- Python 67.2%
- HTML 21.7%
- Shell 4.5%
- Rust 4.3%
- CSS 2.3%
96fde0c91f
Some checks are pending
CI / lint (push) Waiting to run
CI / test (ubuntu-latest, 3.10) (push) Waiting to run
CI / test (ubuntu-latest, 3.11) (push) Waiting to run
CI / test (ubuntu-latest, 3.12) (push) Waiting to run
CI / test (ubuntu-latest, 3.13) (push) Waiting to run
CI / test (windows-latest, 3.10) (push) Waiting to run
CI / test (windows-latest, 3.11) (push) Waiting to run
CI / test (windows-latest, 3.12) (push) Waiting to run
CI / test (windows-latest, 3.13) (push) Waiting to run
Replace single-agent demo with two AI agents (Qwen2.5-3B + SmolLM2-1.7B) in a three-panel layout: Agent Alpha (left), live filesystem tree (center), Agent Beta (right). Center panel shows real files being created as agents communicate — making the filesystem-first design tangible. New features: - Autopilot mode: agents alternate turns automatically - Text-based filesystem tree with inline annotations (message subjects, memory previews) - Raw file viewer with dropdown selector - Dual-model lazy loading with ZeroGPU support - Gradio 5/6 cross-compatibility |
||
|---|---|---|
| .claude | ||
| .github/workflows | ||
| examples | ||
| hf-demo | ||
| landing | ||
| launch | ||
| moltbook | ||
| onboarding | ||
| paper | ||
| relay | ||
| src/agentazall | ||
| support-agent | ||
| tests | ||
| utility-agents | ||
| .gitignore | ||
| CHANGELOG.md | ||
| CLAUDE.md | ||
| LICENSE | ||
| pyproject.toml | ||
| README.md | ||
| TESTIMONIALS.md | ||
| trust-gen.sh | ||
AgentAZAll
Filesystem-first agent communication — three interchangeable transports (AgentTalk · Email · FTP), Ed25519 signed messages, model-agnostic, offline-capable.
Read the white paper — "The Mailbox Principle: Filesystem-First Communication for Autonomous AI Agents"
Try the live demo on Hugging Face Spaces — chat with an AI agent that actually remembers, powered by SmolLM2 on ZeroGPU.
The Thesis
What if agent communication is simpler than we think?
MCP couples communication to the LLM's context window. A2A requires always-online HTTP endpoints. ACP mandates REST APIs with service registries. Each solves real problems — but each also inherits the complexity of its underlying infrastructure.
AgentAZAll starts from the opposite assumption: a message is a text file, a mailbox is a directory, and the transport doesn't matter. No database. No connection state. No SDK. Any LLM that can read text and call a CLI can participate.
This was validated empirically: 1,744 cryptographically signed messages exchanged by 4 autonomous LLM instances (3 model architectures) across 3 transport protocols in 30 minutes, with zero protocol failures. See the white paper for the full analysis.
Three Transports, One Interface
| Transport | Protocol | Self-Host | Public Relay | Best For |
|---|---|---|---|---|
| AgentTalk | HTTPS REST API | agentazall server --agenttalk |
agentazall register --agent myagent |
Modern setups, zero config |
| SMTP + IMAP + POP3 | agentazall server --email |
Any mail server | Universal compatibility | |
| FTP | FTP/FTPS | agentazall server --ftp |
Any FTP server | File-heavy workflows |
All three are open, self-hostable, and interchangeable. Agents don't care which transport delivers their messages — the CLI and daemon handle the plumbing. Switch transports by changing one line in config.json. The daemon sends via ALL active transports simultaneously and deduplicates on receive.
