Local-first. Zero-trust. Auditable by design.
Important
Every AI coding agent sends your code to the cloud. No sandbox. No audit trail. No cryptographic guarantees. WRAP NEBULA does the opposite. Your code never leaves your machine.
WRAP NEBULA is a local-first AI agent kernel that runs entirely on your machine. It provides a secure, auditable, and sandboxed execution environment for AI agents โ with a Rust-powered policy governor, V8 isolate sandboxes, and Ed25519-signed audit trails.
flowchart LR
subgraph INPUT["๐ฅ Input Layer"]
A[CLI] --> SAN
B[Telegram Bot] --> SAN
C[VS Code Extension] --> SAN
end
subgraph SECURITY["๐ Security Layer"]
SAN[Sanitizer<br/>PII Redaction + Injection Block] --> GOV
GOV[Rust Governor<br/>Policy Enforcement] --> SOUL
end
subgraph BRAIN["๐ง Agent Layer"]
SOUL[SOUL.md<br/>Agent Personality] --> LLM
LLM[LLM Engine<br/>Ollama ยท Claude ยท GPT-4] --> SKILL
SKILL[Skills<br/>V8 Sandboxed Executors] --> MEM
MEM[Memory<br/>SQLite ยท Local Only]
end
subgraph OUTPUT["๐ค Output Layer"]
MEM --> SIGN
SIGN[Ed25519 Signing<br/>Audit Trail] --> RESP
RESP[Response]
end
style INPUT fill:#1a1a2e,stroke:#e94560,color:#fff
style SECURITY fill:#16213e,stroke:#0f3460,color:#fff
style BRAIN fill:#0f3460,stroke:#533483,color:#fff
style OUTPUT fill:#1a1a2e,stroke:#e94560,color:#fff
Every message flows through this layered pipeline. Compromising one layer does not compromise the others.
| Feature | Kilo | Cline | Cursor | WRAP NEBULA |
|---|---|---|---|---|
| Sandboxed Execution | โ | โ | โ | โ V8 Isolate |
| Audit Trail | โ | โ | โ | โ Ed25519 Signed |
| PII Redaction | โ | โ | โ | โ Automatic |
| Local-First | partial | partial | โ | โ Default |
| Zero Cloud Dependency | โ | โ | โ | โ Total |
| Free Forever | โ | โ | โ | โ MIT |
| Telegram Interface | โ | โ | โ | โ Built-in |
| VS Code Extension | โ | โ | โ | โ Included |
| Multi-LLM Support | partial | partial | โ | โ Ollama/Claude/GPT-4 |
| Rust Policy Engine | โ | โ | โ | โ Governor |
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ WRAP NEBULA โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โ
โ โ CLI โ โ Telegram โ โ VS Code โ INPUT SURFACES โ
โ โโโโโโฌโโโโโโ โโโโโโฌโโโโโโ โโโโโโฌโโโโโโ โ
โ โ โ โ โ
โ โโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโ โ
โ โผ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ SANITIZER โ โ PII redaction โ
โ โ injection blocking โ โ prompt injection guard โ
โ โโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโ โ
โ โผ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ RUST GOVERNOR โ โ separate process โ
โ โ policy enforcement engine โ โ survives agent crash โ
โ โโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโ โ
โ โผ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ AGENT CORE โ โ
โ โ โโโโโโโโโโโ โโโโโโโโโโโโโโโโ โ โ
โ โ โ SOUL.md โโโโ LLM โ โ โ Ollama / Claude / GPT โ
โ โ โโโโโโโโโโโ โโโโโโโโฌโโโโโโโโ โ โ
โ โ โผ โ โ
โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ
โ โ โ V8 SANDBOX SKILLS โ โ โ 14 sandboxed executors โ
โ โ โ web ยท code ยท file ยท โฆ โ โ โ
โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ
โ โ โผ โ โ
โ โ โโโโโโโโโโโโโโโโโโ โ โ
โ โ โ SQLite Memory โ โ โ local only, encrypted โ
โ โ โโโโโโโโโโโโโโโโโโ โ โ
โ โโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโ โ
โ โผ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ AUDIT & RESPONSE โ โ Ed25519 signed โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
- ๐ Local-First Gateway โ your code, your machine, your rules. Zero cloud dependency by default.
- ๐ Rust Governor โ a separate Rust process enforces policies. Even if the JS agent is compromised, the governor holds.
- ๐งช V8 Isolate Sandboxing โ every skill runs in an isolated V8 context. No filesystem, no network, unless explicitly granted.
- โ๏ธ Ed25519 Audit Trail โ every agent response is cryptographically signed. Full chain of custody.
- ๐ Automatic PII Redaction โ sensitive data is stripped before it ever reaches the LLM.
- ๐ค Multi-LLM Support โ Ollama (local), Claude, GPT-4. Swap models without changing code.
- ๐ฑ Telegram Bot โ talk to your agent from anywhere. Fully encrypted.
- ๐ป VS Code Extension โ native IDE integration. Inline suggestions, code actions, and chat.
- ๐ฅ๏ธ War Room Dashboard โ web UI for monitoring sessions, audit logs, and system health.
