LegionForge

Sovereign AI for Everyone!

Built local-first, security-native, owned by you.

software that gives you AI without giving up your sovereignty

Explore the framework → Read the docs

Why this exists

Built in the opposite order

In January 2026, OpenClaw hit 60,000 GitHub stars in 72 hours and 300,000+ users in weeks. Kaspersky found 512 vulnerabilities (8 critical). Cisco found active data exfiltration in third-party skills.

LegionForge is built in the opposite order: security first, product on top. Every component lives on your hardware, under your keys. Validation runs in deterministic code, not in the model. The LLM is the last resort, not the first.

Five non-negotiables

Design principles

Fail-safe tiering

Halt → sandbox/retry → degrade. Never silently succeed.

Human gates on mutations

Destructive actions cross a human-in-the-loop boundary by default.

Replace AI with determinism

The LLM is the last resort. Rules, tables, and pattern matchers run ahead.

Validate at trust boundaries

Sanitize once, at the edge. Internal code trusts internal data.

Privilege tied to tasks

Capability is scoped to the active task and expires when it ends.

The ecosystem

Build with what fits

LegionForge is a family of independent, composable projects. Adopt the framework end-to-end, or use Guardian standalone to harden the agent stack you already run.

core

LegionForge Framework

Local-first AI agent framework, security in the foundation

 core

Guardian

Deterministic security sidecar for any agent framework

 app

Jeli

Sovereign, cryptographically-attested personal memory

 app

ADHD-OS

Personal assistant framework for those with ADHD

 tool

llm-valet

Auto-pause/resume Ollama based on system pressure

 tool

mcp-probe

Connectivity and configuration advisor for your MCP services

 tool

headroom

System stability monitor with AI-powered diagnostics

 tool

hermes-tool-test-suite

pytest harness for AI agent tool-calling reliability

 tool

dev-rig

Shared CI workflows and audit harness for LegionForge projects

Security posture

Different from cloud agent platforms — different from unguarded OSS frameworks

Most cloud agent platforms (OpenAI Operator, Anthropic Computer Use, Google Mariner) run your tasks on someone else's hardware. Your prompts, your data, your tool outputs — they pass through systems you can't audit.

Most open-source frameworks (LangChain, AutoGen, CrewAI) are flexible substrates that let you add guardrails. LegionForge enforces them — in deterministic code, on every step, with no opt-out path.

How LegionForge handles security →

Ready to dig in?

Read the docs GitHub organization