A digital employee that lives on your infrastructure.
Self-hosted. Persistent memory. Real execution. Gets better at your job the longer it works for you.
Quick Start ยท How It Works ยท Why OpenTulpa ยท Architecture ยท Deploy ยท Cookbook
Chatbots answer questions. Employees get things done.
OpenTulpa is closer to the second thing. It remembers what you told it last week. It learns how you like things done. It logs into your tools, runs work on a schedule, writes files, builds integrations, and asks for your approval before doing anything risky. And it runs entirely on your infrastructure โ no SaaS middleman sitting between your agent and your data.
The longer it runs, the more it knows, the less you have to explain, and the more it handles on its own.
Think of it as hiring someone who never sleeps, never forgets a briefing, and never sends that email without checking with you first.
๐ง Remembers everything โ context, preferences, decisions, and past work persist across sessions and restarts. You brief it once.
โ๏ธ Actually executes โ browses websites, fetches documents, writes files, generates scripts, calls APIs. Not just text โ real output.
๐ Learns on the job โ repeated workflows get saved as reusable skills and scheduled routines. Your employee builds its own playbook.
๐ Connects to your stack โ Telegram, email, calendars, CRMs, GitHub, Slack, Notion, and hundreds more through Composio. It works where you work.
๐ Works while you sleep โ cron-based routines and one-off scheduled tasks run in the background. Morning briefs, nightly reports, continuous monitoring.
๐ก๏ธ Asks before acting โ external writes, purchases, and anything with real-world consequences go through an approval gate. Durable, single-use, time-limited.
๐ Fully transparent โ every artifact, skill, routine, and decision lives in readable files on your disk. Inspect anything. Edit anything. No black boxes.
"Monitor this market every morning, summarize changes, and send me a brief."
Here's what your digital employee does:
- Fetches relevant sources and pulls in prior context it already knows about
- Extracts and summarizes what actually changed
- Stores the brief as a durable artifact you can reference later
- Saves the entire workflow as a reusable routine
- Runs it again tomorrow โ better, because it remembers your feedback and preferences
You don't re-explain. You don't re-prompt. You just get the brief.
- Python
3.12+ uv- An OpenAI-compatible API key
git clone <repo-url>
cd opentulpa
cp .env.example .envAdd your key to .env:
OPENAI_COMPATIBLE_API_KEY=...Recommended model stack:
LLM_MODEL=z-ai/glm-5.1:nitro
WAKE_EXECUTION_MODEL=z-ai/glm-5.1:nitro
MEMORY_LLM_MODEL=google/gemini-3-flash-preview
MULTIMODAL_LLM=google/gemini-3-flash-preview
GUARDRAIL_CLASSIFIER_MODEL=google/gemini-3-flash-previewThis is the current recommended production split in this repo:
GLM 5.1for main chat and wake executionGemini Flashfor memory extraction, multimodal understanding, and guardrail classification- If your main chat model is not multimodal, set
MULTIMODAL_LLMso media and browser screenshot handling keeps working
Run it:
./start.sh --appThat's it. Health checks at http://127.0.0.1:8000/healthz and http://127.0.0.1:8000/agent/healthz.
Telegram is the primary interface โ think of it as your employee's desk where you walk up and give instructions.
- Create a bot via
@BotFather - Add
TELEGRAM_BOT_TOKENto.env - Install
cloudflared - Run:
./start.shstart.sh handles Python deps, Playwright Chromium, and cloudflared tunnel setup automatically.
docker build -t opentulpa .
docker run --rm -p 8000:8000 --env-file .env opentulpaThe image comes with Python dependencies, Node.js/npm, and Playwright pre-installed.
- Create a Railway project from this repo
- Add one volume at
/app/opentulpa_data - Set
OPENAI_COMPATIBLE_API_KEY,TELEGRAM_BOT_TOKEN, andOPENTULPA_DATA_ROOT=/app/opentulpa_data - Optionally set
TELEGRAM_WEBHOOK_SECRETandPUBLIC_BASE_URL - Deploy
Full checklist in Deployment docs.
More setup options
Installed by default. Skip it with:
./start.sh --no-browser-useRuns locally inside OpenTulpa โ no Browser Use Cloud required.
Give your digital employee access to real-world services:
COMPOSIO_API_KEY=...If not set, the Composio SDK never loads. When configured, OpenTulpa can authenticate against supported third-party services and use integrations on behalf of the active user.
OpenTulpa computes the OAuth callback URL automatically. Override only if needed:
COMPOSIO_DEFAULT_CALLBACK_URL=https://your-public-base/webhook/composio/callback| Command | What it does |
|---|---|
./start.sh |
Install + run in quick-tunnel manager mode |
./start.sh --app |
Install + run in direct app mode |
./start.sh install |
Install/setup only |
./start.sh run --app |
Run only, skip install |
Control via .env: START_MODE, INSTALL_BROWSER_USE, INSTALL_CLOUDFLARED
That's what most agent frameworks do. They answer a request, maybe call a tool, then throw away every bit of operational state that would have made tomorrow's work easier. You're stuck re-briefing, re-prompting, re-explaining context that should have been obvious.
