Skip to main content

Roadmap

Current Status

Current Version: v2.7.2 (May 2026 — installer hotfix on top of v2.7.1)

WASP is in active production deployment and now publishable as a self-hostable OSS project. All systems below are complete and operational.

Completed Systems

  • Event-driven architecture (Redis Streams, consumer groups, at-least-once delivery)
  • Goal Engine with TaskGraph execution (DAG, plan critic, plan lock, duplicate detection)
  • Dual-layer planning (PlanGenerator + PlanCritic LLM validation)
  • 37 built-in skills across 5 capability levels
  • Custom Python skill creation and management via skill_manager
  • Skill Evolution (automatic synthesis from recurring patterns, AST validation)
  • 41 scheduler background jobs (health, learning, perception, pruning, weekly DB maintenance)
  • 18 memory systems (episodic, semantic, procedural, visual, vector, KG, self-model, temporal, goal-scoped, ranked retrieval, reflection, behavioral rules, learning examples, consolidation log, recovery memory, skill patterns, entity states, state predictions)
  • Memory ranking (composite score: 0.5×similarity + 0.3×recency + 0.2×importance)
  • Knowledge Graph with Redis cache (rule-based NLP extraction)
  • Temporal World Model (world_timeline table, price/state extraction, trend detection)
  • Multi-agent orchestration (AgentOrchestrator, AgentRuntime, CapabilitySandbox, inter-agent bus)
  • Background Consolidation (memory consolidation, KG enrichment, LLM reflection, failure pattern analysis)
  • Autonomous Goal Generator (proactive LLM-evaluated goal creation, rate limited)
  • Background Perception (crypto price monitoring, KG-sourced assets)
  • Behavioral Learning Loop (correction detection, LLM rule synthesis, dedup + conflict detection)
  • Epistemic State tracking (domain confidence, symmetric ±0.015 calibration)
  • Self-Integrity Monitor (6h cross-check of self-model vs actual performance)
  • Cognitive Pressure Index (composite 0–100 metric, actuator guard at >80)
  • Opportunity Engine (proactive automation suggestions from episodic pattern detection)
  • Self-Reflection Engine (goal-level post-mortem insights, Redis TTL 7d)
  • Resource Governor (Redis-backed rate limiter: goal slots, LLM budget, API caps)
  • Decision Layer (pre-LLM heuristic classifier, 5 strategies, 13 fast-paths)
  • Response Validation & Recovery Engine (deterministic validator, 2-retry auto-recovery, RecoveryMemory)
  • Response Grounding Engine (9 checks: weak response, generic phrase, status marker, intent evidence gate, anti-hallucination guard)
  • DomainLock Hardening (root normalization, semantic category guards, immutable anchor, cross-turn stale lock clearance)
  • Active Flow Context Lock (per-chat Redis state, TTL 15min, cross-domain hallucination prevention)
  • Planning Mode Hard Override (5-layer execution block, zero skills when "don't execute")
  • Universal Response Contract (response-type detection, type-specific structure rules)
  • Intent Completeness Engine (4-strategy multi-part extraction, one completeness retry)
  • Voice/Audio Input (Telegram voice → Whisper transcription → full pipeline)
  • Video Input (Telegram video → ffmpeg first frame → vision pipeline)
  • Universal Interaction Validation Layer (pre-click target validation, post-click interference detection, result-state confirmation, validated screenshot capture)
  • div-button SPA Support (React/Vue <div> as submit button)
  • Browser Session Lifecycle (idle reaper daemon, 300s timeout, CPU: 81% → 0.25%)
  • Browser URL blocklist (file://, javascript:, data:, vbscript:, RFC-1918, loopback, cloud metadata)
  • Multilingual Auto-Detect (10 languages: EN/ES/PT/FR/DE/ZH/JA/KO/AR/RU; localized fallback responses)
  • Domain Drift Protection (browser→crypto/email substitution detection, should_retry=False on confirmed substitution)
  • HealthState Adaptive Execution (CPU/RAM/latency-based light mode hint injection)
