LegionForge Framework
Local-first AI agent framework with security in the foundation
built on LangGraph, runs on your hardware, enforces guardrails in deterministic code
What it is
LegionForge is the flagship project of the LegionForge ecosystem — a framework for building AI agent systems that run on your hardware and behave predictably under adversarial inputs.
It's built on LangGraph for the agent graph runtime, Ollama for local LLM hosting, and a custom security pipeline that wraps every tool call, every LLM invocation, and every input/output boundary in deterministic checks.
What's in the box
Local-first LangGraph runtime
Agents execute on your hardware. Cloud APIs are optional, not required. Switch providers via env var.
Deterministic security pipeline
Prompt-injection detection, tool revocation, capability-boundary, Ed25519 signing, adaptive threat rules — all in code, none in the model.
Three loop-protection layers
Step counter, action-history hash, token budget. A single failure can't loop forever.
Multi-provider LLM factory
Ollama, OpenAI, Anthropic, InceptionLabs behind one interface. Rate-limited, cost-estimated, cloud-fallback ready.
PostgreSQL state layer
Async pool with role separation, LangGraph checkpoint resumption, pgvector RAG, SHA-256 hash-chained audit log.
Gateway API
FastAPI with task queue, SSE streaming, A2A and MCP endpoints, Bearer auth, web UI with HITL approval gate.
Connectors
Discord, Telegram, Slack, WhatsApp, generic webhook. Drop-in chat-to-agent bridges.
Guardian sidecar
7-check deterministic pipeline on every tool call, running in its own container. Sub-5ms latency.
What makes it different
| Compared to | LegionForge | Their model |
|---|---|---|
| Cloud agent platforms (OpenAI Operator, Anthropic Computer Use, Google Mariner) | Runs on your hardware. Your data never leaves. | Runs on their hardware. Your prompts and tool outputs pass through opaque infrastructure. |
| OSS agent frameworks (LangChain, AutoGen, CrewAI) | Security enforced deterministically on every tool call. No opt-out. | Flexible substrate. Guardrails are libraries you may or may not add. |
| Productivity agents (Devin, OpenDevin, OpenClaw) | Auditable security stack. PostgreSQL audit chain. Role separation. | Vary widely. Recent OpenClaw analysis surfaced 512 vulnerabilities, 8 critical. |
Status
Get started
# Install
git clone https://github.com/LegionForge/LegionForge.git
cd LegionForge
pyenv install 3.11.15 && pyenv local 3.11.15
python3 -m venv venv && source venv/bin/activate
pip install -r requirements.txt
# Configure
export AGENT_HARDWARE_PROFILE=mac_m4_mini_16gb
# Bring up infrastructure and run smoke tests
make check
make db-init
make start
make test-smoke
Full setup walkthrough in the Getting Started guide.
Read more
- Architecture — module map, request flow, design principles
- Security Model — trust boundaries, the security stack, what we catch and don't
- Guardian — the deterministic security sidecar
- Threat Events — every security-relevant event we log and why