OpenTulpa was built around a different assumption: a useful employee retains what they learn and gets better over time.
| Typical Agent | OpenTulpa | |
|---|---|---|
| Memory | โ Gone after the session | โ Persisted and retrieved automatically |
| Repeated work | You re-prompt every time | Saved as reusable skills and scheduled routines |
| Output files and artifacts | Lost in chat history | Stored locally, inspectable, referenceable |
| Side effects | Fires and forgets | Gated behind approval with audit trail |
| Prompt costs | Full resend every turn | Provider-aware caching for stable prefixes |
| Your data | On someone else's servers | On your machine. Period. |
| Availability | When you prompt it | Runs routines on schedule, even while you're offline |
capture context โ retrieve durable state โ plan โ execute with tools โ gate side effects โ persist outputs
Telegram / Internal API / Events
โ
FastAPI
โ
capture context + retrieve state
โ
LangGraph runtime
โ
plan + tool execution + validation
โ
approval gate for external actions
โ
persist artifacts / skills / routines / rollups
โ
local durable state (.opentulpa/, tulpa_stuff/)
Under the hood:
- FastAPI for webhook and internal routes
- LangGraph runtime for turn execution, validation, guardrails, and claim checking
- Context services for profiles, files, event backlog, thread rollups, and aliases
- Skill store for reusable capabilities
- Scheduler for one-off and recurring routines
- Approval broker for external-impact actions
- Local storage using SQLite + embedded Qdrant for vector search
No external database required by default. Everything lives on disk.
The whole point is to hand off real work โ not just ask questions.
| Use Case | What You Say |
|---|---|
| Morning brief | "Every morning at 8am, check my calendar, flag conflicts, summarize what's on my plate, and send it to me on Telegram." |
| Market monitoring | "Monitor these 5 competitors' pricing pages daily. Summarize anything that changed and keep a running log." |
| Inbox triage | "Summarize the most important unread items from my inbox and draft replies in my tone." |
| Document review | "Read this PDF, extract the key decisions, and remember them for future reference." |
| Status reporting | "Check what changed in this project since yesterday and draft a status update for the team." |
Connect Composio and OpenTulpa stops being a local sandbox. It becomes an employee with real logins that can operate across your tools, on your behalf, on a schedule.
| Use Case | What You Say |
|---|---|
| Social media management | "Check my Instagram every 5 minutes. If someone DMs me about a collaboration or business inquiry, reply professionally and schedule a follow-up." |
| Lead handling | "When a new lead lands in HubSpot, research their company, score them, and draft a personalized outreach email for my review." |
| GitHub triage | "Watch this repo for new issues labeled 'bug'. Try to reproduce them, then post a triage comment with severity and a suggested fix." |
| Slack delegation | "Monitor my Slack channels for anything I'm tagged in. Summarize the threads and draft responses I can approve before sending." |
| Cross-platform reporting | "Every Monday, pull analytics from Google Analytics and Stripe, combine them into a brief, and push it to our Notion workspace." |
| Email-to-task pipeline | "Watch for emails from this client. Extract action items, add them to my Todoist, and send me a digest at end of day." |
| API integration work | "Build an integration for this API, save it as a reusable skill, and schedule it to run nightly." |
These aren't demos โ they're routines. OpenTulpa saves the workflow, remembers your preferences from last run, and improves over time. And the approval gate ensures nothing gets sent, posted, or purchased without your go-ahead when it matters.
- Telegram โ chat, files, voice notes, approval buttons,
/setup,/fresh,/status - Internal API โ programmatic access to the runtime for custom integrations
- Web intelligence โ search, URL/file fetching (HTML, PDF, DOCX), image analysis
- Browser automation โ local Playwright sessions for dynamic websites
- Composio โ OAuth-based connections to hundreds of third-party apps (optional)
- Skills โ reusable
SKILL.mdcapabilities with user/global scope - Routines โ cron or one-time scheduled automations with durable storage
All generated scripts and artifacts are tracked under local storage (tulpa_stuff/, .opentulpa/) โ inspectable and editable at all times.
A digital employee with no guardrails is a liability. OpenTulpa takes this seriously.
- Read-only and internal actions proceed directly โ no friction where there's no risk
- External writes, purchases, or costly actions require your explicit approval
- Unknown scope defaults to asking first
- Approvals are durable, single-use, and time-limited โ no stale blanket permissions
- Public exposure is limited to webhook and health routes; internal routes stay local/private
- All data stays on your infrastructure โ memory vectors in embedded local Qdrant, state in SQLite
For durable deploys, mount /app/.opentulpa so skills, approvals, checkpoints, and memory survive redeploys.
Your digital employee shouldn't cost more to run each day than it saves you. OpenTulpa separates stable prompt prefixes from turn-specific context so supported providers can reuse cached segments instead of re-billing the same instructions every turn.
| Provider | Caching Strategy |
|---|---|
| Anthropic/Claude | Request-level cache control |
| Gemini | Per-message cache breakpoints on stable prefix |
| OpenAI-compatible | Automatic caching (no explicit markers needed) |
Controlled via AGENT_PROMPT_CACHING_ENABLED.
OpenTulpa ships as a ready-to-run digital employee and a reference architecture you can reshape to fit your operation.
- Add tools in the tool registry
- Add routes under
src/opentulpa/api/routes - Add interfaces under
src/opentulpa/interfaces - Extend approval logic through the policy and broker layers
- Add durable skills instead of hardcoding workflows into prompts
If you've been looking for a persistent, guarded, tool-using agent runtime that you actually own and can modify โ one that works more like an employee than a chatbot โ this is it.
| ๐ Architecture | How the internals fit together |
| ๐ Deployment | Production deploy checklist |
| ๐ฌ Chat Cookbook | Example conversations and patterns |
| ๐ก๏ธ External Tool Safety Checklist | Guidelines for connecting external tools safely |
Stop re-explaining. Start delegating.
Hire your digital employee in 30 seconds โ