Missions, Not Messages
124K+ lines of TypeScript + Rust. 49+ agent tools, 7 LLM providers, self-improving. Give an objective, get a structured report.
npx nestor-sh install
Desktop apps for macOS, Windows, and Linux — coming soon.
The Problem
AI agents are powerful but unpredictable. They hallucinate, overspend, execute unsafe commands, and operate as opaque black boxes with no accountability trail.
The Solution
Nestor gives agents guardrails, memory, and accountability. Every action is sandboxed, every token is tracked, and every decision has a trust score.
Everything you need for autonomous agents
A complete platform from CLI to dashboard, built for security and reliability.
Mission System
Give an objective, get a structured report. Sub-agents decompose, execute in parallel, cross-reference, iterate until quality threshold.
Self-Improving
Agents create their own tools on-the-fly via nestor_build_tool. Tools are tested, persisted, and available forever.
Knowledge Graph
Second brain that grows with every mission. Entities, relationships, facts. Agents consult before acting.
7 LLM Providers
Claude, GPT-4o, Gemini, Grok, Mistral, Ollama, and OpenRouter (300+ models). Automatic fallback chain with cost optimization.
30+ Agent Tools
Web search, scraping, OSINT (Wayback, WHOIS, GitHub, HN, SIRENE), file ops, shell, Obsidian, n8n, memory, missions.
Security-First
Rust core for SSRF/path traversal, Docker sandbox, approval engine, guardrails, budget limits, circuit breaker.
Hat System
5 specialized personas: coder, researcher, security, writer, osint. Switch context instantly with --hat for role-specific tools and instructions.
Backpressure Validators
Tests as quality gates with progressive strictness. Each iteration must pass validation before proceeding. --validate flag on loop commands.
Desktop Notifications
OS-native alerts when missions complete or agents need attention. Works on macOS, Windows, and Linux out of the box.
Up and running in 3 steps
From zero to autonomous agent in under 5 minutes.
Install & Choose Your LLM
Interactive wizard configures your API keys and preferred model provider.
$ npx nestor-sh install
Chat With Your Agent
Launch the interactive shell. Your agent has access to tools, memory, and your codebase.
$ npx nestor-sh shell
Launch the Studio
Start the web dashboard to monitor agents, edit workflows, and track costs in real time.
$ npx nestor-sh start
Built for reliability
A layered architecture with security at every level.
┌────────────────────────────────────────────────────────────┐ │ nestor CLI │ │ install shell start agent skill workflow test │ └──────────────────────────┬─────────────────────────────────┘ ┌──────────────────────────┴─────────────────────────────────┐ │ @nestor/server (Express + WS) │ │ Auth | Rate-limit | Studio Dashboard │ └────┬──────────┬──────────────┬──────────────┬──────────────┘ ┌────┴────┐ ┌───┴────┐ ┌─────┴─────┐ ┌─────┴──────┐ │ @nestor │ │@nestor │ │ @nestor │ │ @nestor │ │ agent │ │ orch │ │ mcp │ │ db │ │ Runtime │ │DAG exec│ │ 15 tools │ │ SQLite │ │ 7 LLMs │ │ Cron │ │4 resources│ │ 66 tables │ └────┬────┘ └───┬────┘ └─────┬─────┘ └────────────┘ ┌────┴──────────┴──────────────┴─────────────────────────────┐ │ nestor-core (Rust → N-API) │ │ SSRF | Path traversal | Secret redaction | Crypto │ └──────────────────────────┬─────────────────────────────────┘ ┌──────────────────────────┴─────────────────────────────────┐ │ Docker Sandbox (optional) │ │ cap-drop ALL | read-only FS | network=none │ └────────────────────────────────────────────────────────────┘
How Nestor compares
An honest comparison with other agent frameworks.
| Feature | Nestor | OpenClaw | Paperclip | Cognetivy | Hermes |
|---|---|---|---|---|---|
| Multi-LLM Support | 7 providers | 3 | 2 | 4 | Multiple |
| Mission System | Yes | No | No | No | No |
| Self-Improving Tools | Yes | No | No | No | Yes |
| Knowledge Graph | Yes | No | No | No | Memory only |
| OSINT Tools | Yes | No | No | No | No |
| Obsidian Integration | Yes | No | No | No | No |
| Dry-Run Mode | Yes | No | No | Partial | No |
| Trust Score (A-F) | Yes | No | No | No | No |
| Rust Security Core | Yes | No | No | No | No |
| Docker Sandbox | Yes | Partial | No | Yes | No |
| DAG Workflows | Yes | No | Yes | Partial | No |
| Web Studio Dashboard | Yes | No | Yes | No | Partial |
| Hat System (Personas) | 5 hats | No | No | No | No |
| Backpressure Validators | Yes | No | No | No | No |
| Desktop Notifications | Yes | No | No | Partial | No |
| Open Source (MIT) | Yes | Yes | No | AGPL | Yes |
Get started in 30 seconds
From install to your first mission with v3.5.0.
