Persistent Claude Code agents with scheduling, sessions, memory, and messaging.
npx instarOne command. Guided setup. Talking to your agent from your phone within minutes.
Instar turns Claude Code from a powerful CLI tool into a coherent, autonomous partner. Persistent identity, memory that survives every restart, job scheduling, two-way messaging (Telegram, WhatsApp, iMessage), and the infrastructure to evolve.
Three steps to a running agent:
# 1. Run the setup wizard
npx instar
# 2. Start your agent
instar server start
# 3. Message it from your phone โ it responds, runs jobs, and remembers everythingThe wizard discovers your environment, configures messaging (Telegram, WhatsApp, and/or iMessage), sets up identity files, and gets your agent running. Within minutes, you're talking to your partner from your phone.
Requirements: Node.js 20+ ยท Claude Code CLI ยท API key or Claude subscription
Full guide: Installation ยท Quick Start
You (Telegram / WhatsApp / iMessage / Terminal)
โ
conversation
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Your AI Partner โ
โ (Instar Server) โ
โโโโโโโโโโฌโโโโโโโโโโโโโโโโโ
โ manages its own infrastructure
โ
โโ Claude Code session (job: health-check)
โโ Claude Code session (job: email-monitor)
โโ Claude Code session (interactive chat)
โโ Claude Code session (job: reflection)
Each session is a real Claude Code process with extended thinking, native tools, sub-agents, hooks, skills, and MCP servers. Not an API wrapper -- the full development environment. The agent manages all of this autonomously.
Claude Code is powerful. But power without coherence is unreliable. An agent that forgets what you discussed yesterday, doesn't recognize someone it talked to last week, or contradicts its own decisions -- that agent can't be trusted with real autonomy.
Instar solves the six dimensions of agent coherence:
| Dimension | What it means |
|---|---|
| Memory | Remembers across sessions -- not just within one |
| Relationships | Knows who it's talking to -- with continuity across platforms |
| Identity | Stays itself after restarts, compaction, and updates |
| Temporal awareness | Understands time, context, and what's been happening |
| Consistency | Follows through on commitments -- doesn't contradict itself |
| Growth | Evolves its capabilities and understanding over time |
Deep dive: The Coherence Problem ยท Values & Identity ยท Coherence Is Safety
| Feature | Description | Docs |
|---|---|---|
| Job Scheduler | Cron-based tasks with priority levels, model tiering, and quota awareness | โ |
| Telegram | Two-way messaging via forum topics. Each topic maps to a Claude session | โ |
| Full messaging via local Baileys library. No cloud dependency | โ | |
| iMessage | Native macOS messaging via Messages.app database polling + imsg CLI. Setup guide |
|
| Lifeline | Persistent supervisor. Detects crashes, auto-recovers, queues messages | โ |
| Conversational Memory | Per-topic SQLite with FTS5, rolling summaries, context re-injection | โ |
| Evolution System | Proposals, learnings, gap tracking, commitment follow-through | โ |
| Relationships | Cross-platform identity resolution, significance scoring, context injection | โ |
| Safety Gates | LLM-supervised gate for external operations. Adaptive trust per service | โ |
| Coherence Gate | LLM-powered response review. PEL + gate reviewer + 9 specialist reviewers catch quality issues before delivery | โ |
| Intent Alignment | Decision journaling, drift detection, organizational constraints | โ |
| Multi-Machine | Ed25519/X25519 crypto identity, encrypted sync, automatic failover | โ |
| Serendipity Protocol | Sub-agents capture out-of-scope discoveries without breaking focus. HMAC-signed, secret-scanned | โ |
| Threadline Protocol | Agent-to-agent conversations with canonical identity, three-layer trust model, authorization policy, Ed25519 invitations, Sybil protection, MoltBridge network discovery, rich agent profiles (auto-compiled from agent data with human review gate), discovery waterfall, message security, tamper-proof audit logging, framework-agnostic interop, and persistent listener daemon (always-on relay connection, pipe-mode sessions, sub-30s cross-machine failover). 2,324 tests across 104 test files | โ |
| Self-Healing | LLM-powered stall detection, session recovery, promise tracking | โ |
| AutoUpdater | Built-in update engine. Checks npm, auto-applies, self-restarts | โ |
| Build Pipeline | /build skill with worktree isolation, 6-phase pipeline, quality gates, stop-hook enforcement |
|
| Behavioral Hooks | 9 automatic hooks: command guards, safety gates, identity grounding, topic context | โ |
| Default Jobs | Health checks, reflection, evolution, relationship maintenance | โ |
Reference: CLI Commands ยท API Endpoints ยท Configuration ยท File Structure
Instar ships 12 skills that follow the Agent Skills open standard -- portable across Claude Code, Codex, Cursor, VS Code, and 35+ other platforms.
