ARCHITECTURE

How it actually works. End to end.

SwarmLab ships as a single Node binary containing the runtime, scheduler, web server, and embedded database. There is no orchestration cloud, no SaaS dependency, and no data leaving your machine. This page walks through every layer.

1

Binary

6

Adapters

3

Sandbox tiers

0

Bytes leave your box

SYSTEM ARCHITECTURE

Four-layer stack

L4Surface
Web UIReact 18, Vite, React Flow
CLI
REST + WS APIsHono, zod
BridgesDiscord, WhatsApp
L3RuntimeCore
Heartbeat scheduler
Workflow engineDAG
Approvals gate
L2Adapters
claude-local
codex-local
openai/http
openrouter
ollama
L1Storage
Postgresembedded
Drizzle ORM
Filesystem
AES-256-GCM

Single-binary by design

The entire stack compiles into one executable. Postgres is embedded, the web server runs inside the process, and the scheduler is a simple setInterval loop. No Docker, no Kubernetes, no microservices. You download one file, run it, and everything is live.

What self-hosted actually means

Your API keys go directly to the provider. Your code stays in your git worktrees. Your database lives on your disk. There is no relay server, no telemetry endpoint, and no analytics pixel. The binary phones home exactly zero times.

ADAPTERS

Six ways to talk to models

Each adapter wraps a provider into a unified interface. Swap models per agent without changing a single line of workflow config.

claude-local

Auth: API key

CLI / ptyStreamingToolsSession resume

codex-local

Auth: API key

CLISandboxed3 sandbox tiers

http/anthropic

Auth: API key

RESTNo tools

openai

Auth: API key

RESTAzure-compatible

openrouter

Auth: API key

RESTMulti-modelImage generation

ollama

Auth: None

LocalhostOfflineFree

RUN LIFECYCLE

From trigger to commit in six steps

Every run follows the same deterministic pipeline, whether kicked off from the UI, CLI, or a bridge message.

1

Heartbeat scheduler picks up

Every 5 seconds the heartbeat loop queries for pending runs and claims them atomically.

SELECT id, agent_id, workflow_id
FROM   runs
WHERE  status = 'pending'
ORDER  BY priority DESC, created_at
LIMIT  1
FOR UPDATE SKIP LOCKED;
2

Workspace materializes

A fresh git worktree is created so each run gets an isolated working copy.

git worktree add \
  .swarmlab/worktrees/run-a3f8 \
  --detach HEAD
3

Adapter invokes model

The adapter streams the model response through three phases.

thinking  →  tool_calls  →  done
  ├─ stream chunks to UI via WS
  └─ accumulate tool invocations
4

Tool calls hit sandbox

Every file path is validated against the agent's glob allowlist before execution.

// sandbox.validate(toolCall)
allow: ["src/**", "tests/**"]
deny:  ["*.env", ".git/**"]
path:  "src/utils/parse.ts"  ✓
5

Approval gate (optional)

If the agent requires approval, the diff is surfaced in the UI and execution pauses.

status: awaiting_approval
diff:   +14 -3  src/utils/parse.ts
reviewer: @you
action:  [approve] [reject] [edit]
6

Commit, comment, close

Changes are committed, linked to the run, and the task is marked complete.

git add -A
git commit -m "feat: add parser util

swarmlab-run: a3f8
swarmlab-agent: code-writer"

SANDBOX MODEL

Three tiers of access control

Every agent runs inside a sandbox tier. The tier decides what the agent can see, touch, and execute.

Level 0

none

12% capacity

Read-only conversation, no filesystem access.

Best for: Planners & reviewers

  • No file reads
  • No shell access
  • Chat-only mode
Level 1Default

read-only

50% capacity

Can read files and execute read-only shell commands.

Best for: Reviewers & auditors

  • File reads within globs
  • Read-only shell
  • No write access
Level 2

full

100% capacity

Full read/write within configured globs, unrestricted bash.

Best for: Builders

  • Read/write within globs
  • Unrestricted bash
  • Git operations

SECURITY POSTURE

Eight things we guarantee

1

AES-256-GCM encryption at rest for all secrets and tokens

2

Encryption-key boot guard — server refuses to start without the key

3

No outbound telemetry — zero analytics, zero phone-home

4

Direct provider calls — your API traffic goes straight to the provider

5

Sender allowlists on bridges — only whitelisted senders can trigger runs

6

Cross-org mailbox checks — prevents agents from reading other orgs' data

7

Worktree isolation per run — every run operates in its own git worktree

8

Auditable codebase — single binary, no hidden services, no black boxes

SYSTEM REQUIREMENTS

What you need to run it

Minimum

  • macOS 13+ or Linux
  • 8 GB RAM
  • 4 GB free disk
  • Network access to at least one provider

Recommended

  • 16 GB RAM (required for Ollama)
  • Apple Silicon or dedicated GPU
  • SSD for worktree throughput

Not sure if your machine qualifies? Run the built-in diagnostic:

npx swarmlab doctor

Ready to see it running?

Grab a lifetime license or dive into the docs to start building your first agent swarm.

View pricing Read the docs