right-agent: opinionated telegram agent. Sandboxed, runs on your claude subscription.

Detailed Analysis

Right-agent is an open-source, opinionated Telegram-based AI agent framework built by developer onsails, designed to run Claude-powered agents with a strong emphasis on sandboxed credential security and minimal configuration surface. The project emerged as a direct response to pain points the developer encountered with competing tools — specifically openclaw and hermes — which suffered from unreliable configurations, context resets, and insecure handling of API credentials. Right-agent makes a deliberate architectural choice to fix each of these failure modes with a single, non-negotiable answer per problem domain: one chat channel (Telegram), one model provider (Claude via the first-party `claude -p` CLI), one sandbox technology (NVIDIA OpenShell), one memory system (Hindsight Cloud with a local MEMORY.md fallback), and one tunnel solution (Cloudflare's cloudflared). The result is a tool that trades flexibility for reliability and security coherence.

The most technically significant design decision in right-agent concerns credential isolation. In competing frameworks like hermes, MCP (Model Context Protocol) tokens are forwarded into Docker containers as environment variables, meaning any bash command executed by the agent — or any malicious tool or webpage the agent encounters — can read and potentially exfiltrate those secrets. Right-agent inverts this model: MCP credentials live exclusively on the host, and the sandboxed agent communicates only with a local proxy endpoint that never exposes raw tokens. A compromised agent can misuse a tool during its active session, but it cannot steal the credential itself, and the credential remains intact after the session ends. This is a materially stronger threat model than environment-variable injection, particularly relevant as AI agents are increasingly granted access to high-value OAuth tokens, cloud provider credentials, and communication APIs.

The choice to use Anthropic's first-party `claude -p` CLI rather than a third-party wrapper or unofficial API harness carries both practical and strategic weight. The developer explicitly notes that openclaw — a previously popular tool — was impacted by Anthropic's ongoing restrictions on unauthorized third-party integrations. By building directly on the official CLI, right-agent avoids the brittleness that comes from reverse-engineering or wrapping private API surfaces, and gains access to the full Claude feature set including structured output, streaming, and the complete context window. This positions the project more durably against Anthropic's policy evolution, though it also means the project is entirely dependent on the continued availability and stability of that CLI interface.

Right-agent's identity persistence mechanism addresses a recurring frustration in stateful AI agent deployments: agents that lose their persona, preferences, or accumulated user knowledge after a restart or model swap. The framework bootstraps a first-session identity by writing IDENTITY.md, SOUL.md, and USER.md files, which are then injected into every subsequent system prompt. This gives agents a stable behavioral baseline across restarts and model upgrades without requiring a separate memory database or complex retrieval pipeline for core identity. Combined with Hindsight Cloud's semantic recall for per-chat memory, the architecture separates two distinct memory concerns — persistent identity versus episodic conversational recall — in a way that most agent frameworks collapse into a single undifferentiated context store.

The project sits within a broader trend of "agent infrastructure hardening" that has accelerated as LLM agents move from demos into daily-use tools. The AI agent ecosystem in 2025 and 2026 has produced a wave of frameworks prioritizing composability and configurability — LangChain, CrewAI, AutoGen, and their derivatives — but these flexible systems often push security and operational complexity onto end users. Right-agent represents a counter-movement: opinionated, convention-over-configuration tooling that treats security as a first-class architectural constraint rather than a deployment afterthought. The planned roadmap — TLS-intercepting credential providers for cloud CLIs, native browser automation, and self-writing agent skills — suggests the project intends to expand capability while maintaining its sandbox-first posture. Whether that discipline holds as feature pressure increases will determine whether right-agent matures into a durable tool or follows the same entropy path as the projects it was built to replace.