Building a Privacy-First Agentic OS: Announcing SamarthyaBot v2.3.0 🚀

Bishnu Prasad Sahu — Mon, 01 Jun 2026 07:02:04 +0000

Managing files, running automation tasks, and orchestrating terminal commands with local LLMs can be challenging, especially when running across multiple operating systems.

Today, I am releasing SamarthyaBot v2.3.0 to npm and GitHub. This release transforms SamarthyaBot from a Linux-centric utility into a cross-platform local Agentic AI Operating System.

Here is a technical walkthrough of how we resolved cross-platform challenges, sandboxed execution, and added native capabilities.

1. Achieving OS Portability (Linux, macOS, Windows)

Previously, SamarthyaBot relied on Unix-style paths, shell utilities, and a pre-compiled Go worker binary specifically built for Linux.

To achieve true cross-platform compatibility, we introduced a centralized Platform Service (backend/services/system/platform.js):

Dynamic Shell Discovery: Resolves execution contexts between Windows (cmd.exe or powershell.exe) and Unix platforms (/bin/sh or /bin/bash).
Process Fallback: If the Go binary is not compiled for the host OS, the runtime falls back to a native Node executor (workerClient.js). This ensures streaming executors run reliably without crashes.
Context Injected Prompts: The host OS type is supplied directly to the LLM system prompt. The LLM adjusts its code generation to match the OS constraints (e.g., using dir on Windows and ls on Unix).

2. Hardening the Sandbox & Preventing Command Injection

Allowing an AI agent to run shell commands and read/write files presents significant security challenges. In v2.3.0, we introduced multi-layered boundaries:

A. Spawning over Shell Interpretation

We removed raw shell string execution from utility tools such as open_path. Instead of running:

// Vulnerable to target = "file.txt; rm -rf /"
exec(`open "${target}"`);

We now spawn processes with clean argument arrays and reject shell metacharacters:

// Secure approach
spawn(opener, [target], { shell: false });

B. Segment Validation for Chained Commands

Users or models might try chaining commands using &&, ;, |, or \r. The command validation engine now splits inputs by these delimiters and inspects each segment against a blacklist (blocking unauthorized sudo, fork-bombs, and destructive commands).

C. Workspace-Scoped Sandbox

All file system tools are constrained to the current project workspace by default. Boundary checks ensure the agent cannot use directory traversal (../../) or absolute path patterns to escape the designated workspace.

3. Expanding the Agent Skillset (34 Skills)

We added 10 new functional tools to give the agent more capabilities out of the box:

Utilities: password_generate, qr_generate, url_shorten, ip_geolocate, timezone_now.
Automation: clipboard_copy, translate_text (with dedicated Hindi capabilities), open_path, and http_request (with SSRF guard blocking standard and local schemes like file://).
Security & Math: hash_text, base64_tool, currency_convert, crypto_price.

4. Zero-Latency Slash Commands

To keep the agent responsive, slash commands such as /help, /status, /tools, and /memory are processed instantly at the controller level without calling the LLM. This cuts down token usage and latency to zero for routine status checks across Web, Telegram, and Discord channels.

5. UI/UX Refresh

The web dashboard is updated with modern design aesthetics:

Tricolor aurora animated background gradient.
Subtle grid-pattern background.
Glassmorphism panels with top-border highlights.
Dynamic hover actions, sheen sweep buttons, and responsive scale transitions.

Getting Started

You can self-host SamarthyaBot locally with your choice of LLMs (Gemini, Claude, GPT, Ollama, DeepSeek, or Qwen).

Quick Install

npm install -g samarthya-bot
samarthya gateway

We invite you to explore the source code, open issues, or contribute:
⭐ GitHub: https://github.com/mebishnusahu0595/SamarthyaBot
📦 npm Package: https://www.npmjs.com/package/samarthya-bot

Let me know what automation workflows you build with it.

Building an Indian Privacy-First Autonomous AI CLI Agent with Background Automation (SamarthyaBot)

Bishnu Prasad Sahu — Mon, 02 Mar 2026 11:19:20 +0000

When I started building SamarthyaBot, I wasn’t interested in making another website. Websites are easy. What fascinated me was something harder — building a real autonomous AI system that can act, not just respond.

SamarthyaBot is a privacy-first, local AI CLI agent designed to execute real OS-level actions with background automation, encrypted memory, and dynamic plugins.

This isn’t a chatbot wrapper.
It’s an AI operator.

What Makes It Different?

Most AI tools:

Run in the cloud
Only generate text
Have limited real-world execution

SamarthyaBot can:

Execute terminal commands (with permission control)
Read/write local files
Schedule background tasks (cron-style AI engine)
Send emails
Generate UPI deep-links
Take system screenshots
Run Telegram-controlled automation remotely
Load external plugins dynamically
Encrypt sensitive memory using AES-256
Switch between multiple LLM providers (Gemini, Claude, OpenAI, Groq, Ollama)

It runs even when I’m not actively using it.

🔄 Background Autonomous Engine

You can tell it:

“Check my server every 30 minutes and notify me if it goes down.”
And it will silently monitor in the background and only alert you when needed.

No babysitting required.
It feels like having a remote AI employee.

🔌 Plugin-Based Architecture

SamarthyaBot supports dynamic plugin loading.
Any developer can drop a JS file into the plugins folder, and the system auto-loads it at startup.

This turns the agent into a platform — not just a tool.

🔐 Privacy & Security First

Sensitive data like API keys, passwords, or bank details are:

Automatically masked before LLM processing
Encrypted using AES-256-CBC
Stored securely in MongoDB

High-risk actions require explicit user permission (Ask / Always / Never model).

📲 Remote Control via Telegram

One of my favorite features:

I can message the bot on Telegram from anywhere, and even if my laptop is miles away, it can:

Manage files
Run commands
Monitor systems
Execute background tasks
Send alerts

It feels like having a remote AI employee.

Github: https://github.com/mebishnusahu0595/SamarthyaBot
Npm : https://www.npmjs.com/package/samarthya-bot

DEV Community: Bishnu Prasad Sahu