  • SaccadicVision Change Detection Daemon (2s SHA-1 polling, browser content change events)
  • Consolidation Failure Pattern Analysis (7-day audit error classification into FailurePattern records)
  • Self-Improve Soft Safety Gate (deterministic pattern gate, BLOCK/WARN/ALLOW, 13 safety-weakening patterns)
  • Self-Improve SHA-256 sidecar integrity (tamper detection for persisted patches)
  • 40+ integration connectors (Slack, Discord, GitHub, Telegram, Notion, Gmail, smart home, etc.)
  • 11 LLM providers (Anthropic, OpenAI, Google, xAI, Mistral, DeepSeek, Moonshot/Kimi, OpenRouter, Perplexity, HuggingFace, Ollama local)
  • Dashboard v2.5 restructuring (5 sections, 24 pages, 5 new dedicated pages)
  • Config Center (prime.md live editor, 12 feature flags, Redis config:overrides persisting across restarts)
  • CSRF protection, audit logging (keyset pagination), secret redaction
  • Self-Repair (SelfHealer) + Self-Improvement (code patching, surgical edits, package install)
  • Sovereign Mode (MAX_SKILL_ROUNDS=12, doubled cognitive budgets)
  • deep_scraper built-in (Playwright/Crawlee, SSRF-protected, YouTube transcripts)
  • Audit Log Retention job (daily bounded deletion, configurable retention window)
  • Bounded Redis streams (maxlen=10000 on all xadd() calls)
  • PEL zombie recovery (xautoclaim at startup clears idle pending entries)
  • Composite DB index on audit_log(chat_id, timestamp)
  • Panic Reset page (hard-confirmation UI, 17 table wipe, VACUUM FULL, AuditLog entry)
  • SSRF protection on fetch_url (matches http_request protection)
  • Self-improve syntax validation + backup (ast.parse + timestamped backup before overwrite)
  • Shell audit logging (every invocation logged with redacted command and goal context)
  • Behavioral rule conflict detection (negation-word analysis, 35% overlap threshold)
  • Health dashboard: learning queue depth (visual thresholds at ≥20 and ≥40)
  • Boot model liveness ping (8s timeout, shows "live ✓" / "unreachable ✗" in boot message)
  • Weekly VACUUM ANALYZE (db_maintenance job, AUTOCOMMIT, no table locking)
  • Low-Intent Cold-Start Guard (deterministic clarification fast-path for single-token, emoji-only, and context-required input without anchor)
  • Multi-URL Aggregator Error: prefix detection (SSRF-blocked URLs labeled ❌ even when success=True)
  • Agent Name Preservation non-greedy regex (3 patterns with {0,4}? + lookahead stop-set)
  • Schedule Honesty Bidirectional (clock-time + daypart user-side disclaimer when interval-only task created)
  • Markdown Link Sanitizer ([text](url) collapses to readable text (url) form)
  • Entity-Proximity Verdict Check (200-char window between user-named entity and verdict word)
  • One-line public installer (install.sh cross-distro: Debian/Ubuntu, RHEL/AlmaLinux/Rocky, Fedora, Arch, openSUSE, Alpine, macOS, Windows via WSL2)
  • Allowlist tarball build (scripts/build-release.sh refuses to package operator-specific identifiers; 2.1 MB clean public archive)
  • Cross-distro installer hardening (Alpine hostname -I fallback, AlmaLinux dnf --allowerasing, top-level install-dir df fix)
  • Fail-closed Telegram bridge (refuses to start without TELEGRAM_ALLOWED_USERS; no public-bot mode, no escape hatch)
  • Gmail recipient allowlist (GMAIL_RECIPIENT_ALLOWLIST defense vs prompt-injection-driven exfiltration)
  • Self-improve dry_run (preview write/patch as unified diff + AST verdict without touching the file)
  • Centralized SSRF guard (utils/network_safety.py with DNS-rebinding protection + manual redirect re-validation; applied to http_request, fetch_url, scrape, monitors, subscriptions)
  • Dashboard SPA navigation fixes (path+query URL compare for tabs/filters/pagination; IIFE wrap of re-injected scripts to survive same-page const re-declarations)
  • CheckIn fresh-install guard (proactive ¿Necesitas ayuda? no longer fires on installs with zero episodic memory)
  • Public test coverage of Experimental subsystems (38 new tests for learning / procedural / behavioral / consolidation)