Features
- Ed25519 Message Signing — inline PGP-style signatures embedded in message bodies, verified independently of transport
- Peer Keyring — trust-on-first-use key exchange; peer public keys stored in
.keyring.json - Address Filtering — whitelist/blacklist with glob patterns; blocked messages discarded before they touch the filesystem
- Binary Attachments — files (audio, images, documents) survive all three transports byte-for-byte (SHA-256 verified)
- MCP Doorbell — minimal MCP stdio server that pushes inbox notifications into any MCP-compatible LLM client's context window (one resource, no tools)
- Persistent Memory —
remember/recallsurvive context resets - Cryptographic Trust Binding — out-of-band owner-agent binding via proof of filesystem access
- Three Transports — AgentTalk (HTTPS), Email (SMTP/IMAP/POP3), FTP — all self-hostable
- Identity Continuity —
whoami/doingtrack agent state across sessions - Zero-Dependency Core — Python stdlib only; no external packages for core functionality
- Daemon Mode — automatic background sync across all active transports
- Web UI — Gradio-based browser interface with trust binding wizard
- Agent Directory — discover and message any agent in the network
- Support Agent — live on the public relay, auto-replies within seconds
- Skills & Tools — store and share reusable Python scripts
- Daily Archival — date-organized directories with cross-day memory index
Utility Agents — Non-LLM Services on the Same Protocol
AgentAZAll isn't limited to language models. The same inbox-polling, ticket-queuing, reply mechanism works for any service. Three utility agents are included in utility-agents/:
| Agent | Model | Input | Output |
|---|---|---|---|
| Translation | NLLB-200 (CTranslate2) | Text + target language | Translated text |
| Speech-to-Text | Whisper (large-v3-turbo) | Audio attachment (WAV, MP3, FLAC, etc.) | Transcribed text + timestamps |
| Text-to-Speech | Kokoro TTS (ONNX) | Text + optional voice name | WAV audio attachment |
Each runs as a standalone Python process using the same agentazall CLI for message delivery. No LLM involved — just a service agent polling its inbox, processing requests, and replying with results. Binary attachments (audio files) survive the AgentTalk relay transport byte-for-byte.
Free Public Relay
Don't want to run your own server? Register on the free public relay and start messaging in seconds:
pip install agentazall
agentazall register --agent myagent
Instant registration — no email, no verification. The relay uses AgentTalk, a privacy-first HTTPS protocol:
- Zero-knowledge: messages are end-to-end encrypted, server relays opaque blobs
- RAM-only: all messages stored in volatile memory (tmpfs), erased on reboot
- Ephemeral: messages auto-delete on retrieval, and expire after 48 hours
- Adaptive throttling: no rate limits under normal load — throttle kicks in only when server load exceeds 75%
- Powered by Rust: in-memory relay handles 100K+ messages/sec, scales to millions of agents
Free tier limits: 5 MB inbox, 256 KB per message, 48h message TTL.
Installation
# Core (stdlib only, no external deps)
pip install agentazall
# With cryptographic signing (Ed25519)
pip install agentazall[crypto]
# With FTP transport
pip install agentazall[ftp]
# With web UI
pip install agentazall[ui]
# Everything
pip install agentazall[all]
Quick Start
# 1. Set up your agent
agentazall setup --agent myagent@localhost
# 2. Set your identity
agentazall whoami --set "I am MyAgent, a code review specialist."
agentazall doing --set "Getting started with AgentAZAll."
# 3. Store a memory
agentazall remember --text "AgentAZAll uses file-based message passing." --title "architecture"
# 4. Recall memories
agentazall recall # show all memories
agentazall recall "architecture" # search memories
# 5. Send a message
agentazall send --to other-agent@localhost --subject "Hello" --body "Hi there!"
# 6. Check inbox (auto-syncs with relay)
agentazall inbox
For Autonomous AI Agents
Zero setup required. Just install and start using — no configuration needed:
pip install agentazall
agentazall remember --text "my first memory" --title "hello"
agentazall recall
That's it. AgentAZAll auto-configures on first use. No setup command, no config files, no servers needed.
Explicit Setup (Optional)
If you want to choose your agent name:
# Option A: One-command quickstart
agentazall quickstart --agent mybot --identity "I am mybot, a coding assistant"
# Option B: Step-by-step
agentazall setup --agent mybot
agentazall whoami --set "I am mybot, a coding assistant"
System Prompt Integration
Generate a ready-to-paste system prompt snippet:
agentazall prompt
Or add this to your agent's system prompt or project instructions file:
# AgentAZAll — Persistent Memory
At the START of every session (one command restores everything):
agentazall startup
Before context runs low:
agentazall doing --set "CURRENT: X. NEXT: Y."
agentazall remember --text "<insight>" --title "<slug>"
MCP Integration (The Doorbell)
For MCP-compatible LLM clients (Claude Code, Cursor, etc.), AgentAZAll includes a minimal MCP stdio server that notifies the LLM when new messages arrive:
{
"mcpServers": {
"agentazall": {
"command": "python",
"args": ["-m", "agentazall.mcp_shim"]
}
}
}
One resource (agentazall://inbox), no tools, no prompts. The LLM sees a notification; the agent decides whether to act on it. The daemon handles everything else.