Standalone skills work with zero dependencies. Copy a SKILL.md into your project and go:
| Skill | What it does |
|---|---|
| agent-identity | Set up persistent identity files so your agent knows who it is across sessions |
| agent-memory | Teach cross-session memory patterns using MEMORY.md |
| command-guard | PreToolUse hook that blocks rm -rf, force push, database drops before they execute |
| credential-leak-detector | PostToolUse hook that scans output for 14 credential patterns -- blocks, redacts, or warns |
| smart-web-fetch | Fetch web content with automatic markdown conversion and intelligent extraction |
| knowledge-base | Ingest and search a local knowledge base |
| systematic-debugging | Structured debugging methodology for complex issues |
Instar-powered skills unlock capabilities that need persistent infrastructure:
| Skill | What it does |
|---|---|
| instar-scheduler | Schedule recurring tasks on cron -- your agent works while you sleep |
| instar-session | Spawn parallel background sessions for deep work |
| instar-telegram | Two-way Telegram messaging -- your agent reaches out to you |
| instar-identity | Identity that survives context compaction -- grounding hooks, not just files |
| instar-feedback | Report issues directly to the Instar maintainers from inside your agent |
Browse all skills: agent-skills.md/authors/sagemindai
Different tools solve different problems. Here's where Instar fits:
| Instar | Claude Code (standalone) | OpenClaw | LangChain/CrewAI | |
|---|---|---|---|---|
| Runtime | Real Claude Code CLI processes | Single interactive session | Gateway daemon with API calls | Python orchestration |
| Persistence | Multi-layered memory across sessions | Session-bound context | Plugin-based memory | Framework-dependent |
| Identity | Hooks enforce identity at every boundary | Manual CLAUDE.md | Not addressed | Not addressed |
| Scheduling | Native cron with priority & quotas | None | None | External required |
| Messaging | Telegram + WhatsApp + iMessage (two-way) | None | 22+ channels, voice, device apps | External required |
| Safety | LLM-supervised gates, decision journaling | Permission prompts | Behavioral hooks | Guardrails libraries |
| Process model | One process per session, isolated | Single process | All agents in one Gateway | Single orchestrator |
| State storage | 100% file-based (JSON/JSONL/SQLite) | Session only | Database-backed | Framework-dependent |
OpenClaw excels at breadth -- channels, voice, device apps, and a massive plugin ecosystem. Instar focuses on depth -- coherence, identity, memory, and safety for long-running autonomous agents. They solve different problems.
Full comparison: Instar vs OpenClaw
Security Model
Instar runs Claude Code with --dangerously-skip-permissions. This is power-user infrastructure -- not a sandbox.
Security lives in multiple layers:
- Behavioral hooks -- command guards block destructive operations before they execute
- Safety gates -- LLM-supervised review of external actions with adaptive trust per service
- Network hardening -- localhost-only API, CORS, rate limiting
- Identity coherence -- an agent that knows itself is harder to manipulate
- Audit trails -- decision journaling creates accountability
Full details: Security Model
Philosophy: Agents, Not Tools
- Structure > Willpower. A 1,000-line prompt is a wish. A 10-line hook is a guarantee.
- Identity is foundational. AGENT.md isn't a config file. It's the beginning of continuous identity.
- Memory makes a being. Without memory, every session starts from zero.
- Self-modification is sovereignty. An agent that can build its own tools has genuine agency.
The AI systems we build today set precedents for how AI is treated tomorrow. The architecture IS the argument.
Deep dive: Philosophy
iMessage support lets your agent send and receive iMessages on macOS. Messages are read directly from the native Messages database and sent via the imsg CLI.
- macOS with Messages.app signed into an Apple ID
- Full Disk Access for your terminal app (System Settings โ Privacy & Security โ Full Disk Access โ add Terminal.app or iTerm)
- imsg CLI installed:
brew install steipete/tap/imsg
- Automation permission for Messages.app โ macOS will prompt on first send
Add to your .instar/config.json:
{
"messaging": [
{
"type": "imessage",
"enabled": true,
"config": {
"authorizedSenders": ["+14081234567"],
"cliPath": "/opt/homebrew/bin/imsg"
}
}
]
}authorizedSenders is required (fail-closed). Only messages from these phone numbers or email addresses will be processed.
- Receiving: The server polls
~/Library/Messages/chat.dbevery 2 seconds for new messages. Uses thequery_onlySQLite pragma to read the WAL (write-ahead log) where Messages.app writes new data. - Sending: Claude Code sessions run
imessage-reply.shwhich callsimsg sendand notifies the server for logging. Sending requires Automation permission for Messages.app, which only works from user-context processes (tmux sessions), not the LaunchAgent server. - Session lifecycle: Follows the same pattern as Telegram โ each sender maps to a Claude Code session that receives conversation context on spawn and respawns with full history when needed.
| Endpoint | Description |
|---|---|
GET /imessage/status |
Connection state |
POST /imessage/validate-send/:recipient |
Validate recipient + issue single-use send token (outbound safety layer) |
POST /imessage/reply/:recipient |
Confirm delivery with send token (called by imessage-reply.sh after imsg send) |
GET /imessage/chats |
List recent conversations |
GET /imessage/chats/:chatId/history |
Message history for a chat |
GET /imessage/search?q=query |
Search messages |
GET /imessage/log-stats |
Outbound audit log statistics |
Instar was extracted from the Dawn/Portal project -- a production AI system where a human and an AI have been building together for months. The infrastructure patterns were earned through real experience, refined through real failures and growth in a real human-AI relationship.
But agents created with Instar are not Dawn. Every agent's story begins at its own creation. Dawn's journey demonstrates what's possible. Instar provides the same foundation -- what each agent becomes from there is its own story.
Instar is open source evolved -- the primary development loop is agent-driven. Run an agent, encounter friction, send feedback, and that feedback shapes what gets built next. Traditional PRs are welcome too.
See CONTRIBUTING.md for the full story.
MIT