- ๐ง SOUL.md โ define your agent's personality in plain markdown. No config hell.
- ๐ฆ 14 Sandbox Skills โ web search, code execution, file ops, system info, memory, and more.
- ๐ One-Line Install โ
curl | bashand you're running.
14 sandboxed executors โ each runs in a V8 isolate with no filesystem or network access unless explicitly granted:
| Skill | Description | Access |
|---|---|---|
๐ web.search |
DuckDuckGo scraping, no API key | Network (read-only) |
๐ป code.execute |
Sandboxed Python / JS / TS | None (pure compute) |
๐ file.read |
Read workspace files | FS (workspace-scoped) |
๐ file.write |
Write workspace files | FS (workspace-scoped) |
๐ฅ๏ธ system.info |
CPU, memory, disk stats | System (read-only) |
๐ง memory.search |
Semantic search over SQLite | DB (read-only) |
๐ง memory.store |
Store new memories | DB (write) |
๐ web.fetch |
Fetch and parse URLs | Network (read-only) |
๐ data.parse |
Parse JSON/CSV/XML | None (pure compute) |
๐ crypto.hash |
Hash and sign data | None (pure compute) |
๐
time.now |
Get current time/timezone | None (pure compute) |
๐งฎ math.calc |
Evaluate expressions | None (pure compute) |
๐ง email.read |
Read inbox (IMAP) | Network (IMAP) |
๐๏ธ db.query |
Query local SQLite | DB (read-only) |
Wrap/
โโโ ๐ apps/
โ โโโ ๐ vscode/ # VS Code extension
โ โ โโโ src/ # Extension source
โ โ โโโ package.json
โ โโโ ๐ war-room/ # Web dashboard
โ โโโ pages/ # Dashboard pages
โ โโโ components/
โ
โโโ ๐ crates/
โ โโโ ๐ governor/ # ๐ Rust policy engine
โ โโโ src/ # Governor source
โ โโโ Cargo.toml
โ
โโโ ๐ packages/
โ โโโ ๐ core/ # ๐ง Agent kernel
โ โโโ src/
โ โ โโโ agent/ # Agent loop & orchestration
โ โ โโโ skills/ # Skill loader & definitions
โ โ โโโ memory/ # SQLite memory layer
โ โ โโโ audit/ # Ed25519 signing
โ โ โโโ sanitizer/ # PII redaction
โ โโโ package.json
โ
โโโ ๐ skills/
โ โโโ ๐ default/ # Built-in skill definitions
โ
โโโ ๐ policy/ # Governance policy files
โโโ ๐ scripts/ # Install & utility scripts
โโโ ๐ docs/ # Documentation
โโโ ๐ tests/ # Integration tests
โ
โโโ ๐ง install.sh # One-line installer
โโโ ๐ AUDIT.md # Audit trail documentation
โโโ ๐ SECURITY.md # Security policy
โโโ ๐ค CONTRIBUTING.md # Contribution guidelines
โโโ ๐ LICENSE # MIT
curl -fsSL https://raw.githubusercontent.com/Vitalcheffe/Wrap/main/install.sh | bash# Clone the repo
git clone https://github.com/Vitalcheffe/Wrap.git
cd Wrap
# Install dependencies
npm install
# (Optional) Build the Rust Governor
cd crates/governor && cargo build --release && cd ../..
# Authenticate with your LLM provider
nebula auth login anthropic
# Start the agent
nebula start| Requirement | Version | Required? |
|---|---|---|
| Node.js | 18+ | โ |
| npm | 9+ | โ |
| Rust | 1.70+ | Optional (Governor) |
| Ollama | Latest | For local LLM |
Note
WRAP NEBULA's security is defense in depth. Every layer is independent.
| Layer | Technology | What It Does |
|---|---|---|
| Sandbox | V8 Isolates | Each skill runs in complete isolation โ no filesystem, no network, no shared memory |
| Governor | Rust (separate process) | Policy enforcement that survives agent crashes. Written in Rust, not JavaScript |
| Audit | Ed25519 | Every response is cryptographically signed. Full chain of custody |
| PII Shield | Automatic | Sensitive data (emails, phones, keys, tokens) stripped before reaching the LLM |
| Local-First | SQLite + local filesystem | No data leaves your machine unless you explicitly configure a cloud LLM |
| Mode | Use Case | Setup |
|---|---|---|
| ๐ป CLI | Direct terminal usage | nebula |
| ๐ VS Code | IDE-native experience | Install from apps/vscode/ |
| ๐ฑ Telegram | Remote agent control | Connect your bot token |
| ๐ฅ๏ธ War Room | Web monitoring dashboard | http://localhost:3000 |
Contributions are what make the open-source community such an amazing place to learn, inspire, and create.
- Fork the Project
- Create your Feature Branch
git checkout -b feature/AmazingFeature
- Commit your Changes
git commit -m 'feat: add AmazingFeature' - Push to the Branch
git push origin feature/AmazingFeature
- Open a Pull Request
See CONTRIBUTING.md for detailed guidelines, code style, and skill development docs.
Distributed under the MIT License. See LICENSE for more information.
Free forever. No paywalls, no premium tiers, no "Contact Sales."