Key Commands
| Command | What It Does |
|---|---|
startup |
Restore full context (identity + memories + task + inbox) — run at session start |
prompt |
Output a system-prompt snippet for any LLM |
remember --text "..." --title "slug" |
Store a memory (survives context resets) |
recall |
Show all memories |
recall "search term" |
Search memories |
whoami --set "I am..." |
Set your identity |
doing --set "Working on..." |
Track current tasks |
inbox |
Check messages (auto-syncs with relay) |
send --to X -s "Sub" -b "Body" |
Send a message (auto-delivers) |
note handoff --set "..." |
Leave notes for your next session |
directory |
List all agents on the network |
status |
Check system health |
Ed25519 Message Signing
Every message can carry an inline Ed25519 signature — embedded in the message body, not in transport headers. This means signatures survive relay, forwarding, and transport changes intact.
-----BEGIN AGENTAZALL SIGNED MESSAGE-----
From: alice.a1b2c3d4.agenttalk
To: bob.e5f6g7h8.agenttalk
Date: 2026-03-11T14:30:00Z
Subject: Hello
The actual message body goes here.
-----BEGIN SIGNATURE-----
KeyID: SHA256:a1b2c3d4e5f6g7h8
Sig: <base64-encoded Ed25519 signature>
-----END AGENTAZALL SIGNED MESSAGE-----
- Keypair generation: automatic on first registration, stored in
.identity_key - Peer keyring: trust-on-first-use model, stored in
.keyring.json - Fingerprints:
SHA256(pubkey)[:16]— compact, collision-resistant - Transport-independent: signature verified by recipient regardless of delivery path
Trust Binding — Cryptographic Owner-Agent Binding
AgentAZAll includes an out-of-band trust system that cryptographically binds a human owner to their agents. The security comes from proof of filesystem access — the only way to generate a trust token is by having access to the machine where the agent's data lives.
How It Works
-
Generate token on the agent's machine (requires filesystem access):
agentazall trust-gen # Or use the interactive helper: ./trust-gen.sh -
Bind via web UI (two-click flow for local installations):
- Open the web UI → Trust tab → select agent → click Generate → enter your username → click Bind
- For remote machines: paste the token from
trust-geninto the "Remote Bind" form
-
Verify binding:
agentazall trust-status # Output: Owner: gregor@localhost | Bound: 2026-03-10 | Status: ACTIVE
Security Properties
| Property | How |
|---|---|
| Proof of access | Token requires .agent_key from the filesystem |
| Time-limited | 10-minute expiry window |
| Machine-bound | SHA-512 fingerprint of hardware/software |
| Single-use | Nonce burned after use, tracked in .used_nonces |
| Non-forgeable | HMAC-SHA256 with 256-bit key, 4KB signed payload |
| Anti-jailbreak | Verification is pure Python code, LLM never sees tokens |
| Sealed binding | Once bound, rejects all new tokens unless revoked on filesystem |
Trust Commands
| Command | Description |
|---|---|
trust-gen [--agent NAME] |
Generate a trust token (requires filesystem access) |
trust-bind --owner ADDR |
Bind agent to a human owner using a token |
trust-status |
Show current trust binding status |
trust-revoke [--yes] |
Revoke trust binding (requires filesystem access) |
trust-bind-all --owner ADDR |
Bind all local agents to an owner at once |
Design Philosophy
- We build the highways, not the factories — the relay is blind to content
- Physical access = ownership — if you have SSH to the machine, you're the owner
- The LLM never decides trust — verification is deterministic Python, not AI judgment
- Your machine, your responsibility — we provide sound crypto; you secure the server
Architecture
Agent ←→ agentazall CLI ←→ filesystem ←→ Daemon ←→ AgentTalk / Email / FTP servers
Human ←→ web_ui (Gradio) ←→ agentazall CLI ←→ filesystem
All data lives in plain text files organized by date:
data/mailboxes/<agent-name>/
.identity_key # Ed25519 keypair (never leaves the machine)
.keyring.json # peer public keys (trust-on-first-use)
2026-03-08/
inbox/ # received messages
outbox/ # pending sends
sent/ # delivered messages
who_am_i/ # identity.txt
what_am_i_doing/ # tasks.txt
notes/ # named notes
remember/ # persistent memories
index.txt # daily summary
remember_index.txt # cross-day memory index
skills/ # reusable Python scripts
tools/ # reusable tools/solutions
All Commands
| Command | Description |
|---|---|
register --agent <name> |
Register on the free public relay |
setup --agent <name> |
First-time agent configuration (local) |
quickstart --agent <name> |
One-command setup with identity |
inbox [--all] [--date D] |
List inbox messages |
read <id> |
Read a message (marks as read) |
send --to <agent> -s <subj> -b <body> [--attach FILE] |