Planned Features

Near-Term

Vector Memory Enhancement

  • Automatic embedding model pull on first enable
  • Cross-session semantic memory search with auto-clustering
  • Hybrid retrieval (vector + BM25 keyword)

Text-to-Speech Responses

  • Voice responses via Telegram
  • Wake word detection for local deployment

Structured Output Validation

  • JSON schema validation for skill outputs
  • Type-safe skill parameter validation at registration time

Medium-Term

MCP (Model Context Protocol) Full Support

  • Connect to any MCP server as a skill source
  • MCP server hosting (expose WASP skills as MCP)
  • Dynamic tool discovery from MCP endpoints

Multi-Modal Memory

  • Store and retrieve audio, video, and document content
  • Cross-modal search (text → finds related images)

Workflow Builder

  • Visual workflow editor in the dashboard
  • Trigger-based automation (webhook → goal)
  • Scheduled workflow templates

Enhanced Security

  • Skill sandboxing via container isolation (separate process per skill)
  • Fine-grained permission model per user
  • Hardware token support for dashboard auth

Long-Term

Meta-Agent Architecture (v2)

  • Fully autonomous agent team coordination
  • Hierarchical goal decomposition
  • Cross-agent memory sharing with privacy controls

Federated Deployment

  • Multiple WASP instances coordinating
  • Distributed goal execution across nodes

Plugin Marketplace

  • Community skill packages
  • One-click skill installation via ClawHub

Version History

VersionKey Features
Phase 1–6Core agent, skills, memory, scheduler
Phase 7Health monitor, self-repair, introspector
Phase 8Security hardening, dashboard, CSRF
Phase 9Agent freedom: shell, python, browser skills
Phase 10–16Cognitive systems: KG, temporal, epistemic, consolidation
Phase 17Multi-agent orchestration v1
Phase 18QA/SRE audit, 208 tests
v1.5Skill evolution, world model, behavioral learning, CPI, integrity monitor
v1.6Sovereign mode, autonomous goals, self-improvement, decision layer foundation
v1.7Opportunity Engine, Self-Reflection Engine, Resource Governor
v1.8Multi-agent v2, AgentManagerSkill, Goal Priority Axis
v1.9Response Validation & Recovery, Voice/Audio input, Behavioral Learning Loop
v2.0Active Flow Context Lock, Planning Mode Override, Response Contract, Intent Completeness
v2.1Browser Session Reaper, Multilingual Auto-Detect, Domain Drift Protection, production audit
v2.2deep_scraper built-in, dashboard streaming, 37 skills, 21-bug audit
v2.3Universal Interaction Validation, div-button SPA, enforcement loop fix
v2.4Response Grounding Engine (9 checks), DomainLock hardening
v2.5Dashboard restructuring, 5 new pages, Config Center, HealthState, SaccadicVision, consolidation failure analysis, 11-fix audit
v2.6Panic Reset, SSRF on fetch_url, shell audit logging, behavioral conflict detection, weekly VACUUM ANALYZE, boot liveness ping, 10-fix hardening pass + Edge Fix Pass (low-intent guard, multi-URL aggregator, agent name preservation, schedule honesty bidirectional, markdown link sanitizer, entity-proximity verdict)
v2.7First public OSS release. One-line cross-distro installer (8 Linux flavors + macOS + WSL2). Allowlist tarball build with forbidden-pattern scan. Fail-closed Telegram bridge (no public-bot mode). Gmail recipient allowlist. Self-improve dry_run. Centralized SSRF guard. Dashboard SPA navigation fixes (tab bars + filter pills + pagination across all list pages). CheckIn fresh-install guard. 622 tests passing. Docker socket removed from agent-core public default.

Contributing

WASP is under active development. The codebase is structured for extensibility:

  • New skills: Add to src/skills/builtin/ or via skill_manager
  • New scheduler jobs: Add callable class to src/scheduler/ and register in main.py
  • New connectors: Add to src/integrations/connectors/ and register in main.py
  • New memory types: Add module to src/memory/ and inject into build_context()

See Extending WASP for implementation guides.