nanobot
Nanobot is a lightweight, MIT-licensed open-source AI agent framework written in Python that lets you build personal AI assistants with web UI, multi-channel chat integration, tool calling, and memory. It supports multiple LLM providers (OpenAI, Claude, local models) and includes features like Model Context Protocol (MCP), automation, and deployment options.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | HKUDS/nanobot |
| Owner | HKUDS |
| Primary language | Python |
| License | MIT — OSI-approved |
| Stars | 45.1k |
| Forks | 8k |
| Open issues | 914 |
| Latest release | v0.2.2 (2026-06-23) |
| Last updated | 2026-07-08 |
| Source | https://github.com/HKUDS/nanobot |
What nanobot is
Python-based AI agent framework with core agent loop, WebUI (bundled), multi-channel chat adapters (Telegram, Discord, Slack, WeChat, etc.), tool execution, MCP support, model routing/fallback, memory management, and deployment via gateway. Requires Python ≥3.11 and supports OpenAI-compatible endpoints.
Get the nanobot source
Clone the repository and explore it locally.
git clone https://github.com/HKUDS/nanobot.gitcd nanobot# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Python ≥3.11 required; use `uv pip` or standard pip for dependency installation. Bundled WebUI simplifies single-machine deployment.
- Multi-provider setup demands API keys (OpenAI, Claude, Anthropic, etc.) with fallback model configuration for reliability.
- Chat adapter integration is channel-specific (Telegram webhooks, Discord bots, Slack apps); each requires separate credential/permission setup.
- MCP and tool definitions need JSON/YAML configuration; custom tools require Python function wrapping and schema definition.
- Memory and session persistence stored locally by default; scale considerations for long-running agents or multi-user scenarios not clearly documented.
When to avoid it — and what to weigh
- High-Security/Compliance-Sensitive Environments — Data handling, encryption, audit logging, and compliance certifications are not clearly documented. Avoid for regulated industries (finance, healthcare, PII-heavy) without security review.
- Enterprise-Grade SLA Requirements — No mention of uptime SLAs, commercial support contracts, or incident response. Not suitable if you need guaranteed support or production-critical deployments.
- Minimal Code/Configuration Tolerance — Setup requires Python environment, dependency management (via uv/pip), and configuration files. Non-technical users should use the documented 'Start Without Technical Background' path; others may find it complex.
- Isolated/Air-Gapped Deployments — Architecture assumes internet access for LLM providers, web tools, MCP connections, and updates. Air-gapped or offline-first environments will face limitations.
License & commercial use
MIT License: permissive, allows commercial use, modification, distribution, and private use with attribution. No warranty or liability.
MIT permits commercial use without royalty or special permission. However, no commercial support, SLA, or indemnity is documented. For production use, review the project's governance (maintainer capacity, community stability) and consider a support agreement with maintainers or community if available.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Strong |
| Assessment confidence | High |
No security audit, penetration test, or vulnerability disclosure policy mentioned. API key management relies on environment variables and config files—standard practice but not hardened. Chat adapters (Telegram webhooks, etc.) and web tool access require careful rate limiting and input validation. Session/file permissions and MCP execution sandbox not clearly detailed. Recommend: threat modeling, input sanitization, API key rotation, and network isolation for sensitive use cases before production.
Alternatives to consider
LangChain / LangGraph
Mature Python frameworks for LLM app composition; larger community, more integrations, but heavier and more complex for simple agents.
OpenAI Assistants API
Managed, hosted alternative with file/tool integration; vendor-locked to OpenAI, but no local infrastructure or deployment needed.
Anthropic's Agents (Claude + tool use)
Lightweight, focused on Claude; simpler but less flexible for multi-provider or local-model scenarios than nanobot.
Build on nanobot with DEV.co software developers
Nanobot is ideal for teams wanting lightweight, flexible AI automation without vendor lock-in. Start with the Quick Start guide, review security and deployment considerations for production, and evaluate community support fit for your use case.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
nanobot FAQ
Can I run nanobot fully offline?
What LLM providers does nanobot support?
Is there commercial support or SLA?
How do I secure API keys and sensitive data?
Custom software development services
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If nanobot is part of your ai frameworks roadmap, our team can implement, customize, migrate, and maintain it.
Ready to Build Your AI Agent?
Nanobot is ideal for teams wanting lightweight, flexible AI automation without vendor lock-in. Start with the Quick Start guide, review security and deployment considerations for production, and evaluate community support fit for your use case.