DEV.co
AI Frameworks · AstrBotDevs

AstrBot

AstrBot is an open-source Python-based AI agent platform that integrates with messaging apps (QQ, Telegram, WeChat, Slack, etc.) and LLMs to build conversational AI. It supports plugins, knowledge bases, and agent frameworks via a web UI and offers sandbox execution for safe code/shell operations.

Source: GitHub — github.com/AstrBotDevs/AstrBot
36k
GitHub stars
2.5k
Forks
Python
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryAstrBotDevs/AstrBot
OwnerAstrBotDevs
Primary languagePython
LicenseAGPL-3.0 — OSI-approved
Stars36k
Forks2.5k
Open issues1.3k
Latest releasev4.26.5 (2026-07-07)
Last updated2026-07-07
Sourcehttps://github.com/AstrBotDevs/AstrBot

What AstrBot is

Python 3.12+ framework providing multi-platform IM connectors, LLM orchestration (OpenAI, Gemini, Llama, etc.), MCP support, plugin architecture (1000+ available), agent sandbox for isolated execution, and auto-context compression. Deployable via Docker, uv, or cloud platforms.

Quickstart

Get the AstrBot source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/AstrBotDevs/AstrBot.gitcd AstrBot# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Multi-Platform Conversational AI

Deploy a single AI agent across QQ, Telegram, Slack, WeChat, and other IM platforms without platform-specific logic, reducing development overhead for teams managing multiple channels.

Enterprise Knowledge Base & Agent Workflows

Build internal AI assistants with integrated knowledge bases, skill automation, and proactive agent capabilities for customer service, HR automation, or internal knowledge management.

Plugin-Driven Bot Marketplace

Leverage 1000+ community plugins for rapid feature extension (web search, data integration, external APIs) without maintaining custom code.

Implementation considerations

  • AGPL-3.0 license: any modifications or derivative deployments must be open-sourced; review legal/compliance before use in proprietary products.
  • 1,298 open issues and high fork count suggest active development but potential stability gaps; test thoroughly on target IM platforms before production.
  • Requires uv (package manager) or Docker for deployment; ensure team familiarity with Python 3.12+, async I/O, and plugin lifecycle management.
  • LLM integration is by-bring-your-own-key (OpenAI, Gemini, etc.); no bundled model; cost scales with API usage and context length.
  • Sandbox execution adds complexity; validate resource limits, timeout handling, and isolation for untrusted code execution scenarios.

When to avoid it — and what to weigh

  • Closed-Source or Proprietary Requirement — AGPL-3.0 licensing requires source code disclosure and derivative works to remain open. If you cannot publish modifications or need permissive commercial licensing, this is unsuitable.
  • High Security/Compliance Constraints — No explicit audit trail, SOC 2, or HIPAA compliance mentioned. Code/shell sandbox execution presents attack surface; requires threat modeling for regulated data (healthcare, finance).
  • Single-Platform, Lightweight Requirement — Overhead of multi-platform abstraction, plugin system, and agent orchestration may be excessive for a simple single-channel bot. Consider a purpose-built lightweight library instead.
  • Limited Python Ecosystem in Your Stack — Python-only implementation; integration with JVM, Go, or .NET applications requires API/RPC bridges, adding operational complexity.

License & commercial use

AGPL-3.0 (GNU Affero General Public License v3.0). This is a strong copyleft license. Any modifications or network-distributed versions must disclose source and remain open-source. Use only with explicit legal review if commercial, proprietary, or embedded in closed-source products.

AGPL-3.0 permits use but requires: (1) all modifications be open-sourced; (2) if deployed as a service, source code must be offered to users. Commercial support/licensing from maintainers is not described in provided data. **Requires review with your legal team before commercial deployment.**

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Agent sandbox for code/shell execution is a security feature but also an attack surface. No mention of input validation, prompt injection mitigations, or LLM jailbreak protections. Plugin ecosystem introduces supply-chain risk (1000+ plugins of unknown provenance/maintenance). Code execution from untrusted sources (e.g., user-provided agents) requires strict isolation, resource limits, and monitoring. Assess threat model against LLM output, plugin code, and user input before production.

Alternatives to consider

Dify

Closed-UI agent/workflow builder; emphasizes enterprise SaaS deployment and visual orchestration over self-hosting; may require licensing.

LangChain / LangGraph

Python LLM framework focused on agent chains and tool use; more modular and lightweight but lacks built-in IM integrations and requires custom platform adapters.

n8n

Visual no-code workflow automation with LLM support; easier onboarding for non-technical users but less customizable for agent-specific logic.

Software development agency

Build on AstrBot with DEV.co software developers

Review the full documentation at astrbot.app, assess AGPL-3.0 licensing implications with your legal team, and deploy via Docker or uv. Start with a non-production test on your IM platform.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

AstrBot FAQ

Can I use AstrBot commercially?
AGPL-3.0 permits use but requires all modifications and network-deployed instances to be open-sourced. Proprietary deployment is not allowed without a commercial license from the maintainers (not mentioned in provided data). Consult legal counsel before commercial use.
Does AstrBot include LLMs?
No. AstrBot is an orchestration framework. You supply API keys (OpenAI, Gemini, Llama via Ollama, etc.). Costs are incurred from your LLM provider.
How stable is AstrBot for production?
Active development (35k stars, recent releases) but 1,298 open issues suggest ongoing bug fixes and feature work. Test on your target platforms before production. Enterprise SLAs or support are not mentioned.
Is AstrBot secure for user data?
No explicit security audit, HIPAA, or SOC 2 certification provided. Plugin ecosystem and sandbox execution introduce supply-chain and code-execution risks. Assess threat model, data handling, and isolation carefully before handling sensitive data.

Custom software development services

DEV.co helps companies turn open-source tools like AstrBot into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your ai frameworks stack.

Ready to Deploy Multi-Platform AI?

Review the full documentation at astrbot.app, assess AGPL-3.0 licensing implications with your legal team, and deploy via Docker or uv. Start with a non-production test on your IM platform.