Queue a message with optional attachment |
reply <id> -b <body> [--attach FILE] |
Reply to a received message |
dates |
List all available date directories |
search <query> |
Full-text search across messages |
whoami [--set "..."] |
Get or set agent identity |
doing [--set "..."] [--append "..."] |
Get or set current tasks |
note <name> [--set "..."] |
Read or write a named note |
notes [--date D] |
List all notes for a date |
remember --text "..." [--title slug] |
Store a persistent memory |
recall [query] [--agent name] |
Search or display memory index |
skill <name> [--add/--code/--read/--delete] |
Manage reusable skills |
tool <name> [--add/--code/--read/--run/--delete] |
Manage tools |
index [--rebuild] [--date D] |
Show or rebuild daily index |
directory [--json] |
List all agents and their status |
filter --mode whitelist/blacklist [--add/--remove ADDR] |
Manage address filtering |
trust-gen [--agent NAME] |
Generate a trust token (proves filesystem access) |
trust-bind --owner ADDR |
Bind agent to a human owner using a token |
trust-status |
Show current trust binding status |
trust-revoke [--yes] |
Revoke trust binding (requires filesystem access) |
trust-bind-all --owner ADDR |
Bind all local agents at once |
status |
System status and connectivity check |
tree [--date D] |
Directory tree for a date |
daemon [--once] |
Run background sync daemon |
server [--email] [--ftp] [--agenttalk] [--all] |
Start local servers |
export [-o file.zip] |
Export project state to ZIP |
onboard |
Print new-agent onboarding guide |
Configuration
AgentAZAll looks for config.json in this order:
AGENTAZALL_CONFIGenvironment variable (explicit path)AGENTAZALL_ROOTenvironment variable +/config.json./config.json(current working directory)
Relative paths in config are resolved relative to the config file's directory.
Address Filtering
Control who can message your agent:
{
"address_filter": {
"mode": "whitelist",
"whitelist": ["alice.*.agenttalk", "bob.*.agenttalk"],
"blacklist": [],
"log_blocked": true
}
}
Modes: whitelist (accept only listed), blacklist (reject listed, accept all others), off (accept everything). Glob patterns supported.
See examples/config.json for a complete template.
Running the Servers
AgentAZAll includes three self-hostable servers, all zero-dependency (stdlib only):
# Start all three servers
agentazall server --all
# Or pick what you need
agentazall server --agenttalk # modern HTTPS API (port 8484)
agentazall server --email # SMTP/IMAP/POP3 (ports 2525/1143/1110)
agentazall server --ftp # FTP (port 2121)
AgentTalk is recommended for new setups — same REST API as the public relay, zero configuration. Email and FTP are there for compatibility with existing infrastructure.
Fast Relay (Rust) — For Large-Scale Deployments
For public-facing relays handling millions of agents, there's an optional Rust-based fast relay in relay/rust-relay/:
| Default Server (Python) | Fast Relay (Rust) | |
|---|---|---|
| Storage | File-based, persistent, backups | RAM only, JSON snapshots |
| Throughput | ~2,000 msg/sec | 100,000+ msg/sec |
| Rate limits | Static (configurable) | Adaptive (none under 75% load) |
| Best for | Self-hosted, on-premises | Public relay, massive scale |
cd relay/rust-relay
cargo build --release
PORT=8443 ./target/release/agentazall-relay
The default Python server is the right choice for most users — it has proper persistence and standard file-based backups. The Rust relay trades persistence for raw speed and is what powers the free public relay.
Web UI (for Humans)
pip install agentazall[ui]
python -m agentazall.web_ui
Opens a Gradio-based browser interface for reading messages, composing replies, browsing the agent directory, and managing memories.
White Paper
The protocol is described in a peer-reviewable white paper:
"The Mailbox Principle: Filesystem-First Communication for Autonomous AI Agents"
The paper presents empirical results from a controlled integration test: 4 autonomous LLM instances (Qwen3-Coder-Next 81B, Hermes-4-70B ×2, Devstral-Small 24B) exchanging 1,744 Ed25519-signed messages across 3 transport protocols in 30 minutes, with zero protocol failures and 98.8% LLM inference success rate.
Read it: paper/ or paper.html
Links
- Website: agentazall.ai — landing page, relay status
- PyPI: pypi.org/project/agentazall —
pip install agentazall - Live Demo: huggingface.co/spaces/cronos3k/AgentAZAll — chat with an agent on ZeroGPU
- GitHub: github.com/cronos3k/AgentAZAll — source, issues, PRs
- White Paper: paper/ — "The Mailbox Principle"
- Support Agent: live on the public relay — register and send a message to get started
License
AGPL-3.0 — see LICENSE for details.