$ npx nestor-sh shell --hat osint Nestor Shell v3.5.0 [🔍 OSINT Investigator] > Investigate the founders of Acme Corp ⚡ Creating mission with 6 sub-objectives... 🔍 Entity disambiguation... ✓ 3 findings 🌐 Profile harvest... ✓ 5 findings 📊 Cross-referencing... ✓ 2 contradictions flagged 📝 Report generated (quality: 88%) 🔔 Desktop notification sent Mission complete. View: http://localhost:3100/missions/abc123 $ npx nestor-sh loop --validate "Build the auth module" 🔁 Iteration 1/5 — coding... 🧪 Backpressure: 3/7 tests passing → iterating 🔁 Iteration 2/5 — fixing edge cases... ✅ Backpressure: 7/7 tests passing → done
Desktop apps for macOS, Windows, and Linux — coming soon.
Frequently Asked Questions
Everything you might want to know before installing — install, providers, security, compliance, and more.
What is Nestor?
Nestor is an open-source, security-first AI agent platform distributed as the npm package nestor-sh. It lets developers build, orchestrate, and monitor autonomous AI agents across seven LLM providers with a Rust security core and a TypeScript/React Studio UI. Current version is 3.5.0 (released 2026-04-26) and the project is MIT-licensed.
How do I install Nestor?
Install Nestor with a single command: npx nestor-sh install. The installer runs an interactive wizard to configure your first LLM provider and launches the local Studio on port 3100. The full 5-minute quickstart is documented at /docs/quickstart.html.
Is Nestor free?
Yes. Nestor is open-source under the MIT license and the nestor-sh npm package is free to download, self-host, and modify. You only pay your own LLM provider for the tokens you consume (BYOK), with Ollama costing $0 for fully-local runs. Paid hosted tiers (Solo Pro, Team, Enterprise) are optional and add features like shared Studio, SSO, RBAC, and audit logs.
What LLM providers does Nestor support?
Nestor ships with first-class adapters for seven LLM providers: Anthropic Claude, OpenAI, Google Gemini, xAI Grok, Mistral, Ollama (fully-local), and OpenRouter. Provider switching is a first-class primitive, so a single agent or mission can fall over from Claude to GPT-4o to Gemini mid-run when rate limits hit.
How is Nestor different from ClaudeClaw?
ClaudeClaw is a ~6,500-line Bun daemon that subprocess-wraps the local claude CLI and piggy-backs on a Claude Max subscription; Nestor is a ~125,000-line BYOK HTTP platform with a Rust security core, seven providers, missions, DAG workflows, multi-tenant RBAC, and an audit log. Use ClaudeClaw for a solo butler on a Max plan; use Nestor when you need a second model, a second user, or a first audit question. Full head-to-head at /vs-claudeclaw.html.
Does Nestor work with Claude Code?
Yes. Nestor exposes an MCP server with 15 nestor_* tools that plug directly into Claude Code, Claude Desktop, Cursor, Continue, and Cline. Configuration details and the full tool list are on /docs/mcp.html. Nestor does not depend on the claude CLI — it talks HTTP to providers directly.
How is Nestor different from OpenClaw?
OpenClaw reused OAuth tokens from Claude Free/Pro/Max subscriptions inside a third-party harness, which Anthropic explicitly banned on 2026-04-04 (OpenClaw's creator was temporarily banned on 2026-04-10). Nestor is BYOK end-to-end: you hold the API keys, you pay the provider directly, and the compliance boundary is clean under the April-4 Consumer Terms of Service update.
Can I use my own API keys (BYOK)?
Yes — BYOK is the default and recommended mode. Run npx nestor-sh install and the wizard will prompt for ANTHROPIC_API_KEY, OPENAI_API_KEY, GEMINI_API_KEY, GROK_API_KEY, MISTRAL_API_KEY, OLLAMA_BASE_URL, and/or OPENROUTER_API_KEY. Keys are stored locally and redacted from logs by the Rust secret-redaction layer.
Does Nestor violate Anthropic's ToS?
No. Anthropic's 2026-04-04 Consumer Terms of Service update banned reusing OAuth tokens from Free, Pro, and Max subscriptions inside third-party products. Nestor never touches subscription tokens — it calls the paid Anthropic API directly with your own API key (BYOK), which is explicitly allowed. The same applies to OpenAI, Google, xAI, Mistral, OpenRouter, and Ollama.
What's included in the Rust security core?
The nestor-core crate (compiled to N-API) enforces primitives that cannot be bypassed from TypeScript: SSRF protection with DNS pinning (blocks rebinding, private IPs, link-local, and cloud metadata endpoints), multi-pass path-traversal rejection, secret redaction across 30+ regex patterns on every outbound log and tool result, ReDoS guard on user-supplied regex, homoglyph detection on string inputs, and HMAC-signed approval tokens. An optional Docker sandbox adds cap-drop ALL, read-only root FS, and network=none by default. Full model at /docs/security.html.
What agents ship with Nestor?
Nestor ships with the BMAD+ persona stack — Atlas (Strategist), Forge (Architect-Dev), Sentinel (Quality), Nexus (Orchestrator), and Shadow (OSINT) — plus 49+ built-in agent tools and 15 MCP tools covering shell, filesystem, HTTP, knowledge graph, and orchestration. Personas activate behind NESTOR_PERSONA_V2=1 and are documented at /docs/personas.html.
Where do I find the Nestor source code?
The full source is on GitHub at github.com/lrochetta/nestor (public, MIT-licensed, ~125,000 LOC across 14 packages). The npm package is nestor-sh and native prebuilds are published under the @nestor-sh scope. Release notes for 3.4.0, 3.4.1, and 3.5.0 are on the GitHub releases page.