodes -- plus a transcript fallback. Agents distill conversations once at session end (not on every turn), score what matters by salience, and surface at most one compact slice per request based on what you're actually asking. A background consolidator decays, merges, and evicts so memory stays sharp instead of bloating. Most turns inject ~800 tokens or less; many inject zero. See the Memory Guide.
When you send to a cloud model, an on-device classifier — OpenAI's openai/privacy-filter (Apache-2.0, 1.5B params / 50M active sparse-MoE), served via the MLX conversion mlx-community/openai-privacy-filter-bf16 (~2.8 GB) — detects names, emails, phones, URLs, addresses, dates, account numbers, and free-form secrets, alongside deterministic regex for SSN, credit cards, IBAN, AWS keys, GitHub tokens, and your own custom patterns. Each detection is shown in a review sheet with a scrubbed preview before sending; approved entities are swapped for stable [PERSON_1] / [EMAIL_2] placeholders, and streaming replies are unscrubbed back on the fly so the chat reads naturally. Fail-closed: if the post-scrub scan finds anything that leaked, the send is blocked. Verify wire-level redaction in the Insights panel — it captures the exact bytes the cloud saw. See the Privacy Filter Guide.
Every participant -- human, agent, device -- gets a secp256k1 cryptographic address. Authority flows from your master key (iCloud Keychain) down to each agent in a verifiable chain of trust. Create portable access keys (osk-v1), scope per-agent, revoke anytime. See Identity docs.
Expose agents to the internet via secure WebSocket tunnels through agent.osaurus.ai. Unique URL per agent based on its crypto address. No port forwarding, no ngrok, no configuration.
The harness is model-agnostic. Swap freely -- your agents, memory, and tools stay intact.
Run Gemma 4, Qwen3.6, GPT-OSS, Llama, and more on Apple Silicon with optimized MLX inference. Osaurus maintains its own optimized model library on Hugging Face with curated quantizations for the best quality-to-size ratio on Apple Silicon. Models stored at ~/MLXModels (override with OSU_MODELS_DIR). Fully private, fully offline.
Osaurus supports Liquid AI's LFM family -- on-device models built on a non-transformer architecture optimized for edge deployment. Fast decode, low memory footprint, and strong tool calling out of the box.
On macOS 26+, use Apple's on-device model as a first-class provider. Pass model: "foundation" in API requests. Tool calling maps through Apple's native interface automatically. Zero inference cost, fully private.
Connect to OpenAI, Anthropic, Gemini, xAI/Grok, Venice AI, OpenRouter, Ollama, or LM Studio. Venice provides uncensored, privacy-focused inference with no data retention. Context and memory persist across all providers.
Osaurus is a full MCP (Model Context Protocol) server. Give any MCP-compatible client access to your tools with the command-based stdio bridge:
{
"mcpServers": {
"osaurus": {
"command": "osaurus",
"args": ["mcp"]
}
}
}
osaurus mcp starts a stdio MCP server for the client and proxies tool discovery/calls to your local Osaurus HTTP server. In the other direction, Osaurus can also act as an MCP client and aggregate tools from URL-based remote MCP providers. One-tap connect to ~25 well-known providers (Linear, Notion, GitHub, Vercel, Supabase, Sentry, Stripe, Cloudflare, ...) with auto OAuth 2.1 + Dynamic Client Registration, or paste an API key. The Remote MCP Providers UI is for HTTP/SSE MCP endpoints; it does not launch third-party command/args stdio providers. See the Remote MCP Providers Guide for details.
osaurus tools install osaurus.browser # Install from registry
osaurus tools list # List installed
osaurus tools create MyPlugin --swift # Create a plugin
osaurus tools dev com.acme.my-plugin # Dev with hot reload
20+ native plug
No comments yet. Be the first to share your thoughts!